multicast security towards a standardized solution
play

Multicast Security: Towards a Standardized Solution Ran Canetti - PowerPoint PPT Presentation

Nov 13, 2023 •278 likes •525 views

Multicast Security: Towards a Standardized Solution Ran Canetti IBM Research In this talk: A taxonomy of multicast security issues Some outstanding algorithmic problems Work at the SMuG (IRTF): Some design principles

  1. Multicast Security: Towards a Standardized Solution Ran Canetti IBM Research

  2. In this talk: • A taxonomy of multicast security issues • Some outstanding algorithmic problems • Work at the SMuG (IRTF): – Some design principles – Overall architecture – IPSec-based host architecture (draft proposal)

  3. Multicast communication: Whenever there are multiple recipients • Typical applications: – File and software updates – News-feeds – Video/audio broadcasts – Virtual conferences, town-hall meetings – Multiparty video games

  4. Multicast group characteristics • Number of sources, receivers • Membership dynamics • Bandwidth and latency requirements • Duration • Physical separation (network topology and political separation)

  5. Security requirements • Limiting access to group communication: – Long-term secrecy – Ephemeral access restriction • Authentication: – Group – Source • Anonymity • Availability ( against denial of service attacks)

  6. Trust issues • Trust in centralized group manager – To generate keys properly – To distribute keys properly Ways to reduce trust requirements: • Distribute center’s tasks • Use hierarchic control structure • Trust in group members – To not impersonate other group members – To not re-distribute keys

  7. Performance parameters of security solutions • Time to verify and decrypt data • Time to authenticate and encrypt data • Communication bandwidth overhead • Key set-up and refreshment overhead • Group set-up and member enrollment time

  8. An outstanding problem: Source authentication • MACing with shared key is not enough • Signing every data packet is unrealistic • Possible solutions: – Sign every n th packet (and hash in between) [GR, R, WL, …] – MAC with multiple keys (Receivers have different subsets of keys) [CGIMNP]

  9. An outstanding problem: Membership revocation • To hide future communication from a leaving member, need to change group key. • How to send new group key to everyone except the leaving member ? – Can use a data structure that gives O (log n ) communication (and O ( n ) memory for center) [WHA, WGL]. – Is it possible to do better? (some improvements & bounds in [CGIMNP,CMN])

  10. Wallner’s tree k k 0 k 00 k 001

  11. Work done at Secure Multicast Group (SMuG) • of the Internet Research Task Force (IRTF) http://ipmulticast.com/community/smug

  12. A first-cut scenario: • One-to-many communication • Medium to large groups (10-100K) • Centralized group management • No trust in group members • Need source authentication, ephemeral encryption • Dynamic membership

  13. A basic design principle: • Divorce security from the routing method. This implies: – Data packets are routed without change (e.g., using any IP multicast, reliable multicast, or even TCP) – All crypto is done at endpoints (No re-encryption of data en-route!) – Possible exceptions: Firewalls, political barriers

  14. More design guidelines • Separate key management from data handling • Use existing components when possible (SSL, IPSec) • Minimize changes to OS kernel • Maintain ability to plug-in different crypto algorithms

  15. Global architecture (I): Control communication Data communication

  16. Global architecture (II): Control communication Data communication

  17. IPSec-based host architecture (proposal developed at IBM Research) Control API Data API Multicast Internet Source Authentication Key Exchange Module Multicast Secu- App. space rity Association OS kernel AH/ESP (IPSEC) Line Line (group controller) (group members)

  18. Control API Data API Multicast Internet Source Authentication Key Exchange Module Multicast Secu- App. space rity Association OS kernel AH/ESP (IPSEC) Line Line IPSEC transforms (AH/ESP): -Data encryption with group key -Group authentication with group key -Operates on individual packets (No state across packets)

  19. Control API Data API Multicast Internet Source Authentication Key Exchange Module Multicast Secu- App. space rity Association OS kernel AH/ESP (IPSEC) Line Line SAM Signing data efficiently requires: -Signing data in large chunks -Keeping state across packets Therefore, SAM is in transport layer (UDP), operates on UDP frames.

  20. Control API Data API Multicast Internet Source Authentication Key Exchange Module Multicast Secu- App. space rity Association OS kernel AH/ESP (IPSEC) Line Line MSA is a database that holds: - IPSEC SA for AH/ESP (group key, algorithms, group address, etc.) - Information for SAM (Signing/verification keys, algorithms, etc.) -MSA is periodically updated by MIKE.

