Đang tải... (xem toàn văn)
Multicast and Group Security
TEAMFLY Team-Fly ® Multicast and Group Security For quite a long time, computer security was a rather narrow field of study that was populated mainly by theoretical computer scientists, electrical engineers, and applied mathematicians. With the proliferation of open systems in general, and of the Internet and the World Wide Web (WWW) in particular, this situation has changed funda- mentally. Today, computer and network practitioners are equally interested in computer security, since they require technologies and solutions that can be used to secure applications related to electronic commerce. Against this background, the field of com- puter security has become very broad and includes many topics of interest. The aim of this series is to publish state-of-the-art, high standard technical books on topics related to computer security. Further information about the series can be found on the WWW at the following URL: http://www.esecurity.ch/serieseditor.html Also, if you’d like to contribute to the series by writing a book about a topic related to computer security, feel free to contact either the Commissioning Editor or the Series Editor at Artech House. For a listing of recent titles in the Artech House Computer Security Series, turn to the back of this book. Multicast and Group Security Thomas Hardjono Lakshminath R. Dondeti Artech House Boston * London www.artechhouse.com Library of Congress Cataloging-in-Publication Data Hardjono, Thomas. Multicast and group security / Thomas Hardjono, Lakshminath R. Dondeti. p. cm.—(Artech House computer security series) Includes bibliographical references and index. ISBN 1-58053-342-6 (alk. paper) 1. Multicasting (Computer networks)—Security measures. 2. Computer networks—Security measures. I. Dondeti, Lakshminath R. II. Title. TK5105.887.H37 2003 005.8—dc21 2003048097 British Library Cataloguing in Publication Data Hardjono, Thomas Multicast and group security—(Artech House computer security series) 1. Multicasting (Computer networks)—Security measures I. Title II. Dondeti, Lakshminath R. 005.8 ISBN 1-58053-342-6 Cover design by Christina Stone q 2003 ARTECH HOUSE, INC. 685 Canton Street Norwood, MA 02062 All rights reserved. Printed and bound in the United States of America. No part of this book may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system without permission in writing from the publisher. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Artech House cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. International Standard Book Number: 1-58053-342-6 Library of Congress Catalog Card Number: 2003048097 10987654321 To Joan and Elizabeth — Thomas To Sridevi — Lakshminath Contents Foreword . xv Preface . xvii Acknowledgments . xxi 1 Introduction 1 1.1 Motivation for multicast security . . . . . . . . . . . . . . . . . . . . . 2 1.2 Multicast content protection . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.1 Problem area 1: Secure multicast data handling . 5 1.2.2 Problem area 2: Management of keying material 7 1.2.3 Problem area 3: Multicast security policies . 11 1.3 Infrastructure protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4 Applications of secure multicasting . . . . . . . . . . . . . . . . . . . . 13 1.5 Road map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2 Framework for multicast and group security 17 2.1 The problem scope of multicast security . . . . . . . . . . . . . . . . 17 2.2 Fundamental issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.2.1 Routing infrastructure protection . 20 vii 2.2.2 Controlled access to the multicast distribution tree 20 2.2.3 Management of keying material . 21 2.3 Transport and applications issues . . . . . . . . . . . . . . . . . . . . . 23 2.3.1 Security of Reliable Multicast protocols . 23 2.3.2 Applications requirements and other issues 24 2.4 The IETF problem scope for multicast and group security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.4.1 A brief history of multicast security efforts in the IETF . 25 2.4.2 The IETF multicast security Reference Framework 27 2.4.3 Elements of the Reference Framework 28 2.5 Three problem areas in the management of keying material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.5.1 Problem area 1: Multicast data handling . 31 2.5.2 Problem area 2: Management of keying material 32 2.5.3 Problem area 3: Multicast security policies . 33 2.6 The building blocks approach . . . . . . . . . . . . . . . . . . . . . . . . 34 2.6.1 Motivation for building blocks . 34 2.6.2 Functional building blocks . 38 2.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3 Multicast data authentication 45 3.1 Issues in multicast data authentication . . . . . . . . . . . . . . . . . 46 3.1.1 Providing group authentication 48 3.1.2 Providing source authentication 49 3.2 Digital signatures for source authentication . . . . . . . . . . . . . . 50 3.2.1 Block signatures and individual packet authentication . 51 3.3 Hash chaining to authenticate streaming data . . . . . . . . . . . . 55 3.3.1 Graph representation of hash chaining . 56 3.3.2 Efficient multichained stream signature . 58 3.3.3 Augmented chaining . 59 3.3.4 Piggybacking 59 3.3.5 Discussion on hash chaining for authentication . 60 viii Contents 3.4 MAC-based source authentication of unreliable streams . . . . . 61 3.4.1 TESLA initialization . 63 3.4.2 MAC-based authentication of packets by the sender . 64 3.4.3 Packet processing at the receivers in TESLA 65 3.4.4 Enhancements to TESLA 66 3.4.5 Applicability analysis of TESLA . 