ABSTRACT
We present Keyed HIP (KHIP), a secure, hierarchical multicast routing protocol. We show that other shared-tree multicast routing protocols are subject to attacks against the multicast routing infrastructure that can isolate receivers or domains or introduce loops into the structure of the multicast routing tree. KHIP changes the multicast routing model so that only trusted members are able to join the multicast tree. This protects the multicast routing against attacks that could form branches to unauthorized receivers, prevents replay attacks and limits the effects of flooding attacks. Untrusted routers that are present on the path between trusted routers cannot change the routing and can mount no denial-of-service attack stronger than simply dropping control messages. KHIP also provides a simple mechanism for distributing data encryption keys while adding little overhead to the protocol.
- 1.A. Ballardie. Scalable Multicast Key Distribution. RFC 1949, May 1996.]] Google ScholarDigital Library
- 2.A. Ballardie, B. Cain, and Z. Zhang. Core Based Trees (CBT version 3) Multicast Routing. Internet-Draft, March 1998.]] Google ScholarDigital Library
- 3.A. Ballardie and J. Crowcroft. Multicast-Specific Security Threats and Counter-measures. In Proceedings of the Symposium on Network and Distributed System Security, pages 2-16, San Diego, CA, February 1995. IEEE Computer Society Press.]] Google ScholarDigital Library
- 4.A. Ballardie, P. Francis, and J. Crowcroft. Core Based Trees (CBT): An Architecture for Scalable Inter- Domain Multicast Routing. In Proc. A CM SIG- COMM'93, pages 85-95, October 1993.]] Google ScholarDigital Library
- 5.E. Biham. How to Forge DES-Encrypted Messages in 228 Steps. Technical report, Technion, 1996.]]Google Scholar
- 6.S. Boeyen, T. Howes, and P. Richard. Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2. RFC 2559, April 1999.]] Google ScholarDigital Library
- 7.R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast Security: A Taxonomy and Efficient Construction. In Proc. IEEE Infocom, March 1999.]]Google ScholarCross Ref
- 8.S. Deering. Multicast routing in a data.qram internetwork. PhD thesis, Stanford University, Palo Alto, California, December 1991.]] Google ScholarDigital Library
- 9.S.E. Deering, D. Estrin, D. Farinacci, V. Jacobson, C. Liu, and L. Wet. An Arcitecture for Wide-Area Multicast Routing. In Proc. of the A CM SIGCOMMg~, pages 126-135, London, UK, September 1994.]] Google ScholarDigital Library
- 10.W. Fenner. Internet Group Management Protocol, Vetsion 2. RFC 2236, November 1997.]] Google ScholarDigital Library
- 11.L. Gong, R. Needham, and R. Yahalom. Reasoning about Belief in Cryptographic Protocols. In Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pages 234-48, May 1990.]]Google ScholarCross Ref
- 12.L. Gong and N. Shacham. Elements of Trusted Multicasting. In Proceedings: 199~ International Conference on Network Protocols, Boston, MA, October 1994. IEEE Computer Society Press.]]Google ScholarCross Ref
- 13.L. Gong and N. Shacham. Trade-otPa in Routing Private Multicast Traffic. In Proceedings of GLOBECOM '95, pages p. 2124-8, Singapore, November 1995. IEEE Computer Society Press.]]Google ScholarCross Ref
- 14.R. Hanser, T. Przygienda, and G. Tsudik. Reducing the Cost of Security in Link-State Routing. In Proceedings of the Symposium on Network and Distributed System Security, pages 93-99, San Diego, CA, Feb 1997.]] Google ScholarDigital Library
- 15.F. Jordan and M. Medina. Secure Multicast Communications using a Key Distribution Center. In P. Viega and D. Kh~, editors, Proceeding of IFIP TC6 International Conference on Information Networks and Data Communication., pages 367-380, Funchal, Portugal, April 1994. Elsevier Science B.V.]] Google ScholarDigital Library
- 16.S. Kumar, P. Radoslavov, D. Thaler, C. Alaettinoglu, D. Estrin, and M. Handley. The MASC/BGMP Architecture for Inter-domain Multicast Routing. In Proceedings of A CM SIGCOMM98, pages 93-104, Vancouver, Canada, August 1998.]] Google ScholarDigital Library
- 17.S. Mittra. Iolus: A Framework for Scalable Secure Multicasting. In In Proceedings of ACM SIGCOMM97, Cannes, France, September 1997.]] Google ScholarDigital Library
- 18.S. Murphy and M. Badger. Digital Signature Protection of the OSPF Routing Protocol. In Proceedings of the Symposium on Network and Distributed System Security, pages 93-102, San Diego, CA, Feb 1996.]] Google ScholarDigital Library
- 19.S.H. Ong and S.H. Goh. A Generic Multicast-key Determination Protocol. In Proceedings of IEEE Singapore International Con/erence on Networks/International Conference on Information Engineering '93, pages p. 518-22, Singapore, Sept 1993.]]Google ScholarCross Ref
- 20.C. Shields and J.J. Garcia-Luna-Aceves. The Ordered Core Based Tree Protocol. In Proceedings of the IEEE INFOCOM97, Kobe, Japan, April 1997. IEEE.]] Google ScholarDigital Library
- 21.C. Shields and J.J. Garcia-Luna-Aceves. Hierarchicat Multicast Routing. In Proc. Seventeenth Annual A CM SIGA CT-SIGOPS Symposium on principles of distributed computing (PODC 98), Puerto Vallarta, Mexico, June 28-July 2 1998.]] Google ScholarDigital Library
- 22.B. Smith and J.J. Garcia-Luna-Aceves. Efficient Security Mechanisms for The Border Gateway Routing Protocol. Computer Communications (Elsevier), 21(3):203-210, 1998.]]Google ScholarDigital Library
- 23.B. Smith, S. Murthy, and J.J. Garcia-Luna-Aceves. Securing Distance Vector Routing Protocols. In Proc. Internet Society Symposium on Network and Distributed System Security, San Diego, California, February 1997.]] Google ScholarDigital Library
- 24.D. Wallner, E. Harder, and Ryan C. Agee. Key Management for Multicast: Issues and Architectures. Informational RFC, September 1998.]] Google ScholarDigital Library
- 25.M. Wiener. Efficient DES Key Search. Technical Report TR-244, School of Computer Science, Carleton University, Ottowa, Canada, May 1994.]]Google Scholar
- 26.C. Wong, M. Gouda, and S. Lain. Secure Group Communications Using Key Graphs. In Proceedings of the A CM SIGCOMM98, pages 68-79, 1998.]] Google ScholarDigital Library
Index Terms
KHIP—a scalable protocol for secure multicast routing
Recommendations
KHIP—a scalable protocol for secure multicast routing
We present Keyed HIP (KHIP), a secure, hierarchical multicast routing protocol. We show that other shared-tree multicast routing protocols are subject to attacks against the multicast routing infrastructure that can isolate receivers or domains or ...
Scalable Internet multicast routing
ICCCN '95: Proceedings of the 4th International Conference on Computer Communications and NetworksAbstract: In distributed network applications such as multiparty teleconferencing, users often need to send the same message to several other users. To achieve such one-to-many or many-to-many communication efficiently in wide-area internetworks, it is ...
Analysis of Internet multicast traffic performance considering multicast routing protocol
ICNP '00: Proceedings of the 2000 International Conference on Network ProtocolsRecently audio and video delivery services are widely spread in the Internet. In order to deliver these data to multiple receivers at the same time, the multicast technologies are indispensable. In such a situation, the performance analysis of multicast ...
Comments