New enhancements to the SOCKS communication network security protocol: Schemes and performance evaluation

In this paper we propose two new enhancements to the SOCKS protocol in the areas of IP multicasting and UDP tunneling. Most network firewalls deployed at the entrance to a private network block multicast traffic. This is because of potential security threats inherent with IP multicast. Multicasting is the backbone of many Internet technologies like voice and video conferencing, real time gaming, multimedia streaming, and online stock quotes, among others. There is a need to be able to safely and securely allow multicast streams to enter into and leave a protected enterprise network. Securing multicast streams is challenging. It poses many architectural issues. The SOCKS protocol is typically implemented in a network firewall as an application-layer gateway. Our first enhancement in the area of IP multicast to the SOCKS protocol is to enable the application of security and access control policies and safely allow multicast traffic to enter into the boundaries of a protected enterprise network. The second enhancement we propose is to allow the establishment of a tunnel between two protected networks that have SOCKS based firewalls to transport UDP datagrams.

[1]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[2]  Ross S. Finlayson IP Multicast and Firewalls , 1999, RFC.

[3]  Daeyoung Kim,et al.  The group security association for secure multicasting , 2001, Proceedings. Ninth IEEE International Conference on Networks, ICON 2001..

[4]  Mostafa Ammar,et al.  Security issues and solutions in multicast content distribution: a survey , 2003 .

[5]  Jae-Young Pyun,et al.  Framework for secure audio streaming to wireless access network , 2005, 2005 Systems Communications (ICW'05, ICHSN'05, ICMCS'05, SENET'05).

[6]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[7]  David Thaler,et al.  Socket Interface Extensions for Multicast Source Filters , 2004, RFC.

[8]  Mohammad S. Obaidat,et al.  New Techniques to Enhance the Capabilities of the Socks Network Security Protocol , 2008, SECRYPT.

[9]  Rocky K. C. Chang,et al.  A Transport-Level Proxy for Secure Multimedia Streams , 2000, IEEE Internet Comput..

[10]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[11]  Kevin C. Almeroth,et al.  Facilitating robust multicast group management , 2005, NOSSDAV '05.

[12]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[13]  Brad Cain,et al.  Internet Group Management Protocol, Version 3 , 2002, RFC.

[14]  Rolland Vida,et al.  Multicast Listener Discovery Version 2 (MLDv2) for IPv6 , 2004, RFC.

[15]  Kevin C. Almeroth,et al.  IP Multicast Applications: Challenges and Solutions , 2001, RFC.

[16]  Lin Han,et al.  Secure multicast software delivery , 2000, Proceedings IEEE 9th International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 2000).

[17]  Daniel F. Sterne,et al.  An MBone proxy for an application gateway firewall , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).