skip to main content
10.1145/316188.316206acmconferencesArticle/Chapter ViewAbstractPublication PagescommConference Proceedingsconference-collections
Article
Free Access

KHIP—a scalable protocol for secure multicast routing

Authors Info & Claims
Published:30 August 1999Publication History

ABSTRACT

We present Keyed HIP (KHIP), a secure, hierarchical multicast routing protocol. We show that other shared-tree multicast routing protocols are subject to attacks against the multicast routing infrastructure that can isolate receivers or domains or introduce loops into the structure of the multicast routing tree. KHIP changes the multicast routing model so that only trusted members are able to join the multicast tree. This protects the multicast routing against attacks that could form branches to unauthorized receivers, prevents replay attacks and limits the effects of flooding attacks. Untrusted routers that are present on the path between trusted routers cannot change the routing and can mount no denial-of-service attack stronger than simply dropping control messages. KHIP also provides a simple mechanism for distributing data encryption keys while adding little overhead to the protocol.

References

  1. 1.A. Ballardie. Scalable Multicast Key Distribution. RFC 1949, May 1996.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. 2.A. Ballardie, B. Cain, and Z. Zhang. Core Based Trees (CBT version 3) Multicast Routing. Internet-Draft, March 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. 3.A. Ballardie and J. Crowcroft. Multicast-Specific Security Threats and Counter-measures. In Proceedings of the Symposium on Network and Distributed System Security, pages 2-16, San Diego, CA, February 1995. IEEE Computer Society Press.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. 4.A. Ballardie, P. Francis, and J. Crowcroft. Core Based Trees (CBT): An Architecture for Scalable Inter- Domain Multicast Routing. In Proc. A CM SIG- COMM'93, pages 85-95, October 1993.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. 5.E. Biham. How to Forge DES-Encrypted Messages in 228 Steps. Technical report, Technion, 1996.]]Google ScholarGoogle Scholar
  6. 6.S. Boeyen, T. Howes, and P. Richard. Internet X.509 Public Key Infrastructure Operational Protocols - LDAPv2. RFC 2559, April 1999.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. 7.R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast Security: A Taxonomy and Efficient Construction. In Proc. IEEE Infocom, March 1999.]]Google ScholarGoogle ScholarCross RefCross Ref
  8. 8.S. Deering. Multicast routing in a data.qram internetwork. PhD thesis, Stanford University, Palo Alto, California, December 1991.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. 9.S.E. Deering, D. Estrin, D. Farinacci, V. Jacobson, C. Liu, and L. Wet. An Arcitecture for Wide-Area Multicast Routing. In Proc. of the A CM SIGCOMMg~, pages 126-135, London, UK, September 1994.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. 10.W. Fenner. Internet Group Management Protocol, Vetsion 2. RFC 2236, November 1997.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. 11.L. Gong, R. Needham, and R. Yahalom. Reasoning about Belief in Cryptographic Protocols. In Proceedings of IEEE Computer Society Symposium on Research in Security and Privacy, pages 234-48, May 1990.]]Google ScholarGoogle ScholarCross RefCross Ref
  12. 12.L. Gong and N. Shacham. Elements of Trusted Multicasting. In Proceedings: 199~ International Conference on Network Protocols, Boston, MA, October 1994. IEEE Computer Society Press.]]Google ScholarGoogle ScholarCross RefCross Ref
  13. 13.L. Gong and N. Shacham. Trade-otPa in Routing Private Multicast Traffic. In Proceedings of GLOBECOM '95, pages p. 2124-8, Singapore, November 1995. IEEE Computer Society Press.]]Google ScholarGoogle ScholarCross RefCross Ref
  14. 14.R. Hanser, T. Przygienda, and G. Tsudik. Reducing the Cost of Security in Link-State Routing. In Proceedings of the Symposium on Network and Distributed System Security, pages 93-99, San Diego, CA, Feb 1997.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. 15.F. Jordan and M. Medina. Secure Multicast Communications using a Key Distribution Center. In P. Viega and D. Kh~, editors, Proceeding of IFIP TC6 International Conference on Information Networks and Data Communication., pages 367-380, Funchal, Portugal, April 1994. Elsevier Science B.V.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. 16.S. Kumar, P. Radoslavov, D. Thaler, C. Alaettinoglu, D. Estrin, and M. Handley. The MASC/BGMP Architecture for Inter-domain Multicast Routing. In Proceedings of A CM SIGCOMM98, pages 93-104, Vancouver, Canada, August 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. 17.S. Mittra. Iolus: A Framework for Scalable Secure Multicasting. In In Proceedings of ACM SIGCOMM97, Cannes, France, September 1997.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. 18.S. Murphy and M. Badger. Digital Signature Protection of the OSPF Routing Protocol. In Proceedings of the Symposium on Network and Distributed System Security, pages 93-102, San Diego, CA, Feb 1996.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. 19.S.H. Ong and S.H. Goh. A Generic Multicast-key Determination Protocol. In Proceedings of IEEE Singapore International Con/erence on Networks/International Conference on Information Engineering '93, pages p. 518-22, Singapore, Sept 1993.]]Google ScholarGoogle ScholarCross RefCross Ref
  20. 20.C. Shields and J.J. Garcia-Luna-Aceves. The Ordered Core Based Tree Protocol. In Proceedings of the IEEE INFOCOM97, Kobe, Japan, April 1997. IEEE.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. 21.C. Shields and J.J. Garcia-Luna-Aceves. Hierarchicat Multicast Routing. In Proc. Seventeenth Annual A CM SIGA CT-SIGOPS Symposium on principles of distributed computing (PODC 98), Puerto Vallarta, Mexico, June 28-July 2 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. 22.B. Smith and J.J. Garcia-Luna-Aceves. Efficient Security Mechanisms for The Border Gateway Routing Protocol. Computer Communications (Elsevier), 21(3):203-210, 1998.]]Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. 23.B. Smith, S. Murthy, and J.J. Garcia-Luna-Aceves. Securing Distance Vector Routing Protocols. In Proc. Internet Society Symposium on Network and Distributed System Security, San Diego, California, February 1997.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. 24.D. Wallner, E. Harder, and Ryan C. Agee. Key Management for Multicast: Issues and Architectures. Informational RFC, September 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. 25.M. Wiener. Efficient DES Key Search. Technical Report TR-244, School of Computer Science, Carleton University, Ottowa, Canada, May 1994.]]Google ScholarGoogle Scholar
  26. 26.C. Wong, M. Gouda, and S. Lain. Secure Group Communications Using Key Graphs. In Proceedings of the A CM SIGCOMM98, pages 68-79, 1998.]] Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. KHIP—a scalable protocol for secure multicast routing

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in
                • Published in

                  cover image ACM Conferences
                  SIGCOMM '99: Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
                  August 1999
                  320 pages
                  ISBN:1581131356
                  DOI:10.1145/316188

                  Copyright © 1999 ACM

                  Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

                  Publisher

                  Association for Computing Machinery

                  New York, NY, United States

                  Publication History

                  • Published: 30 August 1999

                  Permissions

                  Request permissions about this article.

                  Request Permissions

                  Check for updates

                  Qualifiers

                  • Article

                  Acceptance Rates

                  SIGCOMM '99 Paper Acceptance Rate24of190submissions,13%Overall Acceptance Rate554of3,547submissions,16%

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader