IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
AAA Protocols: Authentication, Authorization, and Accounting for the Internet
IEEE Internet Computing
A Framework to Add AAA Functionalities in IP Multicast
AICT-ICIW '06 Proceedings of the Advanced Int'l Conference on Telecommunications and Int'l Conference on Internet and Web Applications and Services
Secure E-Commerce Transactions for Multicast Services
CEC-EEE '06 Proceedings of the The 8th IEEE International Conference on E-Commerce Technology and The 3rd IEEE International Conference on Enterprise Computing, E-Commerce, and E-Services
Scalable solutions for secure group communications
Computer Networks: The International Journal of Computer and Telecommunications Networking
An Architecture for Secure and Accountable Multicasting
LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
Sender Access Control in IP Multicast
LCN '07 Proceedings of the 32nd IEEE Conference on Local Computer Networks
Sender access and data distribution control for inter-domain multicast groups
Computer Networks: The International Journal of Computer and Telecommunications Networking
IEEE Communications Surveys & Tutorials
Security issues and solutions in multicast content distribution: a survey
IEEE Network: The Magazine of Global Internetworking
Sender access and data distribution control for inter-domain multicast groups
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
IP multicast is best-known for its bandwidth conservation and lower resource utilization. The present service model of multicast makes it difficult to restrict access to authorized End Users (EUs) or paying customers. Without an effective receiver access control, an adversary may exploit the existing IP multicast model, where a host or EU can join any multicast group by sending an Internet Group Management Protocol (IGMP) join message without prior authentication and authorization. We have developed a novel, scalable and secured access control architecture for IP multicast that deploys Authentication Authorization and Accounting (AAA) protocols to control group membership. The principal feature of the access control architecture, receiver access control, is addressed in this paper. The EU or host informs the multicast Access Router (AR) of its interest in receiving multicast traffic using the IGMP protocol. We propose the necessary extensions of IGMPv3 to carry AAA information, called IGMP with Access Control (IGMP-AC). For EU authentication, IGMP-AC encapsulates Extensible Authentication Protocol (EAP) packets. EAP is an authentication framework to provide some common functions and a negotiation of the desired authentication mechanism. Thus, IGMP-AC can support a variety of authentications by encapsulating different EAP methods. Furthermore, we have modeled the IGMP-AC protocol in PROMELA, and also verified the model using SPIN. We have illustrated the EAP encapsulation method with an example EAP method, EAP Internet Key Exchange (EAP-IKEv2). We have used AVISPA to validate the security properties of the EAP-IKEv2 method in pass-through mode, which fits within the IGMP-AC architecture. Finally, we have extended our previously developed access control architecture to accomplish inter-domain receiver access control and demonstrated the applicability of IGMP-AC in a multi-domain environment.