Iolus: a framework for scalable secure multicasting

As multicast applications are deployed for mainstream use, the need to secure multicast communications will become critical. Multicast, however, does not fit the point-to-point model of most network security protocols which were designed with unicast communications in mind. As we will show, securing multicast (or group) communications is fundamentally different from securing unicast (or paired) communications. In turn, these differences can result in scalability problems for many typical applications.In this paper, we examine and model the differences between unicast and multicast security and then propose Iolus: a novel framework for scalable secure multicasting. Protocols based on Iolus can be used to achieve a variety of security objectives and may be used either to directly secure multicast communications or to provide a separate group key management service to other "security-aware" applications. We describe the architecture and operation of Iolus in detail and also describe our experience with a protocol based on the Iolus framework.

[1]  John B. Lacy CryptoLib: Cryptography in Software , 1993, USENIX Security Symposium.

[2]  L.C.N. Tseung,et al.  Guaranteed, reliable, secure broadcast networks , 1989, IEEE Network.

[3]  Wen-Tsuen Chen,et al.  Secure Broadcasting Using the Secure Lock , 1989, IEEE Trans. Software Eng..

[4]  Stephen E. Deering,et al.  Multicast routing in internetworks and extended LANs , 1988, CCRV.

[5]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[6]  Randall J. Atkinson,et al.  On Internet Authentication , 1994, RFC.

[7]  Sandeep K. Singhal,et al.  Log-based receiver-reliable multicast for distributed interactive simulation , 1995, SIGCOMM '95.

[8]  Stephen E. Deering,et al.  Host extensions for IP multicasting , 1986, RFC.

[9]  ZHANGLi-xia,et al.  A reliable multicast framework for light-weight sessions and application level framing , 1995 .

[10]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[11]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[12]  Stephen Deering,et al.  Multicast routing in a datagram internetwork , 1992 .

[13]  Deborah Estrin,et al.  The PIM architecture for wide-area multicast routing , 1996, TNET.

[14]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[15]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[16]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[17]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[18]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[19]  L.C.N. Tseung Guaranteed, reliable, secure broadcast networks , 1989 .

[20]  Jon Crowcroft,et al.  Core Based Trees (CBT) An Architecture for Scalable Inter-Domain Multicast Routing , 1993, SIGCOMM 1993.

[21]  Steven McCanne,et al.  vic: a flexible framework for packet video , 1995, MULTIMEDIA '95.

[22]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[24]  Craig Partridge,et al.  Host Anycasting Service , 1993, RFC.

[25]  Li Gong,et al.  Multicast security and its extension to a mobile environment , 1995, Wirel. Networks.