Skip to main content

Advertisement

Springer Nature Link
Log in

IP multicast security: Issues and directions

SÉcuritÉ Du Protocole IP Multidestinataires: ProblÈmes et Tendances

  • Published:
Annales Des Télécommunications Aims and scope Submit manuscript

Abstract

Security represents one of the major current obstacles to the wider deployment of IP multicast. The present work identifies and discusses various concepts and issues underlying multicast security. A classification of the current issues is provided, covering some core problems, infrastructure problems, and certain complex applications that might be built atop secure ip multicast. Three broad core problems are defined, namely fast and efficient source authentication for high data-rate applications, secure and scalable group key management techniques and the need for methods to express and implement policies specific to multicast security. The infrastructure problem areas cover the issues related to the security of multicast routing protocols and reliable multicast protocols. The topic of complex application covers more advanced issues, typically relating to secure group communication at (or above) the session layer which may be built using an eventual secure multicast infrastructure. A brief summary of the relevant developments, including those in the ietf, is provided.

Résumé

La sécurité’constitue actuellement l’un des principaux obstacles à un large déploiement des communications à destinataires multiples sous le protocole IP. Le présent article identifie et discute divers concepts et problèmes concernant la sécurité des communications multidesti-nataires. Il fournit une classification des problèmes et traite certains problèmes centraux et d’infrastructure, ainsi que certaines applications complexes qui peuvent être mises en œuvre dans un environnement multidesti-nataires sécurisé. Trois problèmes centraux sont l’authentification rapide et efficace de la source pour des applications à haut débit de données, la gestion sûre et extensible des clés de groupe, l’expression et la mise en œuvre de politiques spécifiques de sécurité. Les problèmes d’infrastructure concernent la sécurité des protocoles de routage multidestinataires et des protocoles multidestinataires fiables. Les applications complexes sont des sujets plus évolués, concernant notamment la communication de groupe sûre au niveau de la couche session (ou au-dessus) que l’on peut mettre en œuvre en utilisant une éventuelle infrastructure multidestinataires sûre. L’article résume aussi les développements récents, y compris ceux au sein de l’IETF.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Deering (S.), “Host extensions for IP multicasting.”RFC 1112,IETF, 1989.

  2. Waitzman (D.), Partridge (C), Deering (S.). “Distance vector multicast routing protocol,”RFC 1075, ietf, 1988.

  3. Ballardie (T.), Francis (P.), Crowcroft (J.), “Core based trees: An architecture for scalable inter-domain multicast routing,”in Proceedings of ACM SIGCOMM’93, (San Francisco), pp. 85–95, ACM, 1993.

  4. Moy (J.), “Multicast extensions to ospf,”rfc 1584, ietf, 1994.

  5. Deering (S.), Estrin (D.), Farinacci (D.), Handley (M.), Helmy (A.), Jacobson (V), LIU (C), Sharma (P.), Thaler (D.), Wei (L.), “Protocol Independent Multicast — Sparse Mode: Motivations and architecture,” draft-IETF-pim-arch-05.txt (Work in Progress), Aug 1998.

  6. Fenner (W.), “Internet group management protocol version 2,”rfc 2236, ietf. 1997.

  7. Cain (B.), Deering (S.), Thyagarajan (A.), “Internet group management protocol version 3,” draft-ietf-idmr-igmp-v3-Oi.txt (Work in Progress), Feb 1999.

  8. Hardjono (T.), “Secure Multicast Group (SMuG) Reference Framework,” http://uuu.ipmulticast.com/community/smug (irtf Work in Progress), March 1999.

  9. Canetti (R.), Pinkas (B.), “A taxonomy of multicast security issues,” draft-canetti-secure-multicast-taxonomy-01. txt (Work in Progress), Nov 1998.

  10. Hardjono (T.), Cain (B.), Doraswamy (N.), “A framework for group key management for multicast security,” draft-IETF-ipsec-gkmframework-01.txt (Work in Progress), Feb 1999.

  11. Mittra (S.), “The lolus framework for scalable secure multicasting,”in Proceedings of ACM SIGCOMM’97, pp. 277–288, acm, 1997.

  12. Wallner (D.), Harder (E.), Agée (R.), “Key management for multicast: Issues and architectures,” draft-wallner-key-arch-01. txt (Work in Progress), Sept 1998.

  13. Shamir (A.), “How to share a secret,”Communications of the ACM, vol 22, n° 11, pp. 612–613. 1979.

    Article  MATH  MathSciNet  Google Scholar 

  14. Simmons (G.J.), “An introduction to shared secret and/or shared control schemes and their application,”in Contemporary Cryptology: The Science of Information Integrity (Simmons G.J., ed.), pp. 441–497, IEEE Press, 1992.

  15. Balenson (D.), McGrew (D.), Sherman (A.), “Key management for large dynamic groups: One-way function trees and amortized initialization.” draft-balenson-groupkeymgmt-oft-00. txt (Work in Progress). Feb 1999.

  16. Harney (H.), Muckenhirn (C), “Group key management protocol (GKMP) specification.”rfc 2093, ietf, July 1997.

  17. Harney (H.), Muckenhirn (C), “Group key management protocol (GKMP) architecture.”rfc 2094, ietf. July 1997.

  18. Harkjns (D.), Doraswamy (N.). “A secure scalable multicast key management protocol (mk.mp),” (Work in Progress), November 1997.

  19. Ballardie (T.), “Scalable multicast key distribution.”rfc 1949,ietf, 1996.

  20. Ballardie (A.), Cain (B.), Zhang (Z.), “Core Based Trees (cbt version 3) multicast routing,” draft-IETF-idmr-cbt-spec-v3-01. txt (Work in Progress), August 1998.

  21. Hardjono (T.), Cain (B.), Monga (I.), “Intra-domain group key management protocol,” draft-IETF-ipsec-intragkm-00.txt (Work in Progress), Nov 1998.

  22. Meyer (D.), “Administratively scope IP multicast,”rfc 2365,ietf, July 1998.

  23. Handley (M.), Thaler (D.), Estrin (D.), “The internet multicast address allocation architecture,” draft-handley-malloc-arch-00.txt (Work in Progress), Dec 1997.

  24. Canetti (R.), Cheng (P.), Pendarakis (D.), Rao (J.), Rohatgi (P.), Saha (D.), “An architecture for secure internet multicast.” draft-irtf-smug-sec-mcast-arch-00.txt (Work in Progress), Feb 1999.

  25. Harney (H.), Harder (E.), “Group security association key management protocol,” draft-harney-sparta-gsnkmp-sec-00.txt (Work in Progress). Apr 1999.

  26. Wong (C.K.), Gouda (M.), Lam (S.), “Secure group communications using key graphs,”in Proceedings of ACM SIGCOMM’9S, acm, 1998.

  27. Chang (I.), Engel (R.), Kandlur (D.), Pendarakis (D.), andSaha (D.), “Key management for secure internet multicast using boolean function minimization techniques,”in Proceedings of Infocom ’99, (New York), IEEE, March 1999.

    Google Scholar 

  28. Canetti (R.), Malkin (T.), Nissim (K.), “Efficient communication-storage tradeoffs for multicast encryption,”in Proceedings of Eurocrypt’99, Springer-Verlag, 1999.

  29. Harney (H.), Harder (E.), “Logical Key hierarchy (LKH) protocol, draft-harney-sparta-lkhp-sec-00.txt (Work in Progress), Mar 1999.

  30. Harney (H.), Harder (E.), “Multicast Security Management Protocol (MSMP) requirements and policy,” draft-harney-sparta-msmp-sec-00.txt (Work in Progress), Mar 1999.

