Brad Cain

Generic Multicast Transport Services: Router Support for Multicast Applications

The development of scalable end-to-end multicast protocols is a tremendous challenge because of the problems in feedback implosion and transmission isolation. In this paper we describe a set of simple services, called Generic Multicast Transport Services (GMTS), which are implemented in routers for the purpose of assisting the scalability of end-to-end multicast protocols. GMTS provides a rich set of filtering and aggregation functions that support feedback suppression and sub-tree multicast operations which are desirable for many multicast transport protocols. We describe the GMTS architecture, the set of services, and provide examples of how the services can be used to support reliable multicast, repair services, anycasting, and multicast congestion control.

Secure and scalable inter-domain group key management for N-to-N multicast

The paper contributes a new architecture for secure and scalable inter-domain group key management for N-to-N (conference) IP multicast. The architecture views the multicast routing infrastructure from the key management plane, and logically divides it into two general types of regions for key management to achieve scalability. The work extends the centralized solution of (Wong et al., 1998) into a distributed key management scheme suitable for inter-domain multicast group key management. Methods for initiating new multicast groups, as well as for members joining and leaving, are presented. The paper also considers two general types of IP-multicast that need to be made secure if multicast is to be one of the vehicles for future wide-scale delivery of voice, video and text over the Internet.

Fast link state flooding

High network availability and fault tolerant behavior are seen as crucial network properties in future carrier and Internet service provider IP networks. In order to provide high availability, it is crucial that the routing system react quickly to failures and outages. Link state routing protocols are used in Internet service provider networks for intra-domain routing. Link state routing protocols are robust for route distribution but currently cannot provide fast convergence after failures, which is needed for high network availability. This paper discusses one performance problem with link state protocols-link state flooding speed-and proposes a solution. The solution, fast link state update (LSU) flooding, enables faster flooding of link state information and therefore faster convergence times.

An Architecture for Conference-Support Using Secured Multicast

The current work argues that from a security perspective there is much to be gained by employing a “secured” IP multicast at the Network layer to support the formation and management of secure conferences at the Application layer. A secured IP multicast -- with group authentication and confidentiality -- already achieves a reasonable level of security, and therefore fulfils a large part of the basic requirements of secure conferencing. If host-to-host authentication and confidentiality has been achieved through an N-to-N multicast that has been secured, then to a large extent the basic security needs of conferencing has been satisfied. What remains would be for the other conference-specific security requirements to be satisfied using methods which are particular to a given conference scheme, such as cheater detection/identification methods based on cryptographic techniques. In the current work we propose an architecture called the Multicast/Conference Security Architecture (MCSA) to facilitate the use of (a secured) IP multicast at the Network layer for establishing (a secured) conference at the Application layer.

PIM -SM Security: Interdomain Issues and Solutions

IP multicast is growing to be the future vehicle of delivery for multime-dia voice/video/text in the Internet to its millions of connected users. With PIM emerging as the multicast routing protocol standard in the networking industry, and more specifically PIM-SM (Sparse Mode) for multicasting to sparse groups, the security of PIM represents a crucial factor for the successful wide deployment of IP multicast in the Internet. The current work argues that the authentication-key arrangement for PIMv2 [1] from the PIM WG is insufficient for interdomain authentication of PIM control-messages. The paper analyses some of the deficiencies of the PIM WG proposal, and offers some solutions to these shortcomings, whilst maintaining the key arrangement proposed by the PIM WG.

A secure group membership verification protocol for IP multicast

The current work proposes a secure group membership verification (SGMV) protocol for IP multicast. The aim of the SGMV protocol is to allow any valid members of a multicast group to verify the membership of the group without a (trusted) third party vouching for a complete membership list. SGMV allows a valid member of the multicast group to verify the membership of the group on its own and in real-time. This achieved by requiring other valid members to respond to a membership-query message issued by a querying member. Two underlying principles of the current SGMV approach are the independence of the SGMV protocol from the underlying multicast routing protocol and the independence from the group key management protocol(s) employed for the multicast group.

Collection servers: an architecture for multicast receiver reporting

Streaming media multicast applications require periodic feedback from receivers for quality adaptation and for determining group membership size estimates. Specifically, we address one-to-many streaming media applications where it is important to know the the total membership numbers for a given group. In this paper we present an architecture for scaling receiver feedback in order to obtain accurate group size information. Our solution scales in terms of aggregating receiver feedback and does not introduce forwarding state into multicast routers. in which an aggregation of a signah may be obtained), in general they are not useful for the purposes of ACK based reliable multicast protocols and authenticated receivership information. In many types of streaming media programs, it is desirable to have a accurate near real-time count of all multicast participants. Furthermore, to arrive at an accurate picture of the receivership or audience, authentication of the reports sent by the recevers in the group must be employed, which has not been addressed by current schemes. It is for this reason that we introduce an architecture for the collection and aggregation of reports from members of multicast groups.