A Toolkit for Secure Internet Multicast

1. A Toolkit for Secure Internet Multicast Debanjan Saha Isabel Chang Robert Engel Dimitris Pendarakis Pankaj Rohatgi Ran Canetti IBM T.J. Watson Research Center debanjan@watson.ibm.com

2. Overall Architecture Group owner Controller & reflector Controller & reflector Controller & reflector Members Members Members

3. Domain Architecture Senders Senders Data Plane Control Plane To & from other domains To & from other domains Reflector Controller Receivers Receivers

4. Control Messages Controller Initiated Client Initiated Registration Join a session Leave from a session Expelled from a session Backward secrecy Forward secrecy Key Update

5. Message Types • Member initiated • Registration • Registration request • Registration response • Join a session • Join request • Join response • Leave a session • Leave request • Leave confirm • Controller initiated • Update session key • Expel a member

6. Control Messages Sender Domain controller Receiver Sender Join Request Receiver Join Request Sender Join Confirm Receiver Join Confirm Key Update Key Update Key Update Key Update Sender Leave Request Sender Leave Confirm Receiver Expel Confirm Receiver ID

7. Joining a Group: Message Flow Controller Member Member Hello Controller Hello Certificate 3.7ms (512-bit key) 12.3ms (1024-bit key) Key Exchange [Master Secret] Controller public key 10.13ms (512-bit key) 47.9ms (1024-bit key) Member Join Confirm Client ID & Password Member Join Confirm Keys

8. Light Weight Protocol: Message Flow Controller Member Member Join Request Member ID 1.3ms (512-bit key) 5.2ms (1024-bit key) Member Join Confirm [Session keys] Member public key 10.13ms (512-bit key) 47.9ms (1024-bit key)

9. Wallner Scheme SK K4567 K0123 K01 K45 K23 K67 K0 K1 K2 K4 K5 K3 K6 K7 M0 M2 M1 M6 M7 M3 M4 M5

10. Update Session Key: Message Format • Key encrypting keys (K0,K1) and K2 • Consider an one way hash function g( ) Message Type Message Len Session ID Sequence # Payload Len Number of KEK KeyID(K0) KeyID(K1) [ SK ] g(K0,K1) Payload Len Number of KEK KeyID(K2) [ SK ] g(K2) Controller Signature

11. Data Plane • Encryption/authentication is transparent to the application • Socket like send/receive API • Encryption/authentication can be turned on/off using a flag • Facilitates partial encryption/authentication based on application semantics

12. Software Architecture:Controller Registration Manager Cipher Manager GUI Session Manager Crypto Engine Secure Multicast Protocol Suite Standard Multicast Reliable Multicast SSL SSL Socket API

13. Software Architecture:Client Secure Multicast Socket API Registration Key Ring Agent Crypto Engine Secure Multicast Protocol Suite Standard Multicast Reliable Multicast SSL Socket API

14. Status • Version 0.5 of the toolkit available • Planned demo at Chicago IETF & RSA conference • Applications • Stock distribution • Authentic and/or confidential • Real-time, low data rate, reliable • Audio/video distribution • 20 Kbps to 1 Mbps • Authentic and/or confidential • Real-time, unreliable multicast