  31. Harkins (D.), Carrel (D.), “The internet key exchange (IKE),”rfc 2409, ietf, Nov 1998.

  32. Kent (S.), Atkinson (R.), “Security architecture for the Internet Protocol,”RFC 2401, ietf, Nov 1998.

  33. Perlman (R.), “Network layer protocols with byzantine robustness”,Technical Report mit/lcs/tr-429, Massachusetts Institute of Technology, October 1988.

  34. Murphy (S.L.), Badger (M.R.), “Digital signature protection of ospf routing protocol,” inProceedings of the 1996 Network and Distributed System Security Symposium, (San Diego), Isoc, 1996.

  35. Heffernan (A.), “Protection of BGP sessions via the TCP md5 signature option,” draft-ietf-idr-bgp-tcp-md5-00.txt (Work in Progress), Mar 1998.

  36. Bates (T.), Bush (R.), Li (T.), Rekhter (Y.), “DNS-based nlri origin AS verification in bgp,” draft-bates-bgp4-nlri-orig-verif-00.txt (Work in Progress), Feb 1998.

  37. Murphy (S.), “bgp security analysis,” draft-murphy-bgp-secr-01.txt (Work in Progress), Aug 1998.

  38. Przygienda (T.), “bgp-4 md5 authentication,” draft-przygienda-bgp-md5-00.txt (Work in Progress), Nov 1997.

  39. Rekhter (Y), Li (T.), “A Border Gateway Protocol 4 (bgp-4),”rfc 1771, ietf, 1995.

  40. Murphy (S.), Badger (M.), Wellington (B.), “ospf with digital signatures,”RFC 2154, ietf, 1997.

  41. Moy (J.), ospf:Anatomy of an Internet Routing Protocol, Addi-son-Wesley, 1998.

  42. Moy (J.), ospf version 2,rfc 2328, ietf, 1998.

  43. Villamizar (C), Alaettinoglu (C), Meyer (D.), Murphy (S.), and Orange (C), “Routing policy system security,” draft-IETF-rps-auth-01.txt (Work in Progress), May 1998.

  44. HAuser (R.), Przygienda (T.), Tsudik (G.), “Reducing the cost of security in link-state routing,”in Proceedings of the 1997 Network and Distributed System Security Symposium, (San Diego), ISOC, 1997.

    Google Scholar 

  45. Smith (B.R.), Murthy (S.), Garcia-Luna-Aceves (J.J.), “Securing distance vector routing protocols,”in Proceedings of the 1997 Network and Distributed System Security Symposium, (San Diego), ISOC, 1997.

  46. Sirois (K.E.), Kent (ST.), “Securing the nimrod routing architecture,”in Proceedings of the 1997 Netmork and Distributed System Security Symposium, (San Diego), ISOC, 1997.

    Google Scholar 

  47. Ballardie (T.), Crowcroft (J.), “Multicast-specific security threats and counter-measures,”in Proceedings of the Symposium on Network and Distributed Systems Security - NDSS’95, (San Diego), ISOC, 1995.

    Google Scholar 

  48. Wei (L.), “Authenticating pim version 2 messages,” Nov 1998. draft-IETF-pim-v2-auth-00.txt (Work in Progress).

  49. Kent (S.), Atkinson (R.), “ip authentication header,”rfc 2402,ietf. Nov 1998

  50. Hardjono (T.), Cain (B.), “Simple key management protocol for pim, 7 draft-ietf-pim-simplelkmp-00.txt (Work in Progress), Mar 1999.

  51. Shields (C), Garcia-Luna-Aceves (J.), “khip — a scalable protocol for secure multicast routing,”in Proceedings of ACM SIGCOMM’99. acm, 1999. (To appear).

  52. Hardjono (T.), Whetten (B.), “Security requirements for RMTP-II,” draft-ielf-rmtp-ii-sec-00.txt (Unpublished Work in Progress), May 1999.

