Multicast Security - PowerPoint PPT Presentation

About This Presentation
Title:

Multicast Security

Description:

Distributed Key Management protocols ... Receivers verify the MAC for each of their known n keys ... Sets of keys can reduce MAC length overhead ... – PowerPoint PPT presentation

Number of Views:26
Avg rating:3.0/5.0
Slides: 26
Provided by: fmgcs
Learn more at: https://lasr.cs.ucla.edu
Category:

less

Transcript and Presenter's Notes

Title: Multicast Security


1
Multicast Security
  • May 10, 2004
  • Sam Irvine
  • Andy Nguyen

2
Multicast Overview
  • Bandwidth-conserving technology that reduces
    traffic by simultaneously delivering a single
    stream of information to thousands of recipients
    (multicast group)
  • Applications include video-conferencing,
    streaming audio, sending out stock quotes, etc.
  • Scalable reliability, flow control, congestion
    control, security are all active areas of
    research

3
Security Objectives
  • Usual suspects
  • Authentication
  • How do we authenticate members within the
    multicast group?
  • Confidentiality
  • Integrity
  • Exclusivity

4
Multicast Security
  • Inherently more susceptible to attack
  • Many more opportunities and points for
    interception of traffic and attacks
  • Attacks affect many systems
  • Usually multicast address is well-known
  • Possible for attacker to pose as one of the many
    possible systems in the multicast group
  • Solutions must be scalable and address the
    dynamic nature of membership

5
Unicast versus Multicast Security
  • Security association defines a set of keying
    material in order to setup a secure link between
    two systems in a unicast protocol
  • Membership remains static throughout the session
  • In multicast, the security association is among
    many people
  • Membership is dynamic throughout the session

6
Dynamic Membership
  • Must ensure that a member is only allowed to
    participate when it is authorized to do so
  • New members must not be able to access old
    multicast data (joins)
  • Old members must not be able to access new
    multicast data (leaves)
  • Multicast security protocol must be prepared to
    change the keying material on each and every join
    to insure integrity
  • How do we do key management for dynamic security
    associations?

7
Key management solutions
  • Centralized group key management protocols
  • Decentralized Architectures
  • Management divided into subgroups
  • Distributed Key Management protocols
  • No explicit key distribution center, members
    themselves handle key generation

8
Centralized Key Management Example
  • Canetti et al. use one way function trees in
    conjunction with pseudo-random generators
  • Each user holds log(n1) keys
  • Issuing a new keys takes log(n) sends

9
(No Transcript)
10
(No Transcript)
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)
15
(No Transcript)
16
Decentralized Architectures Example
  • Iolus
  • Splits a large group into small subgroups
  • Group Security Controller at the top, Group
    security intermediaries manage subgroups
  • In order to update key for leaves, must send out
    new key encrypted with everyones secret key.
    Size of message is O(n)
  • Data path affected when sending out data
    (Translating data between groups)

17
Distributed key management
  • Group Diffie-Hellman Key Exchange
  • N rounds, single key
  • Distributed Logical Key Hierarchy
  • log(n) rounds
  • log(n) keys

18
(No Transcript)
19
(No Transcript)
20
Message authentication
  • Digital Signatures
  • RSA,DSA, Elliptic Curve
  • Very expensive to compute for each message
  • Message Authentication Codes (MAC)
  • Given a shared key K, a positive integer L and a
    one way function F
  • Compute FL(K message), where
  • F0(X) F(X)
  • FL(X) F(FL-1(X))

21
Message authentication
  • MAC exclusivity
  • If all receivers have the MAC key, than any
    receiver can fake a message
  • Solution
  • Generate a set of m keys
  • Distribute n lt m of the keys randomly to each
    receiver
  • Sender knows all m keys

22
Message authentication
  • Solution (cont)
  • Sender computes m MACs and sends them with the
    message
  • Receivers verify the MAC for each of their known
    n keys
  • Senders cannot independently create all m MACs
    without collusion
  • Randomness prevents intentional collusion

23
Message authentication
  • Sets of keys can reduce MAC length overhead
  • Use previous scheme with 1 alteration MACs map
    to a single bit
  • Can arbitrarily forge a MAC with 1/2m probability
  • Receivers can forge a MAC with 1/(2m-n)
    probability

24
What haven't we talked about
  • Routing table security
  • Unauthenticated clients cannot change the routing
    topology
  • Can legitimate clients affect routing tables?

25
Differing multicast requirements
  • 1-N multicasting
  • 1 Sender, N receivers
  • M-N multicast
  • M senders transmit to N receivers
  • N-N full duplex communication
  • Any member can communicate to any other member
Write a Comment
User Comments (0)
About PowerShow.com