Sender Access Control in IP Multicast

Pfeifer, Tom; Malone, Paul

doi:10.1109/lcn.2007.53

Cited by 9 publications

(7 citation statements)

References 42 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is basically composed of a sender access control [10] to implement the first rule (only legitimate senders can send) and a receiver access control [11] to implement the second one (only valid customers can receive). However, in insecure classical architecture of IP multicast "everyone can send; only valid customers can receive" due to lack of sender access control [10]. That is, the insecure classical architecture of IP multicast, allows any user to send data to a multicast group without a prior join to that group.…”

Section: Secure Ip Multicast With Double-sided Access Controlmentioning

confidence: 99%

Validation of security for participant control exchanges in multicast content distribution

Parham

Atwood

2011

2011 Ninth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

In Content Delivery Networks (CDN), as the customer base increases, a point is reached where the capacity of the network and the content server become inadequate. In extreme cases (e.g., world class sporting events), it is impossible to adequately serve the clientele, resulting in extreme customer frustration. In these circumstances, multicast content delivery is an attractive alternative. However, the issue of maintaining control over the customers is difficult.In addition to controlling the access to the network itself, in order to control the access of users to the multicast session, an Authentication, Authorization and Accounting Framework was added to the multicast architecture. A successful authentication of the end user is a prerequisite for authorization and accounting. The Extensible Authentication Protocol (EAP) provides an authentication framework to implement authentication properly, for which more than thirty different available EAP methods exist.While distinguishing the multicast content delivery requirements in terms of functionality and security, we will be able to choose a smaller set of relevant EAP methods accordingly. Given the importance of the role of the ultimate chosen EAP method, we will precisely compare the most likely to be useful methods and eventually pick the Extensible Authentication Protocol -Flexible Authentication via Secure Tunneling (EAP-FAST) framework as the most suitable one.Based on the work on receiver participant controls, we present a validation of the security of the exchanges that are required to ensure adequate control and revenue recovery.iii

show abstract

Section: Secure Ip Multicast With Double-sided Access Controlmentioning

confidence: 99%

Validation of security for participant control exchanges in multicast content distribution

Parham

Atwood

2011

2011 Ninth Annual International Conference on Privacy, Security and Trust

View full text Add to dashboard Cite

show abstract

“…IP Multicast would be an ideal solution to the problem of sending homogeneous notifications to multiple destinations, but IP Multicast has not yet been widely adopted [1]. IMS presence requires communication between RLSs in home networks controlled by multiple service providers, so wide support for IP Multicast would be required in routers between these RLSs.…”

Section: Related Workmentioning

confidence: 99%

“…These updates are normally sent out directly to a set of destinations that have subscribed to receive these updates; however, this method causes a number of identical messages to be sent across network links close to the source of the notifying node. IP Multicast could reduce message replication but to date it is not widely deployed [1]. Instead, this paper presents an application-layer multicast approach that uses a tree-based distribution of notifications, with network coordinates guiding the set up of the distribution tree.…”

Section: Introductionmentioning

confidence: 99%

Hierarchical Notification Dissemination for IMS Presence Using Network Coordinates

Smith

Huang

Yan

2010

2010 IEEE Global Telecommunications Conference GLOBECOM 2010

View full text Add to dashboard Cite

The presence service provides event-based notifications of the status of contacts. Currently duplicate notifications must be sent directly to a set of watchers in unicast messages, putting unneeded strain on outgoing network links of the source node. In this article, we propose an extension to the Session Initiation Protocol (SIP) to distribute notifications through a tree of watchers using network coordinates to build the tree. Our simulation results show traffic costs halved by using the extension without significantly adding delay.

show abstract

“…A simple admission scheme is proposed in Reference [32] as a complement to multicast listener discovery (MLD) [33]: Prior to data dissemination, a new source issues an empty packet to the multicast group, which triggers an admission procedure between the access router and an authentication, authorization and accounting (AAA) server. In a mobile regime, such AAA third party admission will be required on each handover, thus placing a significant signaling burden as well as delay onto mobile multicast protocols.…”

Section: Related Work On Multicast Sender Authenticationmentioning

confidence: 99%

AuthoCast—a mobility‐compliant protocol framework for multicast sender authentication

Schmidt¹,

Wählisch²,

Christ³

et al. 2008

Security Comm Networks

View full text Add to dashboard Cite

Mobility is considered a key technology of the next generation Internet and has been standardized within the IETF. Rapidly emerging multimedia group applications such as IPTV, massive mutliplayer games (MMORPGs) and video conferencing increase the demand for mobile group communication, but a standard design of mobile multicast is still awaited. The open problem poses significant operational and security challenges to the Internet infrastructure. This paper introduces a protocol framework for authenticating multicast sources (MSs) and securing their mobility handovers. Its contribution is twofold: at first, the current mobile multicast problem and solution spaces are summarized from the security perspective. At second, a solution to the mobile source authentication problem is presented that complies to IPv6 mobility signaling standards. Using an autonomously verifiable oneway authentication based on cryptographically generated addresses, a common design is derived to jointly comply with the mobile any source and source specific multicast (SSM) protocols that are currently proposed. This lightweight scheme smoothly extends the unicast enhanced route optimization for mobile IPv6 and adds only little overhead to multicast packets and protocol operations.Voice and video (group) conferencing, as well as large scale content distribution, e.g., IPTV or massive mutliplayer games (MMORPGs) are considered the key applications for the next generation ubiquitous Internet. Inexpensive, point-to-multipoint enabled technologies such as 802.16 or DVB-H/IPDC emerge on the subnetwork layer and facilitate large-scale group communication deployment. Unlike point-to-point mobility and despite of 10 years of active research, mobile

show abstract

Sender Access Control in IP Multicast

Cited by 9 publications

References 42 publications

Validation of security for participant control exchanges in multicast content distribution

Validation of security for participant control exchanges in multicast content distribution

Hierarchical Notification Dissemination for IMS Presence Using Network Coordinates

AuthoCast—a mobility‐compliant protocol framework for multicast sender authentication

Contact Info

Product

Resources

About