Abstract
The current work focuses on the issue of receiver access control in the context of the Protocol Independent Multicast (PIM) protocol. Currently, a host within a subnet can request the multicast router to join any multicast group without that host being authenticated and authorized to join. This (unauthorized) join-request results in the multicast distribution tree being extended towards that subnet, which opens the possibility of attacks. In such an attack, the malicious user/host intentionally extends or “pulls” the tree towards its subnet, effecting a wastage in resources and state within all the affected routers. In this case, the end-to-end encryption of the multicast data does not provide any help, since the (encrypted) packets still flows down the distribution tree to the malicious host. The current work analyzes this problem closer in the context of PIM Sparse Mode (PIM-SM) and offers a solution. The proposed approach also complements the recent developments in IGMPv3 [1] and the Express multicast model of [2].
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
B. Cain, S. Deering, and A. Thyagarajan, “Internet group management protocol version 3,” Nov 1999. draft-ietf-idmr-igmp-v3-02.txt (Work in Progress).
H. Holbrook and D. Cheriton, “IP multicast channels: EXPRESS support for large-scale single-source applications,” in Proceedings of ACM SIGCOMM’99, (Cambridge, MA), pp. 65–78, ACM, 1999.
S. Deering, “Host extensions for IP multicasting,” RFC 1112, IETF, 1989.
D. Waitzman, C. Partridge, and S. Deering, “Distance vector multicast routing protocol,” RFC 1075, IETF, 1988.
T. Ballardie, P. Francis, and J. Crowcroft, “Core based trees: An architecture for scalable inter-domain multicast routing,” in Proceedings of ACM SIGCOMM’93, (San Francisco), pp. 85–95, ACM, 1993.
J. Moy, “Multicast extensions to OSPF,” RFC 1584, IETF, 1994.
S. Deering, D. Estrin, D. Farinacci, M. Handley, A. Helmy, V. Jacobson, C. Liu, P. Sharma, D. Thaler, and L. Wei, “Protocol Independent Multicast — Sparse Mode: Motivations and architecture,” Aug 1998. draft-ietf-pim-arch-05.txt (Work in Progress).
L. Wei, “Authenticating PIM version 2 messages,” July 1999. draft-ietf-pim-v2-auth-00.txt (Work in Progress).
T. Hardjono and B. Cain, “Simple key management protocol for PIM,” Mar 1999. draft-ietf-pim-simplekmp-00.txt (Work in Progress).
S. Kent and R. Atkinson, “IP authentication header,” RFC 2402, IETF, Nov 1998.
C. Madsen and R. Glenn, “The use of HMAC-MD5-96 within ESP and AH,” RFC 2403, IETF, Nov 1998.
R. L. Rivest, “The MD5 message digest algorithm,” RFC 1321, IETF, Apr 1992.
C. Madsen and R. Glenn, “The use of HMAC-SHA-1-96 within ESP and AH,” RFC 2404, IETF, Nov 1998.
RSA Laboratories, “PKCS1: RSA encryption standard,” 1993.
T. Hardjono, R. Canetti, M. Baugher, and P. Dinsmore, “Secure IP multicast: Problem areas, framework and building blocks,” Nov 1999. draft-irtf-smug-framework-00.txt (Work in Progress).
T. Hardjono, B. Cain, and N. Doraswamy, “A framework for group key management for multicast security,” Feb 1999. draft-ietf-ipsec-gkmframework-01.txt (Work in Progress).
H. Harney and E. Harder, “Group security association key management protocol,” Apr 1999. draft-harney-sparta-gsakmp-sec-00.txt (Work in Progress).
T. Hardjono, B. Cain, and I. Monga, “Intra-domain group key management protocol,” Jul 1999. draft-ietf-ipsec-intragkm-01.txt (Work in Progress).
C. K. Wong, M. Gouda, and S. Lam, “Secure group communications using key graphs,” in Proceedings of ACM SIGCOMM’98, ACM, 1998.
D. Farinacci, Y. Rekhter, D. Meyer, P. Lothberg, H. Kilmer, and J. Hall, “Multicast Source Discovery Protocol (MSDP),” Jan 2000. draft-ietf-msdp-spec-03.txt (Work in Progress).
T. Hardjono and B. Cain, “PIM-SM security: Interdomain issues and solutions,” in Communications and Multimedia Security (CMS’99) (B. Preneel, ed.), (Leuven, Belgium), Kluwer, 1999.
B. Cain, T. Speakman, and D. Towsley, “Generic router assist (GRA) building block: Motivation and architecture,” Oct 1999. draft-ietf-rmt-gra-arch-00.txt (Work in Progress).
B. Whetten, M. Basavaiah, S. Paul, and T. Montgomery, “RMTP-II specification,” Apr 1998. draft-whetten-rmtp-ii-00.txt (Work in Progress).
T. Hardjono and B. Whetten, “Security requirements for RMTP-II,” Nov 1999. draft-ietf-rmtp-ii-sec-00.txt (Work in Progress).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Hardjono, T. (2000). RP-Based Multicast Receiver Access Control in PIM-SM. In: Pujolle, G., Perros, H., Fdida, S., Körner, U., Stavrakakis, I. (eds) Networking 2000 Broadband Communications, High Performance Networking, and Performance of Communication Networks. NETWORKING 2000. Lecture Notes in Computer Science, vol 1815. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45551-5_11
Download citation
DOI: https://doi.org/10.1007/3-540-45551-5_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67506-8
Online ISBN: 978-3-540-45551-6
eBook Packages: Springer Book Archive