alternative approaches to secure multicast
play

Alternative Approaches to Secure Multicast Yair Amir, Baruch - PowerPoint PPT Presentation

May 07, 2023 •151 likes •287 views

Alternative Approaches to Secure Multicast Yair Amir, Baruch Awerbuch, Theo Schlossnagle, Jonathan Stanton The Center for Networking and Distributed Systems Johns Hopkins University http://www.cnds.jhu.edu Johns Hopkins LUCITE 1/99 Meeting

  1. Alternative Approaches to Secure Multicast Yair Amir, Baruch Awerbuch, Theo Schlossnagle, Jonathan Stanton The Center for Networking and Distributed Systems Johns Hopkins University http://www.cnds.jhu.edu Johns Hopkins LUCITE 1/99 Meeting 1

  2. The Group Communication Model c b c d a a a b a a P P P P P P P P • Ordering (Unordered, FIFO, Causal, Agreed). • Delivery guarantees (Unreliable, Reliable, Safe/Stable). • Open groups versus close groups. • Failure model (Omission, Fail-stop, Crash & Recovery, Network Partitions). • Multiple groups. Johns Hopkins LUCITE 1/99 Meeting 2

  3. IP Multicast • Multicast extension to IP. • IP multicast provides some of the traditional group communication services, specifically: unreliable, unordered, best-effort multicast, fully supporting the various failure models. • No accurate membership. • Utilizes network routers to store state of IP Multicast groups that span attached networks. Johns Hopkins LUCITE 1/99 Meeting 3

  4. Spread: A Wide and Local Area Group Communication System c b c d a a a b a a P P P P P P P P S S S • Spread daemons are located in various parts of the network. • Clients may connect to the nearest daemon. • Network structure is transparent to the client processes. • Open group semantics. Johns Hopkins LUCITE 1/99 Meeting 4

  5. Multicast Routing in Spread Hardware A A Broadcast IP Multicast B B D D Routing Tree for Site A Hardware Routing Tree for C C Multicast Site C Routing Tree for Site D * Site B’s routing tree is not shown for clarity reasons. • Optimized routing tree for each multicast source. • Network routers are not involved in group maintenance and multicast routing calculations. • Network routers perform only insecure unicast routing. Johns Hopkins LUCITE 1/99 Meeting 5

  6. Advantages of Alternative approaches • Not require changes to standard Internet Protocols. • Security goes hand in hand with high availability and fault tolerance. – The group communication paradigm worked well for providing these, so it could work well for multicast security. • Exploit advantages of the daemon model – Already are exploited for fault tolerant issues. – Not likely to be achieved in the Internet router level. Johns Hopkins LUCITE 1/99 Meeting 6

  7. Secure Spread • Requirements – Encryption, Signatures, Freshness. – Immediate usability (without changes to network hardware or protocols, or operating systems). – High performance. – Allows administrative control of policy (e.g. group access control, how fast keys are refreshed, key size). • Approaches – Spread Daemons are not trusted. – Spread Daemons are trusted. Johns Hopkins LUCITE 1/99 Meeting 7

  8. Trust Tradeoffs App App • Advantages in trusted daemons – High performance. – Can be reduced to two-party key agreement (client/daemon) aside of the core daemon group. – Better semantics (guaranteeing virtual synchrony after a membership change). • Advantages in untrusted daemons – Daemons are not a security concern. – Better separation of security and networking code. Johns Hopkins LUCITE 1/99 Meeting 8

  9. The Spread API main( int argc, char **argv) { mailbox my_mbox; my_mbox = SP_connect( daemon, user); SP_join( my_mbox, “Hackers” ); SP_multicast( my_mbox, AGREED, “Hackers”, “Here is a new exploit in sendmail”); SP_recv( my_mbox, Message, sender); } Johns Hopkins LUCITE 1/99 Meeting 9

  10. Secure Spread API • Messages can be encrypted by setting a new ENCRYPT flag in SP_multicast. • Messages can be signed by using a new call SP_signed_multicast( …, sign_group) . • Messages are received by calling the same SP_recv which automatically decipher encrypted messages and verify signed messages. • Freshness of clients can be cryptographically verified. Johns Hopkins LUCITE 1/99 Meeting 10

