Multicast Security
Issues and Solutions
Outline





Explain multicast and its applications
Show why security is needed
Discuss current security
implementations
Explain the different ways of doing
multicast
Go in-depth into key management
What is Multicast?

Unicast


Broadcast


One-to-one communication
One-to-all communication
Multicast


One-to-many communication
Many-to-many communication
Applications of Multicast




Online chat groups
Streaming video/audio
Videoconferencing
Multiplayer games
Need for Security





Protecting trade secrets
Confidential chat
Government use
Pay-per-view
Online auctions
Why Security is Hard

Open group membership


Everyone gets same packets


Anyone can view or insert data into group
No individualization or customization
Senders need not be members

Can’t control information that goes to the
group
Security Solutions

Authentication (senders and receivers)


Access control (senders and receivers)



Restrict membership
Restrict who can send data
Key management


Identify the members of the group
Provide confidentiality and integrity
Fingerprinting

Make each receiver’s data unique
IP vs. Application-Layer
Multicast

IP Multicast




Network supported
Minimum traffic
Least control over access
Application-Layer Multicast



More versatile (no network support required)
Full control over the group
More network overhead
Group Key Management

Basic schemes


Hierarchical schemes


Iolus, Logical Key Hierarchy
Batch schemes


GKMP, SMKD
MARKS
Trade-off schemes

CVA, HySOR
Basic Key Distribution




Single group key
Pair-wise distribution
Slow
Non-scalable
Hierarchical Key Distribution

Logical groups




Central management
Tree structure
Isolation of keying
Node hierarchies

Sub-group managers
Batch Rekeying



Reduce rekey operations
Less overhead
Sacrifice forward/backward secrecy
New Approach



No group key
Arbitrary message key
Personal keys for each node

Key encryption keys
New Approach




Extreme hierarchical case
Sub-group size of 1
Rekey isolation
Take advantage of inherent topology
How it Works




Certificates
Personal keys
Message keys
Join/Leave
operations
Advantages



Highly scalable
Fast rekey operations
Low message overhead
Remaining Issues


Vulnerable to Denial of Service
Performance dependent on the overlay
topology
Takeaway Points




Wide range of applications
Many require security
Current approaches are insufficient
Need a usable key management
scheme
Resources


http://www.cs.virginia.edu/~mngroup
http://www.securemulticast.org/
References




Paul Judge and Mostafa Ammar, Security Issues and Solutions in
Multicast Content Distribution: A Survey, IEEE Network.
January/February 2003.
Germano Caronni, M.W., Dan Sun, Bernhard Plattner, Efficient
Security for Large and Dynamic Multicast Groups. in IEEE 7th
Workshop on Enabling Technologies: Infrastructure for Collaborative
Enterprises, (1998).
Guang-Huei Chiou, W.-T.C. Secure Broadcasting Using the Secure
Lock. IEEE Transactions on Software Engineering, 15 (8).
Suvo Mittra Iolus: A Framework for Scalable Secure Multicasting,
Proceedings of the ACM SIGCOMM '97. September 1997.