product iamge

Multicast and Group Security (Artech House Computer Security Series)

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Download
Search on Amazon

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

A handbook for engineers, architects and other practitioners working in the field of Internet security. It presents detailed coverage of security technologies and techniques for IP (Internet protocol) multicast networks from the leading developer of the standards. It also examines important security issues relating to other group communication technologies. Algorithms and protocols for multi-party secure communication are included. Technical managers could use this volume as a guide to the state of multicast and group security, without necessarily having to know all the detailed algorithms. Computer scientists and research and development personnel could use it as a survey of the technologies, approaches and algorithms used to provide a secure multicast solution.

Author(s): Thomas Hardjono, Lakshminath R. Dondeti,
Year: 2003

Language: English
Pages: 334

Multicast and Group Security......Page 4
Copyright......Page 5
Contents......Page 8
Foreword......Page 16
Preface......Page 18
Acknowledgments......Page 22
1 Introduction......Page 24
1.1 Motivation for multicast security......Page 25
1.2.1 Problem area 1: Secure multicast data handling......Page 28
1.2.2 Problem area 2: Management of keying material......Page 30
1.2.3 Problem area 3: Multicast security policies......Page 34
1.3 Infrastructure protection......Page 35
1.5 Road map......Page 36
References......Page 37
2.1 The problem scope of multicast security......Page 40
2.2 Fundamental issues......Page 42
2.2.2 Controlled access to the multicast distribution tree......Page 43
2.2.3 Management of keying material......Page 44
2.3.1 Security of Reliable Multicast protocols......Page 46
2.3.2 Applications requirements and other issues......Page 47
2.4.1 A brief history of multicast security efforts in the IETF......Page 48
2.4.2 The IETF multicast security Reference Framework......Page 50
2.4.3 Elements of the Reference Framework......Page 51
2.5 Three problem areas in the management of keying material......Page 53
2.5.1 Problem area 1: Multicast data handling......Page 54
2.5.2 Problem area 2: Management of keying material......Page 55
2.5.3 Problem area 3: Multicast security policies......Page 56
2.6.1 Motivation for building blocks......Page 57
2.6.2 Functional building blocks......Page 61
2.7 Summary......Page 65
References......Page 66
3 Multicast data authentication......Page 68
3.1 Issues in multicast data authentication......Page 69
3.1.1 Providing group authentication......Page 71
3.1.2 Providing source authentication......Page 72
3.2 Digital signatures for source authentication......Page 73
3.2.1 Block signatures and individual packet authentication......Page 74
3.3 Hash chaining to authenticate streaming data......Page 78
3.3.1 Graph representation of hash chaining......Page 79
3.3.2 Efficient multichained stream signature......Page 81
3.3.4 Piggybacking......Page 82
3.3.5 Discussion on hash chaining for authentication......Page 83
3.4 MAC- based source authentication of unreliable streams......Page 84
3.4.1 TESLA initialization......Page 86
3.4.2 MAC- based authentication of packets by the sender......Page 87
3.4.3 Packet processing at the receivers in TESLA......Page 88
3.4.4 Enhancements to TESLA......Page 89
3.4.5 Applicability analysis of TESLA......Page 90
3.5 IPsec ESP and MESP......Page 91
3.6 Summary......Page 92
References......Page 93
4 Introduction to group key management......Page 96
4.1 A model for group key management......Page 97
4.2.1 Security requirements of unicast key management......Page 99
4.3 Security requirements of group key management......Page 102
4.4 GSA management......Page 105
4.4.1 The GSA model......Page 106
4.4.2 Definition of GSA......Page 108
4.5 Classification of the group key management problem......Page 109
References......Page 111
5 Architectures and protocols for group
key management......Page 114
5.1 Architectural issues and motivations......Page 116
5.2 IKAM......Page 117
5.2.1 Domains, areas, and key distributors......Page 118
5.2.2 Multicast groups for data and control......Page 119
5.2.3 Keys: Multicast groups and control multicast groups......Page 121
5.2.4 Control multicast groups: Address allocation......Page 122
5.2.5 Arrangement of keys in the domain......Page 123
5.3 Iolus......Page 126
5.3.1 Hierarchical subgrouping......Page 127
5.3.2 Subgroup key management......Page 128