  11. Key Agreement Algorithms • Based on Cliques work from ISI: Tsudik et al, ICDCS98. • Important features: – Decentralized. – Two message latency for join or leave of a group member. – Everyone contributes to the key. – Everyone can prove they took part in the generation of the key. Johns Hopkins LUCITE 1/99 Meeting 11

  12. Experimental Results • Large performance hit in the number of group joins and leaves possible per second (from 60 to 80 in generic Spread to less than 2). • High computational cost for generating keys. • High use of data on disk (is this more secure somehow?). Johns Hopkins LUCITE 1/99 Meeting 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance Vector Multicast Routing Protocol (DVMRP) Last Modified: Core Based Trees (CBT) Protocol Independent Multicast (PIM) 4/9/2003 1:15:00 PM

619 views • 12 slides
Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R.

Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R.

An IPSec-based Host Architecture for Secure Internet Multicast R. Canetti, P-C. Cheng, F.Giraud, D. Pendarakis, J.R. Rao, P. Rohatgi, IBM Research D. Saha Lucent Technologies Motivation In todays Internet the need for efficient and

337 views • 22 slides
Secure Group Communication Related Issues Presenter: Haiyan Cheng CS 6204, Spring 2005 1

Secure Group Communication Related Issues Presenter: Haiyan Cheng CS 6204, Spring 2005 1

Secure Group Communication Related Issues Presenter: Haiyan Cheng CS 6204, Spring 2005 1 Outlines Addresses relevant security issues for IP multicast network Investigates steps to create secure multicast sessions Group membership

444 views • 19 slides
IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to many propagation of data Uses of multicast Financial data IPTV Gaming T ypes of multicast Any-source multicast (ASM)

297 views • 17 slides
Alternative Approaches to Development Economics Econ 239 September 2008 Econ 239 () Alternative

Alternative Approaches to Development Economics Econ 239 September 2008 Econ 239 () Alternative

Alternative Approaches to Development Economics Econ 239 September 2008 Econ 239 () Alternative Approaches September 2008 1 / 22 Development Planning View (dominant until mid 1970s) Development viewed as a sequence of stages Government

431 views • 22 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.2121 / Fall-2007 / RKa, NB Multicast2-1 Multicast in local area networks

489 views • 25 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / Fall-04 / RKa, NB Multicast2-1 Multicast in local area networks

621 views • 24 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / S-03 / RKa, NB Multicast2-1 Multicast in local area networks

529 views • 26 slides
Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode Source Tree, Shared Tree Reliable Multicast Polly Huang Whiteboard, File Transfer AT&T Labs Research huang@catarina.usc.edu

510 views • 6 slides
Secure Multicast Interest in ChronoSync Yingdi UCLA 1 ChronoSync State of a data set

Secure Multicast Interest in ChronoSync Yingdi UCLA 1 ChronoSync State of a data set

Secure Multicast Interest in ChronoSync Yingdi UCLA 1 ChronoSync State of a data set Digest State tree modification 00a12... <update /ucla/alice to SeqNo 4 > is expressed as a 3da49a <update /arizona/bob to SeqNo 2 >

296 views • 12 slides
Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R

Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R

Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R S E I H T Y T O H F G R E U D B I N 1 Multicast Key Management Protocols Aim: To maintain a secure key for multicast within a

164 views • 15 slides
Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department of Computer Sciences The University of Texas at Austin Overlay Multicast IP multicast overlay multicast N unicast Bottleneck How to

519 views • 18 slides
Assessing alternative approaches to Unemployment Insurance and Unemployment Assistance: A

Assessing alternative approaches to Unemployment Insurance and Unemployment Assistance: A

Assessing alternative approaches to Unemployment Insurance and Unemployment Assistance: A comparative perspective Presentation for Symposium, Academy of the Social Sciences in Australia, Canberra , November 17, 2015 Peter Whiteford, Crawford

524 views • 27 slides
1 IP Multicast Applications IP Multicast Applications Agenda Agenda Fundamental Approaches:

