Multicast and Group Security For quite a long time, computer security was a rather narrow field of study that was populated mainly by theoretical computer scientists, electrical engineers, and applied mathematicians. With the proliferation of open systems in general, and of the Internet and the World Wide Web (WWW) in particular, this situation has changed funda- mentally.Today,computerandnetworkpractitionersareequallyinterestedincomputer security, since they require technologies and solutions that can be used to secure applications relatedtoelectroniccommerce.Againstthisbackground, thefieldofcom- puter security has become very broad and includes many topics of interest. The aim of this series is to publish state-of-the-art, high standard technical books on topics related tocomputersecurity.Furtherinformationabouttheseriescanbe foundonthe WWW at the following URL: http://www.esecurity.ch/serieseditor.html Also,ifyou’dliketocontributetotheseriesbywritingabookaboutatopicrelated tocomputersecurity,feelfreetocontacteithertheCommissioningEditorortheSeries Editor at Artech House. For a listing of recent titles in the Artech House Computer Security Series, turn to the back of this book. Multicast and Group Security Thomas Hardjono Lakshminath R. Dondeti Artech House Boston * London www.artechhouse.com LibraryofCongressCataloging-in-PublicationData Hardjono,Thomas. Multicastandgroupsecurity/ThomasHardjono,LakshminathR.Dondeti. p. cm.—(ArtechHousecomputersecurityseries) Includesbibliographicalreferencesandindex. ISBN1-58053-342-6(alk.paper) 1.Multicasting(Computernetworks)—Securitymeasures. 2.Computer networks—Securitymeasures. I.Dondeti,LakshminathR. II.Title. TK5105.887.H37 2003 005.8—dc21 2003048097 BritishLibraryCataloguinginPublicationData Hardjono,Thomas Multicastandgroupsecurity—(ArtechHousecomputersecurityseries) 1.Multicasting(Computernetworks)—Securitymeasures I.Title II.Dondeti,LakshminathR. 005.8 ISBN1-58053-342-6 CoverdesignbyChristinaStone q2003ARTECHHOUSE,INC. 685CantonStreet Norwood,MA02062 Allrightsreserved.PrintedandboundintheUnitedStatesofAmerica.Nopartofthisbookmaybereproduced orutilizedinanyformorbyanymeans,electronicormechanical,includingphotocopying,recording,orbyany informationstorageandretrievalsystemwithoutpermissioninwritingfromthepublisher. Alltermsmentionedinthisbookthatareknowntobetrademarksorservicemarkshavebeenappropriately capitalized.ArtechHousecannotattesttotheaccuracyofthisinformation.Useofaterminthisbookshouldnot beregardedasaffectingthevalidityofanytrademarkorservicemark. InternationalStandardBookNumber:1-58053-342-6 LibraryofCongressCatalogCardNumber:2003048097 10 9 8 7 6 5 4 3 2 1 To Joan and Elizabeth — Thomas To Sridevi —Lakshminath Contents Foreword. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Preface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii Acknowledgments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxi 1 Introduction .. .... ..... .... .... .... ..... .... .... .... 1 1.1 Motivation for multicast security . . . . . . . . . . . . . . . . . . . . . 2 1.2 Multicast content protection. . . . . . . . . . . . . . . . . . . . . . . . . 5 1.2.1 Problem area 1: Secure multicast data handling. . . . . . . . . 5 1.2.2 Problem area 2: Management of keying material . . . . . . . . 7 1.2.3 Problem area 3: Multicast security policies. . . . . . . . . . . . . 11 1.3 Infrastructure protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.4 Applications of secure multicasting. . . . . . . . . . . . . . . . . . . . 13 1.5 Road map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 2 Framework for multicast and group security.. .... .... 17 2.1 The problem scope of multicast security . . . . . . . . . . . . . . . . 17 2.2 Fundamental issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 2.2.1 Routing infrastructure protection. . . . . . . . . . . . . . . . . . . 20 vii viii Contents 2.2.2 Controlled access to the multicast distribution tree. . . . . . . . 20 2.2.3 Management of keying material . . . . . . . . . . . . . . . . . . . 21 2.3 Transport and applications issues . . . . . . . . . . . . . . . . . . . . . 23 2.3.1 Security of Reliable Multicast protocols . . . . . . . . . . . . . . . 