Multicast Security Issues and Solutions

Multicast Security Issues and Solutions

Outline Explain multicast and its applications Show why security is needed Discuss current security implementations Explain the different ways of doing multicast Go in-depth into key management

What is Multicast? Unicast Broadcast One-to-one communication One-to-all communication Multicast One-to-many communication Many-to-many communication

Applications of Multicast Online chat groups Streaming video/audio Videoconferencing Multiplayer games

Need for Security Protecting trade secrets Confidential chat Government use Pay-per-view Online auctions

Why Security is Hard Open group membership Everyone gets same packets Anyone can view or insert data into group No individualization or customization Senders need not be members Can’t control information that goes to the group

Security Solutions Authentication (senders and receivers) Access control (senders and receivers) Restrict membership Restrict who can send data Key management Identify the members of the group Provide confidentiality and integrity Fingerprinting Make each receiver’s data unique

IP vs. Application-Layer Multicast IP Multicast Network supported Minimum traffic Least control over access Application-Layer Multicast More versatile (no network support required) Full control over the group More network overhead

Group Key Management Basic schemes Hierarchical schemes Iolus, Logical Key Hierarchy Batch schemes GKMP, SMKD MARKS Trade-off schemes CVA, HySOR

Basic Key Distribution Single group key Pair-wise distribution Slow Non-scalable

Hierarchical Key Distribution Logical groups Central management Tree structure Isolation of keying Node hierarchies Sub-group managers

Batch Rekeying Reduce rekey operations Less overhead Sacrifice forward/backward secrecy

New Approach No group key Arbitrary message key Personal keys for each node Key encryption keys

New Approach Extreme hierarchical case Sub-group size of 1 Rekey isolation Take advantage of inherent topology

How it Works Certificates Personal keys Message keys Join/Leave operations

Advantages Highly scalable Fast rekey operations Low message overhead

Remaining Issues Vulnerable to Denial of Service Performance dependent on the overlay topology

Takeaway Points Wide range of applications Many require security Current approaches are insufficient Need a usable key management scheme

Resources http://www.cs.virginia.edu/ mngroup http://www.securemulticast.org/

References Paul Judge and Mostafa Ammar, Security Issues and Solutions in Multicast Content Distribution: A Survey, IEEE Network. January/February 2003. Germano Caronni, M.W., Dan Sun, Bernhard Plattner, Efficient Security for Large and Dynamic Multicast Groups. in IEEE 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, (1998). Guang-Huei Chiou, W.-T.C. Secure Broadcasting Using the Secure Lock. IEEE Transactions on Software Engineering, 15 (8). Suvo Mittra Iolus: A Framework for Scalable Secure Multicasting, Proceedings of the ACM SIGCOMM '97. September 1997.