1 IP Multicast Applications IP Multicast Applications Agenda Agenda Fundamental Approaches:

Basic Motivations Basic Motivations Mobile Network

683 views • 9 slides
CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5

CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5

CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5 Xiaowei Yang xwy@cs.duke.edu Overview Two historic important topics in networking Multicast QoS Limited Deployment IP Multicast

832 views • 70 slides
Alternative Approaches to Development Economics The ideas of economists and political

Alternative Approaches to Development Economics The ideas of economists and political

Alternative Approaches to Development Economics The ideas of economists and political philosophers, both when the are right and when they are wrong, are more powerful than is commonly understood. Indeed, the world is ruled by little else. J.

227 views • 8 slides
Monitoring Systems and POWER5/6 LPARs with Ganglia Michael Perzl michael@perzl.org Agenda

Monitoring Systems and POWER5/6 LPARs with Ganglia Michael Perzl michael@perzl.org Agenda

Monitoring Systems and POWER5/6 LPARs with Ganglia Michael Perzl michael@perzl.org Agenda Ganglia what is it ? Ganglia components and data flow An introduction to RRDTool Ganglia metrics what can be measured ? New

1.19k views • 93 slides
Remote File System Suite Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und

Remote File System Suite Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und

Introduction Evaluation Conclusion rfsd librfs grfs Remote File System Suite Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und Verteilte Systeme Institut f ur Informatik Ruprecht-Karls-Universit at Heidelberg

519 views • 22 slides
Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren e Klomp

Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren e Klomp

Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren e Klomp thijs.rozekrans@os3.nl rene.klomp@os3.nl System and Network Engineering University of Amsterdam July 3, 2013 Thijs Rozekrans, Ren e Klomp (UvA)

1.39k views • 16 slides
Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from

Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from

Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from nvram OS Loader locate and run kernel on disk Located in the MBR (first sector of boot device) May call secondary loader on some

468 views • 11 slides
STWs Connectivity Solution for Mobile Equipment: The Vehicle Data System (VDS) and VDS-Remote

STWs Connectivity Solution for Mobile Equipment: The Vehicle Data System (VDS) and VDS-Remote

STWs Connectivity Solution for Mobile Equipment: The Vehicle Data System (VDS) and VDS-Remote (VDS-R) 31 July 2009, STW, Norcross, Bob Geiger The Evolving World of Off-Highway Data and Connectivity Data mining is becoming more critical each

450 views • 28 slides
Xi He xxh2229@rit.edu Committee: Chair: Prof. Alan Kaminsky Reader:

Xi He xxh2229@rit.edu Committee: Chair: Prof. Alan Kaminsky Reader:

Xi He xxh2229@rit.edu Committee: Chair: Prof. Alan Kaminsky Reader: Prof. Hans-Peter Bischof Observer: Prof. Minseok Kwon Introduction SSH Motivation Design Deploy, user manual and

813 views • 26 slides
PTMPI Threaded MPI execution on cluster of SMP machines Zoran Dimitrijevic Department of Computer

PTMPI Threaded MPI execution on cluster of SMP machines Zoran Dimitrijevic Department of Computer

UCSB cs240b project Fall 1999 PTMPI Threaded MPI execution on cluster of SMP machines Zoran Dimitrijevic Department of Computer Science University of California at Santa Barbara E-mail: zoran@cs.ucsb.edu Introduction

572 views • 14 slides
MELBOURNES WATER INFRASTRUCTURE STRATEGIES: GAPS IN INTEGRATED URBAN WATER MANAGEMENT

MELBOURNES WATER INFRASTRUCTURE STRATEGIES: GAPS IN INTEGRATED URBAN WATER MANAGEMENT

MELBOURNES WATER INFRASTRUCTURE STRATEGIES: GAPS IN INTEGRATED URBAN WATER MANAGEMENT Presenter: Casey Furlong (RMIT / WaterRA) Co-authors: Ryan Brotchie (GHD) Robert Considine (Melbourne Water) Greg Finlayson (GHD) Lachlan Guthrie

329 views • 14 slides

More recommend