Group Security Association (GSA) Management in IP Multicast

This work describes the Group Security Association (GSA) Management model and protocol as developed in the Secure Multicast Group (SMUG) in the IETF. The background reasoning from the Internet Key Exchange (IKE) protocol perspective is explained, together with the notion of Security Associations (SA) in the unicast cast. This serves as a basis for requirements for Group SA for multicast. Finally, the definition and construction of a GSA is described.

[1]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.

[2]  Thomas Hardjono,et al.  A Framework for Group Key Management for Multicast Security , 2000 .

[3]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[4]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[5]  Hugo Krawczyk,et al.  SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[6]  Hugh Harney,et al.  Multicast Security Management Protocol (MSMP) Requirements and Policy , 1999 .

[7]  Andrea Colegrove,et al.  Group Secure Association Key Management Protocol , 2000 .

[8]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[9]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[10]  Derrell Piper,et al.  The Internet IP Security Domain of Interpretation for ISAKMP , 1998, RFC.

[11]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[12]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[13]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[14]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[15]  Bob Briscoe,et al.  Nark: receiver-based multicast non-repudiation and key management , 1999, EC '99.

[16]  William Allen Simpson,et al.  Photuris: Session-Key Management Protocol , 1999, RFC.

[17]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[18]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[19]  Hilarie K. Orman,et al.  The OAKLEY Key Determination Protocol , 1997, RFC.

[20]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[21]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.