  53. Whetten (B.), Basavaiah (M.), Paul (S.), Montgomery (T.), “rmtp-II specification,” draft-whetten-RMTP-ii-00.txt (Work in Progress), Apr 1998.

  54. Smith (J.), Weingarten (F.), “Research challenges for the next generation internet,”Report from the Workshop on Research Directions for NGI, May 1997.

  55. Steer (D.), Strawczynski (L.), Diffie (W.), Wiener (M.), “A secure audio teleconference system,”in Advances in Cryptology,CRYPTO’88, August 1990.

  56. Fiat (A.), Naor (M.), “Broadcast encryption,”in Advances in Cryptology - CRYPTO’9S, August 1993.

  57. Burmester (M.), Desmedt (Y.), “A secure and efficient conference key distribution system,”in Advances in Cryptology-EUROCRYPT’94, May 1994.

  58. Just (M.), Vaudenay (S.), “Authenticated multi-party key agreement,”in Advances in Cryptology, EUROCRYPT96, May 1996.

  59. Steiner (M.), Tsudik (G.), Waidner (M.), “Diffie-Hellman key distribution extended to groups,”in ACM Symposium on Computer and Communication Security, March 1996.

  60. Steiner (M.), Tsudik (G.), Waidner (M.), “Cliques: A new approach to group key agreement,”in IEEE Conference on Distributed Computing Systems, May 1998.

  61. Ateniese (G.), Steiner (M.), and Tsudik (G.), “Authenticated group key agreement and friends,”in ACM Symposium on Computer and Communication Security, November 1998.

  62. Poovendran (R.), Corson (S.), Baras (J.), “A shared key generation procedure using fractional keys,”in IEEE Milcom 98, October 1998.

  63. Diffie (W.), Hellman (E.), “New directions in cryptography,”IEEE Tansactions on Information Theory, IT-22, n° 6, pp. 644–54, 1976.

  64. Berket (K.), Moser (L.), Melliar-Smith (P.), “The intergroup protocols: Scalable group communication for the internet,”in Proceedings of the 3rd Global Internet Mini-Conference, November 1998.

  65. Krawczyk (H.), Bellare (M.), Canetti (R.), “HMAC: Key hashing for message authentication,”RFC 2104, ietf, February 1997.

  66. Schnorr (C), “Efficient signature generation by smart cards,”Journal of Cryptology, 4, n°3, 1991.

  67. Camenisch (J.), Stadler (M.), “Efficient group signature schemes for large groups,” inAdvances in Cryptology, CRYPTO’97, 1997.

  68. Chaum (D.), van Heyst (E.), “Group signatures,”in Advances in Cryptology - EUROCRYPT’91, 1991.

  69. Camenisch (J.), “Efficient and generalized group signatures,”in Advances in Cryptology, EUROCRYPT’97, 1997.

  70. Ateniese (G.), Tsudik (G.), “Group signatures à la carte,”in ACM/S1AMSymposium on Discrete Algorithms (SODA ’99), Jannary 1999.

  71. Ateniese (G.), Tsudik (G.), “Some open problems and new directions in group signatures,”in Financial Cryptography ’99, February 1999.

  72. Petersen (H.), “How to convert any digital signature scheme into a group signature scheme,”in Security Protocols Workshop, 1997.

Download references

Author information

Authors and Affiliations

  1. Bay Architecture Laboratory, Nortel Networks, 3 Federal Street, BL3-O3, 01821, Billerica, MA

    Thomas Hardjono

  2. Department of Information and Computer Science, University of California, 92697-3425, Irvine, Irvine, CA, USA

    Gene Tsudik

Authors
  1. Thomas Hardjono
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gene Tsudik
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Thomas Hardjono or Gene Tsudik.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hardjono, T., Tsudik, G. IP multicast security: Issues and directions. Ann. Télécommun. 55, 324–340 (2000). https://doi.org/10.1007/BF02994841

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF02994841

Mots clés

Key words