Sender access and data distribution control for inter-domain multicast groups

  • Authors:
  • Salekul Islam;J. William Atwood

  • Affiliations:
  • Department of Computer Science and Software Engineering, Concordia University, 1455 De Maisonneuve Blvd. West, Montréal, Québec, Canada H3G 1M8;Department of Computer Science and Software Engineering, Concordia University, 1455 De Maisonneuve Blvd. West, Montréal, Québec, Canada H3G 1M8

  • Venue:
  • Computer Networks: The International Journal of Computer and Telecommunications Networking
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

The classical IP multicast model makes it impossible to restrict the forwarded data to that originated by an authorized sender. Without effective sender access control, an adversary may exploit the existing IP multicast model, where a sender can send multicast data without prior authentication and authorization. Even a group key management protocol that efficiently distributes the encryption and the authentication keys to the receivers will not be able to prevent an adversary from spoofing the sender address or replaying any previously sent data and hence, flooding the Data Distribution Tree. This can create an efficient Denial of Service attack. In this paper, we propose an architecture for sender access control and data distribution control in inter-domain multicast groups. For sender access control, the Protocol for Carrying Authentication for Network Access, encapsulating Extensible Authentication Protocol packets, is used to authenticate a sender and to establish an IPsec Security Association between the sender and the Access Router to cryptographically authenticate each packet. This access control architecture is then extended to support inter-domain multicast groups by making use of Diameter agents. An inter-domain Data Distribution Tree (DDT) is distributed over different domains. Hence, sender access control will be meaningless without protecting the whole DDT. We have protected the DDT from several attacks generated by a compromised network entity by carrying the multicast data in one or a series of Multicast Security Associations (MSA). Two alternate solutions have been developed that detect and stop forwarding of any forged packet by utilizing multiple checkpoints in the DDT. The first method uses a centralized MSA for the whole DDT while the second method uses a number of small-sized MSAs. Next, the two methods have been compared with respect to different features, such as establishment and maintenance costs, delivery time, etc. The MSA method has been compared with Keyed HIP (KHIP), and we have established that MSA-based methods reasonably outperform KHIP. Finally, the security properties of MSA construction using the GDOI protocol have been validated using the AVISPA tool. Two attacks have been detected by AVISPA, which we have fixed by modifying the GDOI protocol. The security properties of the data transmission method through MSAs using the Authentication Header (AH) protocol have also been analyzed.