Abstract
In this paper, we present an access control scheme for PIM-SM multicast domain. In order to avoid the overhead of digital signature algorithm, the proposed solution makes use of the Rendezvous Point to collect keys and implement a distributed shared-key based multicast access control system. As it supplies efficient host access control in PIM-SM domain, we name this scheme PIMac. Compared with the existing multicast admission control solutions, PIMac has following advantages: (1) support both receiver and sender access control; (2) realize host exclusion based on expire time; (3) compatibility with current PIM-SM protocol; (4) lower join latency; (5) anti-replay and DoS robustness; last but not least, (6) PIMac architecture is divided into two separated domains: AAA domain and multicast routing domain, entities in each domain do not rely on PKI interoperability or common secret to authenticate each other. The experimental results show that PIMac achieves flexible manageability and improves the performance of multicast access control systems effectively.
Similar content being viewed by others
References
Aura, T. (2003). Cryptographically generated addresses (CGA), Internet Engineering Task Force (IETF), REC 3972, March 2005
Almeroth K., Ammar M. (1996) Collecting and modelling the join/leave behaviour of multicast group members in the MBone, IEEE HPDC 96. IEEE Press, Syracuse, pp 209–216
Ballardie, T., & Crowcroft, J. (1995). Multicast-specific security threats and counter-measures. IEEE Symposium on Network and Distributed System Security.
Cain, B., Deering, S., Kouvelas, I., Fenner, B., & Thyagarajan, A. (2002). Internet group management protocol, version 3, RFC 3376.
Castelluccia, C., & Montenegro, G. (2003). Securing group management in IPv6 with cryptographically based addresses. In Proc. 8th IEEE int’l. symp. comp. and commun., Turkey (pp. 588–593), July 2003.
Fenner, B., et al. (2004). Protocol independent multicast-sparse mode (PIM-SM): Protocol specification (Revised), Internet draft, draft-ietf-pim-sm-v2-new-11.txt.
Hardjono, T. (2000). Router-assistance for receiver access control in PIM-SM. In Proc. IEEE int’l. symp. comp. commun. (ISCC), Antibes, France (pp.687–692), July 2000.
Islam, S., & William Atwood, J. (2006). A framework to add AAA functionalities in IP multicast. In Advanced international conference on telecommunications, Guadeloupe, French Caribbean, February 2006.
Islam, S., & William Atwood, J. (2006). The internet group management protocol with access control (IGMP-AC). In The 31st IEEE conference on local computer networks, Tampa, FL, November 2006.
Ishikawa, N., Yamanouchi, N., & Takahashi, O. (1999). An architecture for user authentication of IP multicast and its implementation, IEEE Internet Workshop 18–20 February 1999.
Judge P., Ammar M. (2002) Gothic: A group access control architecture for secure multicast and anycast. IEEE INFOCOM, New York, pp 1547–1556
Judge, P., & Ammar, M. (2003). Security issues and solutions in multicast content distribution: A survey. IEEE Network, 2003, pp. 30–36.
Kellil M. et al (2005) Multicast receiver and sender access control and its applicability to mobile IP environments: A survey. IEEE Communications Surveys and Tutorials Second Quarter 7(2): 46–70
Mukherjee, R., & William Atwood, J. (2005). Multicast group authentication, IFIP and IEEE conference on network control and engineering for QoS, security and mobility, Lannion, France, November 2005.
Rajvaidya P., Ramachandran K. N., Almeroth K. C. (2002) Managin and securing the global multicast infrastructure. Journal of Network and Systems Management 12(3): 1–25
Rigney, C., Rubens, A., Simpson, W., Willens, S. (2000). Remote authentication dial in user service. Request for comments, IETF, June 2000.
Simson, W. (1996). PPP challenge handshake authentication protocol (CHAP), RFC 1994.
Shields, C., & Garcia-Luna-Aceves, J. J. (1999). KHIP-A scalable, efficient protocol for secure multicast routing. In Proc. of ACM Sigcomm 99. September 1999.
Wang N., Pavlou G. (2003) Scalable sender access control for bidirectional multicast routing. Computer Networks 43(5): 539–555
Wei, L. (1998). Authenticating PIM version 2 messages, November 1998. draft-ietf -pim-v2-auth-00.txt.
William Atwood, J. (2007). An architecture for secure and accountable multicasting. In The 32nd IEEE conference on local computer networks, Dublin, Ireland, October 2007.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Li, X., Zhang, H., Chang, JM. et al. PIMac: Multicast Access Control Implementation in PIM-SM. Wireless Pers Commun 55, 35–49 (2010). https://doi.org/10.1007/s11277-009-9784-2
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-009-9784-2