Non-IGMP-specific security or Why not to do security at the IGMP - - PDF document

non igmp specific security
SMART_READER_LITE
LIVE PREVIEW

Non-IGMP-specific security or Why not to do security at the IGMP - - PDF document

Jul 20, 2023 499 likes •614 views

Non-IGMP-specific security or Why not to do security at the IGMP level Dave Thaler dthaler@microsoft.com General Internet Case Group Receiver Group key Content Group Group Key acquisition Node Provider Key Key Server Server

slide-1
SLIDE 1

Non-IGMP-specific security

  • r “Why not to do security at the IGMP level”

Dave Thaler

dthaler@microsoft.com

slide-2
SLIDE 2

General Internet Case

App Stack Receiver Node

ISP 1

App Stack

ISP 2 ISP n

Content Provider

. . .

End-to-end data session Hop-by-hop path setup Group Key Server Group Key Server Group Key Server Group key acquisition ?

slide-3
SLIDE 3

Reasonable Security Relationships

App Stack Receiver Node

ISP 1

App Stack

ISP 2 ISP n

Content Provider

. . .

Group Key Server Group Key Server Group Key Server

slide-4
SLIDE 4

NOT reasonable in general

App Stack Receiver Node

ISP 1

App Stack

ISP 2 ISP n

Content Provider

. . .

. . .

X X

Group Key Server Group Key Server Group Key Server

slide-5
SLIDE 5

Observations

In general, there is no security relationship between receiver’s ISP/network and a content provider If the content provider and receiver are connected to the same ISP/network, there may be a security relationship Both problems are interesting If you solve #1, you also solve #2

slide-6
SLIDE 6

General case needs

ISP/network needs to be able to

– Do accounting per client (port flat rate, per time, per amount of data, whatever) – Use ACLs (ingress filtering, whatever)

Content provider needs to be able to

– Control who can view content

These are not multicast-specific.

slide-7
SLIDE 7

A solution that matches security relationships

Receiver-edge IP/Link layer:

– ACLs placed on ports based on customer- provider relationship at “connect” time – Hop-by-hop messages on LANs secured with same relationship – Port ACLs may change over time based on ISP/network policy/protocol/whatever

slide-8
SLIDE 8

A solution (cont.)

End-to-end app layer:

– Per-group security/keys done between apps and group key server(s) – Data can be encrypted in general Internet case

  • If it’s not, then it’s no different from LAN case

where other receivers benefit from a legit one

slide-9
SLIDE 9

Protecting bandwidth

General case

– Can just charge requesters – Same problem occurs with unicast datagrams and this is not protected today

When receiver and content provider are on same network

– Content authorizer (e.g. group key server) can cause port ACL to be updated

slide-10
SLIDE 10

Summary

Solutions need to match practical security relationships Group-specific security in IGMP is not reasonable in general Other solutions exist which appear to meet the goals In the special case, other solutions can do everything IGMP group security does Conclusion: don’t do IGMP group security