multicast security
DESCRIPTION
Multicast Security. With credit to Yuken Goto. Multicast. Transmits a packet to a group of receivers When sending the same data to multiple receivers, multicast minimizes: Link bandwidth consumption Sender and router processing Delivery delay. Multicast. Multiple unicasts. Multicast. - PowerPoint PPT PresentationTRANSCRIPT
Multicast Security
With credit to Yuken Goto
Multicast
• Transmits a packet to a group of receivers
• When sending the same data to multiple receivers, multicast minimizes:– Link bandwidth consumption– Sender and router processing– Delivery delay
Multicast
Multicast
IP Multicast Addresses
• Each group is identified by an IP address– Any group size– Sender sends a multicast packet in the same way as sendi
ng a unicast packet
• Members of groups may be located anywhere in the Internet
• Members can join and leave at will• Senders need not be members• Class D IP addresses:
– 1110[28 bits group ID]
Multicast
• Components of IP Multicast Architecture– Host-to-router protocol
• IGMP(Internet group management protocol)
– Multicast routing protocols• Various protocols
How IGMP Works
• One router is elected the “querier” on each link
• Querier periodically sends Membership Query message “Are you a member of any multicast?” to all-systems group (224.0.0.1) with TTL=1
• Hosts start random timers (0,10 sec) for each multicast group to which they belong
How IGMP Works
• When host’s timer for group G expires, it sends a Membership Report to group G with TTL=1
• Other members of G hear the report, stop their timers
• Routers do not need to know who all the members are, only that members exist
Multicast protocol
• Nice to have these things for multicast– Scalability– Reliability– Flow control– Congestion control– SecuritySecurity
• Individual authentication• Key revocation• Others
Characteristics of Multicast Group
• Group size– 100? Several millions?
• Membership dynamics– Static, known in advance?– Join only, or members are allowed to leave?– How frequently the group changes?– Lifetime of a group
• Minutes, days or unbounded?
Characteristics of Multicast Group
• Number and type of senders– Single sender, several or all?– Are non-members allowed to send data?
• Member characteristics– Computing power– On-line at all time?
• Volume and type of traffic
Basic Security Requirements
• Secrecy (within the group)• Authenticity
– Group authenticity– Individual authenticity
• Anonymity• Non-repudiation• Access control
– Usage amount (for billing)• Service availability
Performance
• Latency and work overhead per sending/receiving data packets
• Bandwidth overhead incurred by inflating the data packets via cryptographic transformations
• Group Initialization• Member addition & deletion• Peak sign-on/sign-off times
Scenario 1single source broadcast
• Very large number of recipients• Source = top-end machine
– Maybe parallelized or split to several sources in different locations
• Dynamic membership• High volume of sign-on/off at peak times• Need to prevent non-member from using the
service (though no real secrecy requirement)• A leaving member must lose its ability to decrypt
Scenario 2virtual conference
• Number of members may not be as large as broadcast scenario
• Similar computational resources– Signing data packets may be prohibitively slow
• Most, or all, members may wish to transmit data• Group is short-lived• Usually static membership• Authenticity of data and sender is crucial
Individual Authenticationsingle sender case
sender
Has l keys
recipient
Subset of l keys
recipient
Subset of l keys
Individual Authenticationsingle sender case
sender
Has l keys
Data l MACs
1-bit MACs are computed from the data with l different keysEfficient because the data is hashed to a short string before MACedEfficient (in terms of both computation and communication overhead) because its only single bit per key
Individual Authenticationsingle sender case
recipient
Subset of l keys
recipient
Subset of l keys
Data l MACs
Individual Authenticationmultiple senders case
recipient
Subset of l keys
Sender
Subset of l keys
Data <l MACs
Global set of l keys
Recipient checks: (Sender’s set of keys)U(Recipient’s set of keys)
User Revocation
• When a user joins– All existing members receive a new key via sec
ure multicast– The new user receives the new key via secure u
nicast connection– So that new user cannot access communication
prior to its join– How about when user leaves?
User Revocation
• Straightforward approach– Central server establishes secure unicast connec
tion with every remaining member and passes the new group key
• Divide and Conquer approach– Tree Based Scheme
User RevocationA Tree Based Scheme
Group Key K
K0 K1
K00 K01 K10 K11
K000
User 0
K001
User 1
K010
User 2
K011
User 3
K100
User 4
K101
User 5
K110
User 6
K111
User 7
User 0 has K, K0, K00 and K000.
User RevocationA Tree Based Scheme
Group Key K
K0 K1
K00 K01 K10 K11
K000
User 0
K001
User 1
K010
User 2
K011
User 3
K100
User 4
K101
User 5
K110
User 6
K111
User 7
User 0 is going to be removed
New group key K’
User RevocationA Tree Based Scheme
• For User 4 through 7, we can use K1 to deliver new group key K’
• For User 2 and 3, we can use K01 to deliver K0’• For User 1, we need to use K001 to deliver K00’
and K0’• Now we can use K0 to deliver K’ to User 1
through 3• Total 4 key deliveries instead of 7
The End