PIMac: Multicast Access Control Implementation in PIM-SM

In this paper, we present an access control scheme for PIM-SM multicast domain. In order to avoid the overhead of digital signature algorithm, the proposed solution makes use of the Rendezvous Point to collect keys and implement a distributed shared-key based multicast access control system. As it supplies efficient host access control in PIM-SM domain, we name this scheme PIMac. Compared with the existing multicast admission control solutions, PIMac has following advantages: (1) support both receiver and sender access control; (2) realize host exclusion based on expire time; (3) compatibility with current PIM-SM protocol; (4) lower join latency; (5) anti-replay and DoS robustness; last but not least, (6) PIMac architecture is divided into two separated domains: AAA domain and multicast routing domain, entities in each domain do not rely on PKI interoperability or common secret to authenticate each other. The experimental results show that PIMac achieves flexible manageability and improves the performance of multicast access control systems effectively.

[1]  John Hale,et al.  Guest Editorial: Secur(e/ity) Management: Two Sides of the Same Coin , 2004, Journal of Network and Systems Management.

[2]  William Allen Simpson,et al.  PPP Challenge Handshake Authentication Protocol (CHAP) , 1996, RFC.

[3]  M. Neusten,et al.  Telecommunication systems. , 1976, Advances in ophthalmology = Fortschritte der Augenheilkunde = Progres en ophtalmologie.

[4]  J. J. Garcia-Luna-Aceves,et al.  KHIP—a scalable protocol for secure multicast routing , 1999, SIGCOMM '99.

[5]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[6]  Ning Wang,et al.  Scalable sender access control for bi-directional multicast routing , 2003, Comput. Networks.

[7]  J. William Atwood,et al.  Multicast Group Authentication , 2005, Net-Con.

[8]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[9]  J. William Atwood,et al.  The Internet Group Management Protocol with Access Control (IGMP-AC) , 2006, Proceedings. 2006 31st IEEE Conference on Local Computer Networks.

[10]  Nadia Boukhatem,et al.  Network Control and Engineering for QoS, Security and Mobility , 2003, IFIP — The International Federation for Information Processing.

[11]  Mark Handley,et al.  Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification , 1997, RFC.

[12]  Dominique Gaïti Network control and engineering for QoS, security and mobility, IV : fourth IFIP International Conference on Network Control and Engineering for QoS. Security, and Mobility, Lannion, France, November 14-18, 2005 , 2007 .

[13]  J. William Atwood,et al.  An Architecture for Secure and Accountable Multicasting , 2007, 32nd IEEE Conference on Local Computer Networks (LCN 2007).

[14]  J. William Atwood,et al.  A Framework to Add AAA Functionalities in IP Multicast , 2006, Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services (AICT-ICIW'06).

[15]  Kevin C. Almeroth,et al.  Collecting and modeling the join/leave behavior of multicast group members in the MBone , 1996, Proceedings of 5th IEEE International Symposium on High Performance Distributed Computing.

[16]  Mostafa Ammar,et al.  Security issues and solutions in multicast content distribution: a survey , 2003 .

[17]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[18]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[19]  Liming Wei Authenticating PIM version 2 messages , 2000 .

[20]  Mostafa H. Ammar,et al.  Gothic: a group access control architecture for secure multicast and anycast , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[21]  Kevin C. Almeroth,et al.  Managing and Securing the Global Multicast Infrastructure , 2004, Journal of Network and Systems Management.

[22]  Abdelmadjid Bouabdallah,et al.  Multicast receiver and sender access control and its applicability to mobile IP environments: a survey , 2005, IEEE Communications Surveys & Tutorials.

[23]  Thomas Hardjono Router-assistance for receiver access control in PIM-SM , 2000, Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.

[24]  Brad Cain,et al.  Internet Group Management Protocol, Version 3 , 2002, RFC.

[25]  Gabriel Montenegro,et al.  Securing group management in IPv6 with cryptographically generated addresses , 2003, Proceedings of the Eighth IEEE Symposium on Computers and Communications. ISCC 2003.

[26]  Norihiro Ishikawa,et al.  An architecture for user authentication of IP multicast and its implementation , 1999, 1999 Internet Workshop. IWS99. (Cat. No.99EX385).