AuthoCast - a mobility-compliant protocol framework for multicast sender authentication

Summary Mobility is considered a key technology of the next generation Internet and has been standardized within the IETF. Rapidly emerging multimedia group applications such as IPTV, MMORPGs and video conferencing increase the demand for mobile group communication, but a standard design of mobile multicast is still awaited. The open problem poses signicant operational and security challenges to the Internet infrastructure. This paper introduces a protocol framework for authenticating multicast sources and securing their mobility handovers. Its contribution is twofold: At rst, the current mobile multicast problem and solution spaces are summarized from the security perspective. At second, a solution to the mobile source authentication problem is presented that complies to IPv6 mobility signaling standards. Using an autonomously veriable one-way authentication based on cryptographically generated addresses, a common design is derived to jointly comply with the mobile any source and source specic multicast protocols that are currently proposed. This light-weight scheme smoothly extends the unicast enhanced route optimization for mobile IPv6 and adds only little overhead to multicast packets and protocol operations. Copyright c 2008 John Wiley & Sons, Ltd.

[1]  Pekka Nikander,et al.  SEcure Neighbor Discovery (SEND) , 2005, RFC.

[2]  Claude Castelluccia,et al.  Hierarchical Mobile IPv6 (HMIPv6) Mobility Management , 2008, RFC.

[3]  Stephen Deering,et al.  Internet Protocol Version 6(IPv6) , 1998 .

[4]  J. William Atwood,et al.  Scalable solutions for secure group communications , 2007, Comput. Networks.

[5]  David Thaler,et al.  Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification , 1997, RFC.

[6]  Mark Handley,et al.  Bidirectional Protocol Independent Multicast (BIDIR-PIM) , 2007, RFC.

[7]  Craig Partridge,et al.  IPv6 Router Alert Option , 1999, RFC.

[8]  Thomas Noël,et al.  Supporting mobile SSM sources for IPv6 , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[9]  Ning Wang,et al.  Scalable IP Multicast Sender Access Control for Bi-directional Trees , 2001, Networked Group Communication.

[10]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[11]  Mark Handley,et al.  Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification , 1997, RFC.

[12]  Dawn Song,et al.  The TESLA Broadcast Authentication Protocol , 2002 .

[13]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[14]  Brad Cain,et al.  Source-Specific Multicast for IP , 2006, RFC.

[15]  Adrian Perrig,et al.  Distillation Codes and Applications to DoS Resistant Multicast Authentication , 2004, NDSS.

[16]  Jari Arkko,et al.  Enhanced Route Optimization for Mobile IPv6 , 2007, RFC.

[17]  Yacine Challal,et al.  A taxonomy of multicast data origin authentication: Issues and solutions , 2004, IEEE Communications Surveys & Tutorials.

[18]  Mark Handley,et al.  RFC 5015: Bidirectional Protocol Independent Multicast (BIDIR-PIM) , 2007 .

[19]  Stephen E. Deering,et al.  Internet Protocol, Version 6 (IPv6) Specification , 1995, RFC.

[20]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[21]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[22]  Charles E. Perkins,et al.  Mobility support in IPv6 , 1996, MobiCom '96.

[23]  Roberto Tamassia,et al.  Multicast authentication in fully adversarial networks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[24]  Tom Pfeifer,et al.  Digital Ecosystem for Cross-domain Context Sensing and Trading , 2007 .

[25]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[26]  Gabriel Montenegro,et al.  Securing group management in IPv6 with cryptographically generated addresses , 2003, Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003.

[27]  Thomas C. Schmidt,et al.  Seamless Multicast Handover in a Hierarchical Mobile IPv6 Environment (M-HMIPv6) , 2005 .

[28]  Thomas C. Schmidt,et al.  Morphing distribution trees—On the evolution of multicast states under mobility and an adaptive routing scheme for mobile SSM sources , 2006, Telecommun. Syst..

[29]  J.W. Atwood,et al.  SIM-KM: scalable infrastructure for multicast key management , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[30]  Chun-Hung Richard Lin,et al.  Scalable Multicast Protocol in IP-Based Mobile Networks , 2002, Wirel. Networks.

[31]  Rolland Vida,et al.  Multicast Listener Discovery Version 2 (MLDv2) for IPv6 , 2004, RFC.

[32]  Reshad Rahman,et al.  Use of IP Router Alert Considered Dangerous , 2008 .

[33]  Huaxiong Wang,et al.  A coding approach to the multicast stream authentication problem , 2008, International Journal of Information Security.

[34]  Thomas C. Schmidt,et al.  Multicast Mobility in MIPv6: Problem Statement , 2007 .

[35]  Stephen E. Deering,et al.  Host extensions for IP multicasting , 1986, RFC.

[36]  George C. Polyzos,et al.  IP multicast for mobile hosts , 1997, IEEE Commun. Mag..

[37]  J. William Atwood,et al.  Sender Access Control in IP Multicast , 2007, 32nd IEEE Conference on Local Computer Networks (LCN 2007).

[38]  Abdelmadjid Bouabdallah,et al.  Transparent Handover for Mobile Multicast Sources , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[39]  Abdelmadjid Bouabdallah,et al.  Multicast receiver and sender access control and its applicability to mobile IP environments: a survey , 2005, IEEE Communications Surveys & Tutorials.