  21. Control API Data API Multicast Internet Source Authentication Key Exchange Module Multicast Secu- App. space rity Association OS kernel AH/ESP (IPSEC) Line Line MIKE: - Invoked by API to join/leave multicast group. Join/leave interaction done via standard point-to-point secure connection (such as IPSec, SSL) with the center. - Receives key updates from controller and updates MSA -Key updates assume a “reliable multicast shim” (Can be implemented by any RM protocol /TCP)

  22. Conclusion • Security is a central concern in almost any multicast application on the Internet. • Have made initial steps towards designing a standardized solution. • Much more work to be done...

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Malicious Overjoining in Multicast Problem and proposed solution draft-jholland-cb-assisted-cc

Malicious Overjoining in Multicast Problem and proposed solution draft-jholland-cb-assisted-cc

Malicious Overjoining in Multicast Problem and proposed solution draft-jholland-cb-assisted-cc Jake Holland, Akamai Technologies Multicast Utopia Requirements Multicast Bulk Rate applications: MUST tolerate a wide range of Internet path

349 views • 15 slides
Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance Vector Multicast Routing Protocol (DVMRP) Last Modified: Core Based Trees (CBT) Protocol Independent Multicast (PIM) 4/9/2003 1:15:00 PM

619 views • 12 slides
IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to many propagation of data Uses of multicast Financial data IPTV Gaming T ypes of multicast Any-source multicast (ASM)

297 views • 17 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.2121 / Fall-2007 / RKa, NB Multicast2-1 Multicast in local area networks

489 views • 25 slides
Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet Security Tobias Engelbrecht Agenda Introduction Requirements of a GKMP Design of the GKMA Rekey Protocol Group Security Association

892 views • 29 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / Fall-04 / RKa, NB Multicast2-1 Multicast in local area networks

621 views • 24 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / S-03 / RKa, NB Multicast2-1 Multicast in local area networks

529 views • 26 slides
Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode Source Tree, Shared Tree Reliable Multicast Polly Huang Whiteboard, File Transfer AT&T Labs Research huang@catarina.usc.edu

510 views • 6 slides
Multicast Security (MSEC) WG I ETF-55, At lant a, GA Tue, Nov 19, 2002 9:00 11:30 1

Multicast Security (MSEC) WG I ETF-55, At lant a, GA Tue, Nov 19, 2002 9:00 11:30 1

Multicast Security (MSEC) WG I ETF-55, At lant a, GA Tue, Nov 19, 2002 9:00 11:30 1 IETF-55 MSEC MSEC Agenda Agenda Bashing (5min) Review of WG St at us (T. Har dj ono/ R. Canet t i) (15min) MI KEY (E. Carrara/ F. Lindholm)

408 views • 16 slides
Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department of Computer Sciences The University of Texas at Austin Overlay Multicast IP multicast overlay multicast N unicast Bottleneck How to

519 views • 18 slides
Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution?

Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution?

conference & convention enabling the next generation of networks & services Is Cable Congestion a Threat to Cable Security? What is the solution? What is the solution? Phil Footman-Williams Tyco Electronics Subsea Communications

203 views • 18 slides
CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5

CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5

CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5 Xiaowei Yang xwy@cs.duke.edu Overview Two historic important topics in networking Multicast QoS Limited Deployment IP Multicast

832 views • 70 slides
IP Multicast September 20, 2001 Multicast 2 Overview applications models host APIs

IP Multicast September 20, 2001 Multicast 2 Overview applications models host APIs

Multicast 1 IP Multicast September 20, 2001 Multicast 2 Overview applications models host APIs LAN (IGMP, LAN switches) intra-domain routing inter-domain routing address allocation Additional references (some are

735 views • 52 slides
Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is

Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is

Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is not guaranteed without explicit signaling synchronized with mobility What specific actions are needed to ensure: Continued multicast data

235 views • 5 slides
Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol MOSPF - Multicast OSPF (see notes pages for some slides!) S38.122/RKantola/s00 9 - 1 IGMPv2 - Internet Group Management Protocol implements Group

474 views • 14 slides
Distillation Codes and DOS Resistant Multicast Prepared for CS 624 Fabian Monrose Johns

Distillation Codes and DOS Resistant Multicast Prepared for CS 624 Fabian Monrose Johns

Distillation Codes and DOS Resistant Multicast Prepared for CS 624 Fabian Monrose Johns Hopkins University Ryan Gardner Multicast Overview Server Router Client Client Client Multicast Overview Multicast enabled routers

967 views • 86 slides
Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption,

Fostering an Enabling Policy Environment for Data-Utilizing Businesses: AI, payments, encryption, and accounting/tax services Nigel Cory Associate Director, Trade Policy, ITIF August 23, 2019 @Nigelcory ncory@itif.org @ITIFdc The

377 views • 20 slides
Encrypted SSDs: Self-Encryption Versus Software Solutions Michael Willett Storage Security

Encrypted SSDs: Self-Encryption Versus Software Solutions Michael Willett Storage Security

Encrypted SSDs: Self-Encryption Versus Software Solutions Michael Willett Storage Security Strategist and VP Marketing Bright Plaza Flash Memory Summit 2015 Santa Clara, CA 1 The Problem 2005-2013: over 864,108,052 records

161 views • 15 slides
ITCC November 18,2015 ITD Room 438 Agenda 1:00 Update on EA Activity Jeff Quast 1:20 Update

ITCC November 18,2015 ITD Room 438 Agenda 1:00 Update on EA Activity Jeff Quast 1:20 Update

ITCC November 18,2015 ITD Room 438 Agenda 1:00 Update on EA Activity Jeff Quast 1:20 Update on ITD Activity Gary Vetter 1:40 NASCIO 2015 State CIO Survey Dan Sipes 2:00 LPO Directional Statement Justin Data 2:20 Security Positon Update

638 views • 14 slides
Sec ecur urity ity Fea eatures ures for or SSD Why Storage Security is Important ? Dilemma

Sec ecur urity ity Fea eatures ures for or SSD Why Storage Security is Important ? Dilemma

Sec ecur urity ity Fea eatures ures for or SSD Why Storage Security is Important ? Dilemma emmas ! A secret known by two is no longer a secret : https://www.symantec.com/about/newsroom/press-kits#

621 views • 15 slides
NSA and Privacy By Arman Siddique History Cipher Bureau (1917-1919) Black Chamber(1919-1929)

NSA and Privacy By Arman Siddique History Cipher Bureau (1917-1919) Black Chamber(1919-1929)

NSA and Privacy By Arman Siddique History Cipher Bureau (1917-1919) Black Chamber(1919-1929) Signals Intelligence Service (SIS) (1930-1945) Army Security Agency (ASA) (1945-1976) Armed Forces Security Agency (AFSA) takes over ASA in 1949

294 views • 15 slides
Urban Air Mobility From Concept to Reality Aviation Technology Solutions About JDA 2 Aviation

Urban Air Mobility From Concept to Reality Aviation Technology Solutions About JDA 2 Aviation

Urban Air Mobility From Concept to Reality Aviation Technology Solutions About JDA 2 Aviation Technology Solutions Urban Air Mobility From Concept to Reality NASA 2019 Jetsons 1962 Safe and efficient air transportation system -

444 views • 32 slides
Group (CTUG) November 14, 2017 LSU Ballroom B 1. CIO Update C. Manriquez 2. HR/CS Upgrade

Group (CTUG) November 14, 2017 LSU Ballroom B 1. CIO Update C. Manriquez 2. HR/CS Upgrade

Campus Technology User Group (CTUG) November 14, 2017 LSU Ballroom B 1. CIO Update C. Manriquez 2. HR/CS Upgrade Split Update B. Chang CO & Unisys Datacenter Changes Application Updates Agenda 3. AT Update R. Boroon

590 views • 21 slides
HiTune: Dataflow-Based Performance Analysis for Big Data Cloud Jinquan Dai, Jie Huang, Shengsheng

HiTune: Dataflow-Based Performance Analysis for Big Data Cloud Jinquan Dai, Jie Huang, Shengsheng

HiTune: Dataflow-Based Performance Analysis for Big Data Cloud Jinquan Dai, Jie Huang, Shengsheng Huang, Bo Huang, Yan Liu Intel Asia-Pacific Research and Development Ltd Shanghai, P.R.China, 200241 {jason.dai, jie.huang, shengsheng.huang,

268 views • 14 slides

More recommend