5.3.3 Secure group communication in Iolus......Page 129
5.4.1 GKMP......Page 131
5.4.2 GSAKMP......Page 135
5.4.3 GDOI......Page 140
5.5 Summary......Page 149
References......Page 150
6 Group key management algorithms......Page 152
6.1 Batch and periodic rekeying......Page 154
6.1.1 Trade- offs in batch rekeying......Page 155
6.2 MARKS......Page 157
6.3 LKH......Page 159
6.3.2 Adding a member to a key tree......Page 160
6.3.3 Join rekeying in LKH......Page 161
6.3.5 Leave rekeying in LKH......Page 163
6.3.6 Efficient leave rekeying using OFCs......Page 164
6.4 OFT......Page 165
6.4.1 Initializing an OFT......Page 167
6.4.2 Join rekeying in OFT......Page 168
6.4.3 Leave rekeying in OFT......Page 169
6.6.1 Repeated retransmission of rekey message......Page 171
6.6.3 Weighted key assignment for reliable transport......Page 172
6.7 Stateless key revocation algorithms......Page 173
6.7.1 STR for membership revocation......Page 174
6.7.2 SDR for membership revocation......Page 175
6.8 Summary......Page 177
References......Page 179
7 Group security policy......Page 182
7.1 Group security policy framework......Page 184
7.2 Classification of group security policy......Page 187
7.2.1 Announcement policy......Page 188
7.2.4 Data protection policy......Page 189
7.2.5 Group management delegation policy......Page 190
7.2.7 Compromise recovery policy......Page 191
7.3.1 Ismene policy specification......Page 192
7.3.2 CCNT......Page 193
7.3.3 GSPT......Page 194
7.3.4 Discussion on policy specification languages......Page 196
7.4.1 Ismene policy reconciliation......Page 197
7.4.2 Policy negotiation in DCCM......Page 198
7.5.1 Policy distribution and enforcement in GDOI......Page 199
7.5.2 Antigone policy framework......Page 200
7.6 Summary......Page 201
References......Page 202
8 Securing multicast routing protocols......Page 204
8.1 The three components of multicast security......Page 205
8.1.1 General types of attacks in multicast routing......Page 207
8.1.2 Multicast routing and security......Page 208
8.2 Overview of multicast routing......Page 209
8.2.2 DVMRP......Page 211
8.2.3 PIM- SM......Page 212
8.2.4 IGMP......Page 214
8.2.5 SSM......Page 216
8.3 Security requirements in unicast and multicast routing......Page 217
8.4.1 Background......Page 220
8.4.2 PIM authentication......Page 221
8.4.3 SKMP for PIMv2......Page 222
8.4.4 Revised PIM- SM: Security issues......Page 225
8.4.5 Revised PIM- SM: Possible solutions......Page 227
8.5 MSDP security......Page 228
8.6 IGMP security......Page 230
8.6.1 Membership authorization and authentication issues......Page 232
8.6.2 Membership authorization approaches......Page 233
8.6.3 Message authentication approaches......Page 235
8.6.4 Open issues......Page 236
8.7.1 Secure CBT multicasting: SMKD......Page 237
8.7.2 KHIP......Page 238
8.8 Summary......Page 239
References......Page 241
9 Security in Reliable Multicast protocols......Page 246
9.1 Classification of RM protocols......Page 248
9.1.1 Good throughput strategies......Page 249
9.1.2 Network entity participation and support......Page 251
9.2 Generic security requirements for RM protocols......Page 252
9.3 Security of TRACK protocols......Page 254
9.3.2 RMTP- II......Page 255
9.3.3 TRAM......Page 260
9.4 Security of NORM protocols......Page 261
9.4.1 Model of NORM......Page 262
9.4.2 PGM......Page 267
9.5 Security of FEC- based protocols......Page 270
9.6 Summary......Page 271
References......Page 272
10 Applications of multicast and their security......Page 276
10.1.2 Network topology......Page 277
10.1.3 Security requirements and possible approaches......Page 278
10.2 Local area IP Television......Page 280
10.2.1 Background......Page 281
10.2.2 Network topology......Page 282
10.2.3 Security requirements and possible approaches......Page 283
10.3 Nonreal- time multicast distribution......Page 284
10.3.1 MFTP......Page 285
10.3.3 Security solutions for MFTP......Page 287
10.4 SecureGroups project......Page 289
10.4.1 Impact of mobility on group key management......Page 290
References......Page 291
11 Conclusion and future work......Page 294
11.2 Secure multicast data transmission......Page 295
11.2.1 Group authentication......Page 296
11.3 Group key distribution......Page 297
11.3.1 Reliable transport of rekey messages......Page 298
11.3.2 Secure multicast group management......Page 299
11.3.4 Secure group communication between mobile members in wireless environments......Page 300
11.5 Infrastructure protection......Page 301
11.6 Future direction and final words......Page 303
Glossary......Page 306
About the authors......Page 318
Index......Page 320