An IPSec-based Host Architecture for Secure Internet Multicast

We propose a host architecture for secure IP multicast. We identify the basic components of the architecture, describe their functionalities and how they interact with one another. The fundamental design tenets of the proposed architecture are simplicity, modularity, and compatibility with existing protocols and systems. More specifically, we try to re-use existing IPSec mechanisms as far as possible, and extend them when necessary. We also discuss our experiences with implementing the proposed architecture on Linux.

[1]  Gene Tsudik,et al.  CLIQUES: a new approach to group key agreement , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[2]  Stephen Deering,et al.  Multicast routing in a datagram internetwork , 1992 .

[3]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[4]  Ran Canetti,et al.  A taxonomy of multicast security issues (temporary version) , 1998 .

[5]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[6]  Christian Huitema,et al.  Routing in the Internet , 1995 .

[7]  Thomas Hardjono,et al.  Group Security Association (GSA) Definition for IP Multicast , 1999 .

[8]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[9]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[10]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[11]  Kevin C. Almeroth,et al.  IP Multicast Applications: Challenges and Solutions , 2001, RFC.

[12]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[13]  Thomas Hardjono,et al.  A Framework for Group Key Management for Multicast Security , 2000 .

[14]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[15]  Pankaj Rohatgi,et al.  A compact and fast hybrid signature scheme for multicast packet authentication , 1999, CCS '99.

[16]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[17]  Stephen E. Deering,et al.  Host extensions for IP multicasting , 1986, RFC.

[18]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[19]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.