Abstract
This paper studies the security issues that arise in an overlay multicast architecture where service providers distribute content such as web pages, static and streaming multimedia data, realtime stock quotes, or security updates to a large number of users. In particular, two major security problems of overlay multicast, network access control and group key management, are addressed. We first present a bandwidth-efficient scheme, called CRBR, that seamlessly integrates network access control and group key management. Next we propose a DoS-resilient key distribution scheme, called k-RIP, that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy and command these compromised nodes to drop keying packets. The proposed schemes do not rely on knowledge of overlay topology, and can scale up to very large overlay networks.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Almeroth, K., Ammar, M.: Multicast Group Behavior in the Internet’sMulticast Backbone (Mbone). IEEE Communications (June 1997)
Banerjee, S., Bhattacharjee, B., Kommareddy, C.: Scalable Application Layer Multicast. In: Proc. of ACM Sigcomm (2002)
Banerjee, S., Lee, S., Bhattacharjee, B., Srinivasan, A.: Resilient Multicast Using Overlays. In: Proc. of ACM Sigmetrics (2003)
Badishi, G., Keidar, I., Sasson, A.: Exposing and Eliminating Vulnerabilities to Denial of Service Attacks in Secure Gossip-Based Multicast. In: Proc. of Dependable Systems and Networks, DSN (2004)
Balenson, D., McGrew, D., Sherman, A.: Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization. IETF Internet draft (work in progress) (August. 2000)
CCITT Recommendation X.509: The Directory-Authentication Framework (1988)
Chu, Y., Rao, S., Seshan, S., Zhang, H.: Enabling conferencing applications on the internet using an overlay multicast architecture. In: Proc. of ACM SIGCOMM (2001)
Chu, Y., Rao, S., Zhang, H.: A case for endsystem multicast. In: Proc. of ACM Sigmetrics 2000 (2000)
Ford, B., Srisuresh, P., Kegel, D.: Peer-to-Peer Communication Across Network Address translators. In: Proc. of USENIX Annual Technical Conference (2005)
He, H., Hardjono, T., Cain, B.: Simple Multicast Receiver Access Control. draft-irtf-gsecsmrac- 00.txt (November 2001)
Jannotti, J., Gifford, D., Johnson, K., Kaashoek, M., O’Toole, J.: Overcast: Reliable, Multicasting with an Overlay Network. In: Proc. of 4th USENIX OSDI Symposium (2000)
Liu, D., Ning, P., Sun, K.: Efficient Self-Healing Group Key Distribution with Revocation Capability. In: Proc. of the 10th ACM CCS (2003)
Li, J., Reiher, P., Popek, G.: Resilient Self-Organizing Overlay Networks for Security Update Delivery. IEEE Journal on Selected Areas in Communications 22 (January 2004)
Mathy, L., Blundell, N., Roca, V., Elsayed, A.: Impact of Simple Cheating in Application- Level Multicast. In: Proc. of IEEE Infocom 2004 (2004)
Naor, D., Naor, M., Lotspiech, J.: Revocation and Tracing Schemes for Stateless Receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)
Setia, S., Koussih, S., Jajodia, S., Harder, E.: Kronos: A Scalable Group Re-Keying Approach for Secure Multicast. In: Proc. of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2000)
Setia, S., Zhu, S., Jajodia, S.: A Comparative Performance Analysis of Reliable Group Rekey Transport Protocols for Secure Multicast. Performance Evaluation 49(1/4), 21–41 (2002); special issue Proceedings of Performance 2002, Rome, Italy (September 2002)
Song, D., Zuckerman, D., Tygar, J.: Expander Graphs for Digital Stream Authentication and Robust Overlay Networks. In: Proc. of IEEE Symp. on Security & Privacy (2002)
Wong, C., Gouda, M., Lam, S.: Secure Group Communication Using Key Graphs. In: Proc. of SIGCOMM 1998, Vancouver, British Columbia, pp. 68–79 (1998)
Wright, R., Lincoln, P., Millen, J.: Efficient Fault-Tolerant Certificate Revocation. In: Proc. of ACM CCS (2000)
Yang, H., Luo, H., Yang, Y., Lu, S., Zhang, L.: HOURS: Achieving DoS Resilence in an Open Service Hierarchy. In: Proc. of Dependable Systems and Networks, DSN (2004)
Yang, Y., Li, X., Zhang, X., Lam, S.: Reliable group rekeying: Design and Performance Analysis. In: Proc. of ACM SIGCOMM 2001 (2001)
Zhang, B., Jamin, S., Zhang, L.: Host Multicast: a Framework for Delivering Multicast to End Users. In: IEEE Infocom 2002 (2002)
Zhu, S., Yao, C., Liu, D., Setia, S., Jajodia, S.: Efficient Security Mechanisms for Overlay Multicast-based Content Distribution. Tech-report, CSE, PSU (February 2005), http://www.cse.psu.edu/~szhu/overlay.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhu, S., Yao, C., Liu, D., Setia, S., Jajodia, S. (2005). Efficient Security Mechanisms for Overlay Multicast-Based Content Distribution. In: Ioannidis, J., Keromytis, A., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2005. Lecture Notes in Computer Science, vol 3531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11496137_4
Download citation
DOI: https://doi.org/10.1007/11496137_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26223-7
Online ISBN: 978-3-540-31542-1
eBook Packages: Computer ScienceComputer Science (R0)