KHIP—a scalable protocol for secure multicast routing
Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
ICICS '97 Proceedings of the First International Conference on Information and Communication Security
LFSR-based Hashing and Authentication
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems
IHW '01 Proceedings of the 4th International Workshop on Information Hiding
Multicast-specific security threats and counter-measures
SNDSS '95 Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95)
Survey of multicast routing algorithms and protocols
ICCC '02 Proceedings of the 15th international conference on Computer communication
A survey of key management for secure group communication
ACM Computing Surveys (CSUR)
Preventing Internet denial-of-service with capabilities
ACM SIGCOMM Computer Communication Review
Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications
LIPSIN: line speed publish/subscribe inter-networking
Proceedings of the ACM SIGCOMM 2009 conference on Data communication
Self-Routing Denial-of-Service Resistant Capabilities Using In-packet Bloom Filters
EC2ND '09 Proceedings of the 2009 European Conference on Computer Network Defense
Multipoint communication: a survey of protocols, functions, and mechanisms
IEEE Journal on Selected Areas in Communications
A survey of security issues in multicast communications
IEEE Network: The Magazine of Global Internetworking
Security issues and solutions in multicast content distribution: a survey
IEEE Network: The Magazine of Global Internetworking
Designing, implementing and evaluating a new internetworking architecture
Computer Communications
| Hi-index | 0.00 |
Traditional multicasting techniques give senders and receivers little control for who can receive or send to the group and enable end hosts to attack the multicast infrastructure by creating large amounts of group specific state. Bloom filter based multicast has been proposed as a solution to scaling multicast to large number of groups. In this paper, we study the security of multicast built on Bloom filter based forwarding and propose a technique called BloomCasting, which enables controlled multicast packet forwarding. Bloomcasting group management is handled at the source, which gives control over the receivers to the source. Cryptographically computed edge-pair labels give receivers control over from whom to receive. We evaluate a series of data plane attack vectors based on exploiting the false positives in Bloom filters and show that the security issues can be averted by (i) locally varying the Bloom filter parameters, (ii) the use of keyed hash functions, and (iii) per hop bit permutations on the Bloom filter carried in the packet header.