J.W. Atwood

Reliable multicasting in the Xpress transport protocol

The Xpress transport protocol (XTP) is designed to meet the needs of distributed, real-time, and multimedia systems. This paper describes the genesis of recent improvements to XTP that provide mechanisms for reliable management of multicast groups, and gives details of the mechanisms used.

A Framework to Add AAA Functionalities in IP Multicast

Multicasting, as an operational paradigm, has not been widely adopted until now, in spite of the advantages of its lower resource utilization and bandwidth conservation. This is due to lack of control over the multicast groups, which implies that the Network Service Provider has no simple mechanism for generating revenue from IP multicast. The Authentication, Authorization and Accounting (AAA) protocols are being used very successfully to ensure revenue generation by controlling access to network resources in unicast communication. AAA protocols can be used for multicast based applications to authenticate the end users, to establish their authority to participate in the group, and to keep a record of their group activity. In this paper, we have proposed a framework to deploy AAA protocols in such uses. The edge-router will be the perfect place to implement the AAA client functions. A modification to the Internet Group Management Protocol (IGMP) is also required to carry end user authentication data.

Proxy encryptions for secure multicast key management

With the advent of digital technologies and widening Internet bandwidth in recent years there has been a marked rise in new multimedia services. These services include teleconferencing, pay-per-view, interactive simulation, software updates and real-time delivery of stock market information. Security in group communications is an important requirement when the delivery includes confidential or copyrighted data. Proposals for multicast security solutions so far are complex and often require trust in intermediate components or are inefficient. In this paper we present a framework using proxy key encryptions for scalable multicast key management. The solution guarantees perfect forward and backward secrecy. It has very low complexity and overhead. We propose a simple key management solution and discuss its properties.

The Internet Group Management Protocol with Access Control (IGMP-AC)

IP multicast is best known for its bandwidth conservation and lower resource utilization. The classical model of multicast makes it difficult to permit access only to authorized end users or paying customers. A scalable, distributed and secure architecture is needed where authorized end users can be authenticated before delivering any data or content. In (unsecure) multicast, an end user or host informs the multicast edge-router of its interest in receiving multicast traffic using the Internet group management protocol (IGMP). To carry the end user authentication data, we have extended the IGMPv3 protocol, and called our new version the Internet group management protocol with access control (IGMP-AC). New messages and reception states have been added to IGMPv3, and the AAA framework is used for end user authentication, authorization and accounting purposes. IGMP-AC is presented using state diagrams of the entities that are involved. The proposed protocol has been modeled in PROMELA, and has also been verified using SPIN

Rendezvous point relocation in protocol independent multicast - sparse mode

Protocol independent multicast - sparse mode is the most widely used multicast routing architecture. It builds a shared distribution tree centered at a rendezvous point and then builds source-specific trees for those sources whose data rate warrants it. Current implementations of the protocol decide on the rendezvous point administratively, which leads to congestion and delays. An attractive solution would be dynamic relocation of the rendezvous point depending on the members of the multicast group. We present a rendezvous point calculation and relocation mechanism for protocol independent multicast -sparse mode. Simulation of the proposed mechanisms is used to demonstrate the effectiveness of the proposals.

Sender Access Control in IP Multicast

Multicasting has not been widely adopted until now, due to lack of access control over the group members. The authentication, authorization and accounting (AAA) protocols are being used successfully, in unicast communication scenarios, to control access to network resources. AAA protocols can be used for multicast applications in a similar way. However, without an effective sender access control, an adversary may exploit the existing IP multicast model, where a sender can send multicast data without prior authentication and authorization. Even a group key management protocol that efficiently distributes the encryption and the authentication keys to the receivers will not be able to prevent an adversary from spoofing the sender address and hence, flooding the data distribution tree. This can create an efficient Denial of Service attack. In previous work, we have proposed a framework for the use of AAA protocols to manage IP Multicast group membership. To prevent DoS attacks and other known attacks (e.g., replay attack), we propose in this paper an extension for sender access control. Our solution will authenticate and authorize each sender, and account for sender behavior by deploying AAA protocols. Moreover, a multicast packet will be forwarded to the distribution tree only if it is cryptographically authenticated at the entry point by the Access Router. The proposal we have presented provides a flexible authentication framework, supporting different authentication mechanisms, and is independent of the underlying routing protocol. Finally, we have extended our model to support inter-domain multicast groups.