23 2.3.2 Applications requirements and other issues . . . . . . . . . . . . 24 2.4 The IETF problem scope for multicast and group security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.4.1 A brief history of multicast security efforts in the IETF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.4.2 The IETF multicast security Reference Framework. . . . . . . . 27 2.4.3 Elements of the Reference Framework. . . . . . . . . . . . . . . . 28 2.5 Three problem areas in the management of keying material . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.5.1 Problem area 1: Multicast data handling . . . . . . . . . . . . . 31 2.5.2 Problem area 2: Management of keying material . . . . . . . . 32 2.5.3 Problem area 3: Multicast security policies. . . . . . . . . . . . . 33 2.6 The building blocks approach . . . . . . . . . . . . . . . . . . . . . . . . 34 2.6.1 Motivation for building blocks. . . . . . . . . . . . . . . . . . . . . 34 2.6.2 Functional building blocks. . . . . . . . . . . . . . . . . . . . . . . 38 2.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 3 Multicast data authentication ... ..... .... .... .... .... 45 3.1 Issues in multicast data authentication . . . . . . . . . . . . . . . . . 46 3.1.1 Providing group authentication. . . . . . . . . . . . . . . . . . . . 48 3.1.2 Providing source authentication. . . . . . . . . . . . . . . . . . . . 49 3.2 Digital signatures for source authentication. . . . . . . . . . . . . . 50 3.2.1 Block signatures and individual packet authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3.3 Hash chaining to authenticate streaming data . . . . . . . . . . . . 55 3.3.1 Graph representation of hash chaining. . . . . . . . . . . . . . . 56 3.3.2 Efficient multichained stream signature. . . . . . . . . . . . . . . 58 3.3.3 Augmented chaining. . . . . . . . . . . . . . . . . . . . . . . . . . . 59 3.3.4 Piggybacking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 3.3.5 Discussion on hash chaining for authentication . . . . . . . . . 60 Contents ix 3.4 MAC-based source authentication of unreliable streams. . . . . 61 3.4.1 TESLA initialization. . . . . . . . . . . . . . . . . . . . . . . . . . . 63 3.4.2 MAC-based authentication of packets by the sender. . . . . . . 64 3.4.3 Packet processing at the receivers in TESLA. . . . . . . . . . . . 65 3.4.4 Enhancements to TESLA . . . . . . . . . . . . . . . . . . . . . . . . 66 3.4.5 Applicability analysis of TESLA . . . . . . . . . . . . . . . . . . . 67 3.5 IPsec ESP and MESP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 3.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 4 Introduction to group key management .. .... .... .... 73 4.1 A model for group key management. . . . . . . . . . . . . . . . . . . 74 4.2 Requirements in group key management . . . . . . . . . . . . . . . 76 4.2.1 Security requirements of unicast key management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 4.3 Security requirements of group key management . . . . . . . . . 79 4.4 GSA management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 4.4.1 The GSA model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 4.4.2 Definition of GSA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 4.5 Classification of the group key management problem. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 4.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 References. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 5 Architectures and protocols for group key management . ..... .... .... .... ..... .... .... .... 91 5.1 Architectural issues and motivations. . . . . . . . . . . . . . . . . . . 93 5.2 IKAM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.2.1 Domains, areas, and key distributors . . . . . . . . . . . . . . . . 95 5.2.2 Multicast groups for data and control. . . . . . . . . . . . . . . . 96 5.2.3 Keys: Multicast groups and control multicast groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.2.4 Control multicast groups: Address allocation . . . . . . . . . . . 99 5.2.5 Arrangement of keys in the domain. . . . . . . . . . . . . . . . . 100
Description: