non igmp specific security
play

Non-IGMP-specific security or Why not to do security at the IGMP - PDF document

Jul 20, 2023 •499 likes •613 views

Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler dthaler@microsoft.com General Internet Case Group Receiver Group key Content Group Group Key acquisition Node Provider Key Key Server Server

  1. Non-IGMP-specific security or “Why not to do security at the IGMP level” Dave Thaler dthaler@microsoft.com

  2. General Internet Case Group Receiver Group key Content Group Group Key acquisition Node Provider Key Key Server Server Server App App End-to-end data session Stack Stack Hop-by-hop path setup ? ISP 1 ISP 2 ISP n . . .

  3. Reasonable Security Relationships Group Receiver Content Group Group Key Node Provider Key Key Server Server Server App App Stack Stack ISP 1 ISP 2 ISP n . . .

  4. NOT reasonable in general Group Receiver Content Group Group Key Node Provider Key Key Server Server Server App App X Stack Stack X . . . ISP 1 ISP 2 ISP n . . .

  5. Observations In general, there is no security relationship between receiver’s ISP/network and a content provider If the content provider and receiver are connected to the same ISP/network, there may be a security relationship Both problems are interesting If you solve #1, you also solve #2

  6. General case needs ISP/network needs to be able to – Do accounting per client (port flat rate, per time, per amount of data, whatever) – Use ACLs (ingress filtering, whatever) Content provider needs to be able to – Control who can view content These are not multicast-specific.

  7. A solution that matches security relationships Receiver-edge IP/Link layer: – ACLs placed on ports based on customer- provider relationship at “connect” time – Hop-by-hop messages on LANs secured with same relationship – Port ACLs may change over time based on ISP/network policy/protocol/whatever

  8. A solution (cont.) End-to-end app layer: – Per-group security/keys done between apps and group key server(s) – Data can be encrypted in general Internet case • If it’s not, then it’s no different from LAN case where other receivers benefit from a legit one

  9. Protecting bandwidth General case – Can just charge requesters – Same problem occurs with unicast datagrams and this is not protected today When receiver and content provider are on same network – Content authorizer (e.g. group key server) can cause port ACL to be updated

  10. Summary Solutions need to match practical security relationships Group-specific security in IGMP is not reasonable in general Other solutions exist which appear to meet the goals In the special case, other solutions can do everything IGMP group security does Conclusion: don’t do IGMP group security

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IGMP and MLD Optimization in Wireless and Mobile Networks

IGMP and MLD Optimization in Wireless and Mobile Networks

IGMP and MLD Optimization in Wireless and Mobile Networks draft-liu-multimob-igmp-mld-wireless-mobile-00 1 Aims Optimize IGMP and MLD to meet wireless or mobile multicast network requirements: Adaptive to link conditions

266 views • 9 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.2121 / Fall-2007 / RKa, NB Multicast2-1 Multicast in local area networks

489 views • 25 slides
Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol MOSPF - Multicast OSPF (see notes pages for some slides!) S38.122/RKantola/s00 9 - 1 IGMPv2 - Internet Group Management Protocol implements Group

474 views • 14 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / Fall-04 / RKa, NB Multicast2-1 Multicast in local area networks

621 views • 24 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / S-03 / RKa, NB Multicast2-1 Multicast in local area networks

529 views • 26 slides
Improving Security of Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements A

Improving Security of Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements A

Improving Security of Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements A Position Paper Raja Naeem Akram 1 , Pierre-Franois Bonnefoi 2 , Serge Chaumette 3 , Konstantinos Markantonakis 4 and Damien Sauveron 2 1 Department of

589 views • 24 slides
IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant

IOT SECURITY ONGOING CHALLENGES Selvana Naiken Gopalla Information Security Consultant CERT-MU | National Computer Board OUTLINE The Internet of Insecure Things New Devices, New Security Challenges IOT Specific Security Issues

301 views • 27 slides
Locale-specific threats Security challenges due to globalization Anthony Bettini McAfee Labs

Locale-specific threats Security challenges due to globalization Anthony Bettini McAfee Labs

Locale-specific threats Security challenges due to globalization Anthony Bettini McAfee Labs June 9, 2010 Agenda In the dawn of time Think globally, act locally Audit fatigue Local concerns, trends, economics, and even

752 views • 37 slides
2 nd Partners Meeting Security Outline of activities/floorplans Timeline and practical

2 nd Partners Meeting Security Outline of activities/floorplans Timeline and practical

2 nd Partners Meeting Security Outline of activities/floorplans Timeline and practical information EMAS: Waste reduction Se Security, ou our resp sponsib ibil ilit ity Specific security measures Ensuring safety of visitors,

282 views • 15 slides
Specific Aims One Page The single most important page in a grant Specific Aims Specific Aims

Specific Aims One Page The single most important page in a grant Specific Aims Specific Aims

Specific Aims One Page The single most important page in a grant Specific Aims Specific Aims should be specific The entire grant is summarized in one page The specific aims should cover: Your broad, long-term goals The

158 views • 12 slides
ECE590 Computer and Information Security Fall 2018 Database Security Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2018 Database Security Tyler Bletsch Duke

ECE590 Computer and Information Security Fall 2018 Database Security Tyler Bletsch Duke University Table of data consisting of rows and columns Each column holds a particular type of data Each row contains a specific value for each

236 views • 19 slides
Computer and Information Security Fall 2019 Database Security Tyler Bletsch Duke University

Computer and Information Security Fall 2019 Database Security Tyler Bletsch Duke University

ECE590 Computer and Information Security Fall 2019 Database Security Tyler Bletsch Duke University Table of data consisting of rows and columns Each column holds a particular type of data Each row contains a specific value for each

540 views • 19 slides
Part 5: Kinookimaw Specific Claim Specific Claim: Specific claims deal with the past

Part 5: Kinookimaw Specific Claim Specific Claim: Specific claims deal with the past

Part 1: Types of Land Claims Part 2: Flood Claim Part 3: 1906 Specific Claim Part 4: 1910 Railway Claim Part 5: Kinookimaw Specific Claim Specific Claim: Specific claims deal with the past grievances of First Nations.

272 views • 24 slides
Network Technology Review and Security Concerns Computer Security I CS461/ECE422 Fall 2010

Network Technology Review and Security Concerns Computer Security I CS461/ECE422 Fall 2010

Network Technology Review and Security Concerns Computer Security I CS461/ECE422 Fall 2010 Outline Overview Issues and Threats in Network Security Review basic network technology TCP/IP in particular Attacks specific to

709 views • 54 slides
Network Technology Review and Security Concerns Computer Security I CS461/ECE422 Fall 2009

Network Technology Review and Security Concerns Computer Security I CS461/ECE422 Fall 2009

Network Technology Review and Security Concerns Computer Security I CS461/ECE422 Fall 2009 Outline Overview Issues and Threats in Network Security Review basic network technology TCP/IP in particular Attacks specific to

807 views • 55 slides
Specific Learning Disabilities: The Role of Working Memory and Other Domain-specific Deficits

Specific Learning Disabilities: The Role of Working Memory and Other Domain-specific Deficits

Specific Learning Disabilities: The Role of Working Memory and Other Domain-specific Deficits Lisa Archibald, PhD Western University, Canada Cogmed Conference 2014 Specific Learning Disabilities Appear to have typical potential to learn

562 views • 55 slides
Android Architecture CS 4720 Mobile Application Development CS 4720 The Basics In

Android Architecture CS 4720 Mobile Application Development CS 4720 The Basics In

Android Architecture CS 4720 Mobile Application Development CS 4720 The Basics In general, all apps are written in Java (this is not always the case as there are third-party conversion tools) A compiled Android app is an .apk

208 views • 17 slides
CS 528 Mobile and Ubiquitous Computing Lecture 3a: Android Components, Activity Lifecycle,

CS 528 Mobile and Ubiquitous Computing Lecture 3a: Android Components, Activity Lifecycle,

CS 528 Mobile and Ubiquitous Computing Lecture 3a: Android Components, Activity Lifecycle, Rotating Device &Saving Data Emmanuel Agu Announcement No class next week Im out of town for a grant meeting Next class in 2 weeks

944 views • 47 slides
Distributed Object Technologies Lecture 4: Client-side Programming: An Introduction to Android

Distributed Object Technologies Lecture 4: Client-side Programming: An Introduction to Android

Organizational Communications and Distributed Object Technologies Lecture 4: Client-side Programming: An Introduction to Android Notes taken from Googles Android SDK 95-702 OCT 1 Master of Information System Management Plan For Today

492 views • 24 slides
CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of

CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of

CS371m - Mobile Computing Content Providers And Content Resolvers Content Providers One of the four primary application components: activities content providers / content resolvers services broadcast receivers 2 Android

728 views • 50 slides
The Impact of Brokers on the Future of Content Delivery Matthew K. Mukerjee , I. Nadi Bozkurt,

The Impact of Brokers on the Future of Content Delivery Matthew K. Mukerjee , I. Nadi Bozkurt,

The Impact of Brokers on the Future of Content Delivery Matthew K. Mukerjee , I. Nadi Bozkurt, Bruce Maggs, Srinivasan Seshan, Hui Zhang Hi, my name is Matt Mukerjee and Ill be presenting our work on The Impact of Brokers on the Future of

919 views • 50 slides
1 Slashdot Effect 2 Existing Commerical CDNs 3 Build your own solution Expensive to set

1 Slashdot Effect 2 Existing Commerical CDNs 3 Build your own solution Expensive to set

1 Slashdot Effect 2 Existing Commerical CDNs 3 Build your own solution Expensive to set up Only cost effective at massive scale Purchase from provider Expensive Requires prior knowledge of demand Existing Free CDNs 4

557 views • 21 slides
Special Open Door Forum (SODF) #3 Documentation Requirement Lookup Service Melanie Combs-Dyer

Special Open Door Forum (SODF) #3 Documentation Requirement Lookup Service Melanie Combs-Dyer

Special Open Door Forum (SODF) #3 Documentation Requirement Lookup Service Melanie Combs-Dyer Director, Provider Compliance Group (PCG), Center for Program Integrity (CPI), CMS Ashley Stedding Management and Program Analyst, PCG, CPI, CMS

478 views • 20 slides
Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David Choffnes 2 ,

Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David Choffnes 2 ,

Investigating Interdomain Routing Policies in the Wild Ruwaifa Anwar 1 , Haseeb Niaz 1 , David Choffnes 2 , Italo Cunha 3 , Phillipa Gill 1 , Ethan Katz-Bassett 4 1 Stony Brook University, 2 Northeastern University, 3 Universidade Federal de Minas

363 views • 11 slides

More recommend