KHIP—a scalable protocol for secure multicast routing

We present Keyed HIP (KHIP), a secure, hierarchical multicast routing protocol. We show that other shared-tree multicast routing protocols are subject to attacks against the multicast routing infrastructure that can isolate receivers or domains or introduce loops into the structure of the multicast routing tree. KHIP changes the multicast routing model so that only trusted members are able to join the multicast tree. This protects the multicast routing against attacks that could form branches to unauthorized receivers, prevents replay attacks and limits the effects of flooding attacks. Untrusted routers that are present on the path between trusted routers cannot change the routing and can mount no denial-of-service attack stronger than simply dropping control messages. KHIP also provides a simple mechanism for distributing data encryption keys while adding little overhead to the protocol.

[1]  Li Gong,et al.  Reasoning about belief in cryptographic protocols , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[2]  Deborah Estrin,et al.  The PIM architecture for wide-area multicast routing , 1996, TNET.

[3]  Li Gong,et al.  Trade-offs in routing private multicast traffic , 1995, Proceedings of GLOBECOM '95.

[4]  S. H. Ong,et al.  A generic multicast-key determination protocol , 1993, Proceedings of IEEE Singapore International Conference on Networks/International Conference on Information Engineering '93.

[5]  William C. Fenner Internet Group Management Protocol, Version 2 , 1997, RFC.

[6]  Sandra L. Murphy,et al.  Digital signature protection of the OSPF routing protocol , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[7]  J. J. Garcia-Luna-Aceves,et al.  The ordered core based tree protocol , 1997, Proceedings of INFOCOM '97.

[8]  Brendan G. Cain,et al.  Core based trees (cbt version 3) multicast routing , 1998 .

[9]  Tim Howes,et al.  Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2 , 1999, RFC.

[10]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[11]  J. J. Garcia-Luna-Aceves,et al.  Securing distance-vector routing protocols , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[12]  J. J. Garcia-Luna-Aceves,et al.  The HIP protocol for hierarchical multicast routing , 1998, PODC '98.

[13]  Tony Ballardie,et al.  Core Based Trees (CBT version 2) Multicast Routing - Protocol Specification - , 1997, RFC.

[14]  Stephen Deering,et al.  Multicast routing in a datagram internetwork , 1992 .

[15]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[16]  Gene Tsudik,et al.  Reducing the cost of security in link-state routing , 1997, Proceedings of SNDSS '97: Internet Society 1997 Symposium on Network and Distributed System Security.

[17]  Deborah Estrin,et al.  An architecture for wide-area multicast routing , 1994, SIGCOMM.

[18]  Francisco Jordan,et al.  Secure Multicast Communications using a Key Distribution Center , 1994, INDC.

[19]  Jon Crowcroft,et al.  Core Based Trees (CBT) An Architecture for Scalable Inter-Domain Multicast Routing , 1993, SIGCOMM 1993.

[20]  Matthew J. Weiner,et al.  Efficient DES Key Search , 1994 .

[21]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[22]  Li Gong Trade-oos in Routing Private Multicast Traac , 1995 .

[23]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[24]  Eli Biham,et al.  How to Forge DES-Encrypted Messages in $2^{28}$ Steps , 1996 .

[25]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[26]  J. J. Garcia-Luna-Aceves,et al.  Efficient security mechanisms for the border gateway routing protocol , 1998, Comput. Commun..

[27]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[28]  D. Estrin,et al.  The MASC/BGMP architecture for inter-domain multicast routing , 1998, SIGCOMM '98.

[29]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[30]  Li Gong,et al.  Elements of trusted multicasting , 1994, Proceedings of ICNP - 1994 International Conference on Network Protocols.