67 3.5 IPsec ESP and MESP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 4 Introduction to group key management 73 4.1 A model for group key management . . . . . . . . . . . . . . . . . . . 74 4.2 Requirements in group key management . . . . . . . . . . . . . . . 76 4.2.1 Security requirements of unicast key management 76 4.3 Security requirements of group key management . . . . . . . . . 79 4.4 GSA management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 4.4.1 The GSA model 83 4.4.2 Definition of GSA . 85 4.5 Classification of the group key management problem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 4.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 5 Architectures and protocols for group key management . 91 5.1 Architectural issues and motivations . . . . . . . . . . . . . . . . . . . 93 5.2 IKAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.2.1 Domains, areas, and key distributors 95 5.2.2 Multicast groups for data and control 96 5.2.3 Keys: Multicast groups and control multicast groups 98 5.2.4 Control multicast groups: Address allocation . 99 5.2.5 Arrangement of keys in the domain . 100 Contents ix [...]... make it a reality He was cochair of the multicast security group in IETF since it was born in the IRTF and graduated into a working group in IETF Lakshminath Dondeti chose it, out of all possible topics in computer science, for his Ph.D dissertation, and has also been active in standardizing it, first in the IRTF group, and now in the IETF multicast security group Dr Radia Perlman Distinguished Engineer... ‘‘nearstandards’’ documents that could be carried over into a formal working group in the IETF Indeed, such a working group was established under the IETF in early 2000 in the form of the Multicast Security (MSEC) working group, which was heir to much of the the SMuG research group work How to read this book The contents of this book are grouped according to areas related to multicast and group security. .. issuance and management of cryptographic keys used by a multicast group, and conducts user authentication and authorization checks on each candidate member of the multicast group Unicast security negotiation protocols such as IKE [9] result in a separate key per instance, and cannot directly be used for group communications Instead, a centralized entity such as the GCKS needs to download group key(s)... a data security SA include IPsec ESP, MESP, and AMESP Group key distribution architectures, protocols, and algorithms We classify the group key distribution literature into architectures, protocols, and algorithms for group key management Group key distribution architectures such as Iolus [13] and Internet keying architecture for multicast (IKAM) [14] use hierarchical subgrouping for efficient group. .. addressing multicast security was the Secure Multicast Group (fondly nicknamed SMuG ), established within the IRTF in early 1998 Since SMuG was established under the IRTF, it functioned as a research group and therefore did not in itself produce standards However, what SMuG chose to do as a research group was to survey the broader area of group communications security, develop a reference framework, and produce... dynamic group, that is, a group where membership changes frequently The GCKS may need to rekey the group and distribute the new group key to the current members each time membership changes Forward and backward access control Consider group key distribution to a large and dynamic group In most applications, while some members join at the beginning of the session and leave at the end, others may join and. .. techniques and algorithms to address the problem The problem of key management for groups (group key management) is addressed in Chapters 4, 5, and 6: w Chapter 4 explains the differences between pair-wise key management and group key management, and explains the security requirements in both cases It then provides the definition of the Group Security Association (GSA), which extends the Security Association... of security in protecting multicast communications Mass distribution of data via multicast is of concern to Internet service providers (ISPs) Any sender can start sending data to a multicast group and, similarly, any host can ‘‘pull’’ unnecessary multicast traffic, thus wasting network resources such as buffer space on routers and bandwidth on the links These concerns need to be addressed as well Multicast. .. providing secure group communications: secure multicast data handling, management of keying material, and multicast security policies Chapter 2 contains a detailed description of the problem areas and building blocks In the rest of this section, we define the problem areas, briefly explore the solution space, and discuss application-specific requirements 1.2.1 Problem area 1: Secure multicast data handling In... authentication of multicast data 1.2.2 Problem area 2: Management of keying material Group access control, privacy, and group authentication of multicast data require that a common key be distributed to the current members of the secure group We use a logical entity called group controller and key server (GCKS) to provide access control and key distribution services A GCKS represents both the entity and functions . areas, and key distributors ................ 95 5.2.2 Multicast groups for data and control ................ 96 5.2.3 Keys: Multicast groups and control multicast. Publication Data Hardjono, Thomas Multicast and group security (Artech House computer security series) 1. Multicasting (Computer networks) Security measures I. Title