Secure E-Commerce Transactions for Multicast Services

All e-commerce environments require support for security properties such as authentication, authorization, data confidentiality, and non-repudiation. E-commerce protocols such as SSL, TLS, and SET offer security for e-transactions, but they are specific to the unicast (point-to-point) environment. They cannot be directly extended to provide security for multicast (point-to-multipoint) sessions. Multicast data transmission provides significant network resource savings for applications such as audio/video streaming, news broadcast services and software distribution. However, security is required to prevent theft, and to ensure revenue generation from authorized recipients. We have designed the secure e-commerce transactions for multicast services (SETMS) architectural framework, to secure e-commerce sessions for multicast environments. The SETMS framework provides authentication of host through the HIP protocol, authorization of subscriber and his/her e-payments through a variant of the 2KP protocol, a procedure to account for the subscribers resource consumption, and support for non-repudiation of principal parties through PKI. The SETMS framework has been formally validated using the AVISPA tool

A unified approach to fault-tolerance in communication protocols based on recovery procedures

Discusses fault tolerance in computer communication protocols, modeled by communicating finite state machines, by providing an efficient algorithmic procedure for recovery in such systems. Even when the communication network is reliable and maintains the order of messages, any kind of transient error that may not be detected immediately could contaminate the system, resulting in protocol failure. To achieve fault-tolerance, the protocol must be able to detect the error, and then it must recover from that error and eventually reach a legal (or consistent) state, and resume its normal execution. A protocol that possesses the latter feature of recovering and continuing its execution starting from a legal state is also called a self-stabilizing protocol. Our recovery procedure does not require the application of an intrusive checkpointing procedure. The stable storage requirement for each process is less than that required for other proposed recovery procedures. The recovery procedure provides us with a legal protocol state, which is the global state before reaching any illegal state and before the effects of the error make other states illegal. Only a minimal number of processes affected by error propagation are required to rollback. Our recovery procedure can be used to recover from any number of transient errors in the system. Our recovery procedure has also been modeled in PROMELA, a language to describe validation models, which shows the syntactic correctness of our recovery protocol design. Finally, our procedure is compared with the existing approaches of handing the errors, and an illustrative example is provided.

A Web Database Security Model Using the Host Identity Protocol

Web database security is a very important issue in e-commerce. This paper presents a new Web database security model. It utilizes the host identity protocol (HIP), which is being defined by the IETF, and a proposed user identity exchange, to achieve authentication of host identity and user identity, and combines it with the database system itself and encryption to guarantee Web database security and confidentiality of the data. For these purposes, we define a new concept of the user identity namespace for the user, and using it to realize the binding-authentication of the host identity and user identity of the client, and build a relationship between the host and the user. In the new model, we set up a high strength shell of security for the database.

Secure multicast communication: end user identification and accounting

One reason that multicast communication is not in widespread use is its anonymous host model: a host may join and leave a group at any time from anywhere. Lack of information about service users and access control in this model makes it vulnerable to different types of attacks and also creates problems for a service provider to generate enough revenue. An architecture is proposed in this paper to identify multicast end users and to control access to the multicast group communication. The AAA architecture of the IETF is incorporated in the solution. A group policy server is used to provide group management services and IGMP/MLD protocol messages are extended to exchange host and user identity information. The end user information in this system enables an ISP to control the distribution of the multicast traffic as well as to collect real time user accounting information. Part of the proposed solution has been formally modeled in PROMELA. Validation of the model has shown that the proposed architecture and protocols are invulnerable to many forms of attack