Secure Internet Multicast - overview
Multicasting in general and IP-Multicast in particular is an attractive networking technology that promises to enable several collaborative as well as broadcast style applications in a bandwidth efficient manner. Securing multicast communications is a much harder problem compared to securing point-to-point communications and there is no single "best" solution for all or even a large class of applications. Rather, a range of solutions is likely to emerge, each best suited for a class of applications having similar multicast group characteristics such as group size, member characteristics, membership dynamics, membership control, group life-time, number of senders and traffic volume.
The secure multicast project is developing and prototyping techniques to secure multicast communications for several likely application scenarios. This project is a collaborative effort involving the Cryptography group, the Networking group and the Security Technology group in IBM Research. Some of the techniques currently being developed and prototyped in the project include efficient multicast key management techniques and source authentication algorithms.
These techniques are being incorporated in a Java based Secure Multicast Toolkit that was developed by IBM Research. This toolkit provides a simple and intuitive API to developers of secure multicast applications which shields them from the details of the underlying key management, data encryption and authentication schemes. In addition the toolkit has been designed in a modular fashion which makes it easy to plug-in new and experimental key-management, data encryption and authentication schemes from below.
The Security and Networking groups at IBM Research are also actively involved in standardization efforts and are active participants in the Secure Multicast Working Group (SmuG) of the Internet Research Task Force.
- Ran Canetti, Pau--Chen Cheng, Frederique Giraud, Dimitrios Pendarakis, Josyula R. Rao, Pankaj Rohatgi and Debanjan Saha, "An IPSec-based Host Architecture for Secure Internet Multicast", To appear in the Proceedings of the Network and Distributed Systems Security Symposium, San Diego, California, February 2000.
- Pankaj Rohatgi, "A Compact and Fast Hybrid Signature Scheme for Multicast Packet Authentication", To appear in the Proceedings of the 6th ACM Computer and Communications Security Conference, Singapore, November 1999.
- Matt Moyer, Josyula R. Rao and Pankaj Rohatgi, "A Survey of Security Issues in Multicast Communications", To appear in a special issue of IEEE Network, November 1999.
- Ran Canetti, Pau-Chen Cheng, Dimitris Pendarakis, J.R. Rao, Pankaj Rohatgi and Debanjan Saha, "An Architecture for Secure Internet Multicast", IETF Internet draft, February 1999. Submitted to the Secure Multicast Users Group of the IETF.
- Ran Canetti and Benny Pinkas, "A Taxonomy of Multicast Security Issues", IETF Internet draft, April 1999. Submitted to the Secure Multicast Users Group of the IETF.
- Pankaj Rohatgi, "A Hybrid Signature Scheme for Multicast Source Authentication", IETF Internet draft, June 1999. Submitted to the Secure Multicast Users Group of the IETF.
- Matt Moyer, Josyula R. Rao and Pankaj Rohatgi, "Maintaining Balanced Key Tree for Secure Multicast", IETF draft, June 1999. Submitted to the Secure Multicast Users Group of the IETF.