Nark: receiver-based multicast non-repudiation and key management

The goal of this work is to separately control individual secure sessions between unlimited pairs of multicast receivers and senders while preserving the scalability of receiver initiated Internet multicast for the data transfer itself. Unlike other secure multicast solutions, there are absolutely no side-effects on other receivers when a single receiver joins or leaves a session. Each individual receiver can also reliably prove whether any fragment of the data hasn’t been delivered or wasn’t delivered on time (e.g. late video frames). Further, each receiver’s data can be subject to an individual, watermarked audit trail. The cost per receiver-session is typically just one set-up message exchange with a key manager. Key managers can be replicated without limit because they are only loosely coupled to the senders who can remain oblivious to members being added or removed. The solution requires a tamper-resistant processor such as a smartcard at each receiver. However, generic cards supplied by a trusted third party are used rather than cards specific to each information provider. The technique can be applied to other bulk data distribution channels instead of multicast, such as DVD.

[1]  Moni Naor,et al.  Digital signets: self-enforcing protection of digital information (preliminary version) , 1996, STOC '96.

[2]  Stephen Deering,et al.  Multicast routing in a datagram internetwork , 1992 .

[3]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[4]  Peter Bagnall,et al.  Taxonomy of Communication Requirements for Large-scale Multicast Applications , 1999, RFC.

[5]  Ran Canetti,et al.  A taxonomy of multicast security issues (temporary version) , 1998 .

[6]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[7]  염흥렬,et al.  [서평]「Applied Cryptography」 , 1997 .

[8]  Colin Perkins,et al.  Watercasting: Distributed Watermarking of Multicast Media , 1999, Networked Group Communication.

[9]  Andrew Herbert,et al.  FlexiNet—a flexible component oriented middleware system , 1998, EW 8.

[10]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[11]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[12]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[13]  Ralf Steinmetz,et al.  Evaluation of Different Video Encryption Methods for a Secure Multimedia Conferencing Gateway , 1997, COST 237 Workshop.

[14]  Hector Garcia-Molina,et al.  Copy detection mechanisms for digital documents , 1995, SIGMOD '95.

[15]  Moni Naor,et al.  Threshold Traitor Tracing , 1998, CRYPTO.

[16]  David M. Kristol,et al.  HTTP State Management Mechanism , 1997, RFC.

[17]  J. Rogers Chaos , 1876 .

[18]  J. Mark Pullen,et al.  Limitations of Internet Protocol Suite for Distributed Simulation the Large Multicast Environment , 1999, RFC.

[19]  Charalampos Manifavas,et al.  Chameleon - A New Kind of Stream Cipher , 1997, FSE.

[20]  Deborah Estrin,et al.  Sharing the “cost” of multicast trees: an axiomatic analysis , 1995, SIGCOMM '95.

[21]  Victor Shoup,et al.  Session Key Distribution Using Smart Cards , 1996, EUROCRYPT.

[22]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[23]  Thierry Turletti,et al.  A N aming Approach for ALF Design , 1998 .