A toolkit for secure internet multicast
Download
1 / 14

- PowerPoint PPT Presentation


  • 460 Views
  • Uploaded on

A Toolkit for Secure Internet Multicast Debanjan Saha Isabel Chang Robert Engel Dimitris Pendarakis Pankaj Rohatgi Ran Canetti IBM T.J. Watson Research Center [email protected] Overall Architecture Group owner Controller & reflector Controller & reflector Controller & reflector

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about '' - Lucy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
A toolkit for secure internet multicast l.jpg

A Toolkit for Secure Internet Multicast

Debanjan Saha

Isabel Chang Robert Engel Dimitris Pendarakis

Pankaj Rohatgi Ran Canetti

IBM T.J. Watson Research Center

[email protected]


Overall architecture l.jpg
Overall Architecture

Group owner

Controller

& reflector

Controller

& reflector

Controller

& reflector

Members

Members

Members


Domain architecture l.jpg
Domain Architecture

Senders

Senders

Data Plane

Control Plane

To & from other domains

To & from other domains

Reflector

Controller

Receivers

Receivers


Control messages l.jpg
Control Messages

Controller Initiated

Client Initiated

Registration

Join a session

Leave from a session

Expelled from a session

Backward secrecy

Forward secrecy

Key Update


Message types l.jpg
Message Types

  • Member initiated

    • Registration

      • Registration request

      • Registration response

    • Join a session

      • Join request

      • Join response

    • Leave a session

      • Leave request

      • Leave confirm

  • Controller initiated

    • Update session key

    • Expel a member


Control messages6 l.jpg
Control Messages

Sender

Domain controller

Receiver

Sender Join Request

Receiver Join Request

Sender Join Confirm

Receiver Join Confirm

Key Update

Key Update

Key Update

Key Update

Sender Leave Request

Sender Leave Confirm

Receiver Expel Confirm

Receiver ID


Joining a group message flow l.jpg
Joining a Group: Message Flow

Controller

Member

Member Hello

Controller Hello

Certificate

3.7ms (512-bit key)

12.3ms (1024-bit key)

Key Exchange

[Master Secret] Controller public key

10.13ms (512-bit key)

47.9ms (1024-bit key)

Member Join Confirm

Client ID & Password

Member Join Confirm

Keys


Light weight protocol message flow l.jpg
Light Weight Protocol: Message Flow

Controller

Member

Member Join Request

Member ID

1.3ms (512-bit key)

5.2ms (1024-bit key)

Member Join Confirm

[Session keys] Member public key

10.13ms (512-bit key)

47.9ms (1024-bit key)


Wallner scheme l.jpg
Wallner Scheme

SK

K4567

K0123

K01

K45

K23

K67

K0

K1

K2

K4

K5

K3

K6

K7

M0

M2

M1

M6

M7

M3

M4

M5


Update session key message format l.jpg
Update Session Key: Message Format

  • Key encrypting keys (K0,K1) and K2

  • Consider an one way hash function g( )

Message Type

Message Len

Session ID

Sequence #

Payload Len

Number of KEK

KeyID(K0)

KeyID(K1)

[ SK ] g(K0,K1)

Payload Len

Number of KEK

KeyID(K2)

[ SK ] g(K2)

Controller Signature


Data plane l.jpg
Data Plane

  • Encryption/authentication is transparent to the application

  • Socket like send/receive API

    • Encryption/authentication can be turned on/off using a flag

    • Facilitates partial encryption/authentication based on application semantics


Software architecture controller l.jpg
Software Architecture:Controller

Registration

Manager

Cipher

Manager

GUI

Session

Manager

Crypto

Engine

Secure Multicast Protocol Suite

Standard

Multicast

Reliable

Multicast

SSL

SSL

Socket API


Software architecture client l.jpg
Software Architecture:Client

Secure Multicast Socket API

Registration

Key Ring

Agent

Crypto

Engine

Secure Multicast Protocol Suite

Standard

Multicast

Reliable

Multicast

SSL

Socket API


Status l.jpg
Status

  • Version 0.5 of the toolkit available

  • Planned demo at Chicago IETF & RSA conference

  • Applications

    • Stock distribution

      • Authentic and/or confidential

      • Real-time, low data rate, reliable

    • Audio/video distribution

      • 20 Kbps to 1 Mbps

      • Authentic and/or confidential

      • Real-time, unreliable multicast


ad