Alternative Approaches to Secure Multicast Yair Amir, Baruch Awerbuch, Theo Schlossnagle, Jonathan Stanton The Center for Networking and Distributed Systems Johns Hopkins University http://www.cnds.jhu.edu Johns Hopkins LUCITE 1/99 Meeting 1
The Group Communication Model c b c d a a a b a a P P P P P P P P • Ordering (Unordered, FIFO, Causal, Agreed). • Delivery guarantees (Unreliable, Reliable, Safe/Stable). • Open groups versus close groups. • Failure model (Omission, Fail-stop, Crash & Recovery, Network Partitions). • Multiple groups. Johns Hopkins LUCITE 1/99 Meeting 2
IP Multicast • Multicast extension to IP. • IP multicast provides some of the traditional group communication services, specifically: unreliable, unordered, best-effort multicast, fully supporting the various failure models. • No accurate membership. • Utilizes network routers to store state of IP Multicast groups that span attached networks. Johns Hopkins LUCITE 1/99 Meeting 3
Spread: A Wide and Local Area Group Communication System c b c d a a a b a a P P P P P P P P S S S • Spread daemons are located in various parts of the network. • Clients may connect to the nearest daemon. • Network structure is transparent to the client processes. • Open group semantics. Johns Hopkins LUCITE 1/99 Meeting 4
Multicast Routing in Spread Hardware A A Broadcast IP Multicast B B D D Routing Tree for Site A Hardware Routing Tree for C C Multicast Site C Routing Tree for Site D * Site B’s routing tree is not shown for clarity reasons. • Optimized routing tree for each multicast source. • Network routers are not involved in group maintenance and multicast routing calculations. • Network routers perform only insecure unicast routing. Johns Hopkins LUCITE 1/99 Meeting 5
Advantages of Alternative approaches • Not require changes to standard Internet Protocols. • Security goes hand in hand with high availability and fault tolerance. – The group communication paradigm worked well for providing these, so it could work well for multicast security. • Exploit advantages of the daemon model – Already are exploited for fault tolerant issues. – Not likely to be achieved in the Internet router level. Johns Hopkins LUCITE 1/99 Meeting 6
Secure Spread • Requirements – Encryption, Signatures, Freshness. – Immediate usability (without changes to network hardware or protocols, or operating systems). – High performance. – Allows administrative control of policy (e.g. group access control, how fast keys are refreshed, key size). • Approaches – Spread Daemons are not trusted. – Spread Daemons are trusted. Johns Hopkins LUCITE 1/99 Meeting 7
Trust Tradeoffs App App • Advantages in trusted daemons – High performance. – Can be reduced to two-party key agreement (client/daemon) aside of the core daemon group. – Better semantics (guaranteeing virtual synchrony after a membership change). • Advantages in untrusted daemons – Daemons are not a security concern. – Better separation of security and networking code. Johns Hopkins LUCITE 1/99 Meeting 8
The Spread API main( int argc, char **argv) { mailbox my_mbox; my_mbox = SP_connect( daemon, user); SP_join( my_mbox, “Hackers” ); SP_multicast( my_mbox, AGREED, “Hackers”, “Here is a new exploit in sendmail”); SP_recv( my_mbox, Message, sender); } Johns Hopkins LUCITE 1/99 Meeting 9
Secure Spread API • Messages can be encrypted by setting a new ENCRYPT flag in SP_multicast. • Messages can be signed by using a new call SP_signed_multicast( …, sign_group) . • Messages are received by calling the same SP_recv which automatically decipher encrypted messages and verify signed messages. • Freshness of clients can be cryptographically verified. Johns Hopkins LUCITE 1/99 Meeting 10
Key Agreement Algorithms • Based on Cliques work from ISI: Tsudik et al, ICDCS98. • Important features: – Decentralized. – Two message latency for join or leave of a group member. – Everyone contributes to the key. – Everyone can prove they took part in the generation of the key. Johns Hopkins LUCITE 1/99 Meeting 11
Experimental Results • Large performance hit in the number of group joins and leaves possible per second (from 60 to 80 in generic Spread to less than 2). • High computational cost for generating keys. • High use of data on disk (is this more secure somehow?). Johns Hopkins LUCITE 1/99 Meeting 12
Recommend
More recommend
![CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5](https://c.sambuz.com/858052/cs-356-computer-network-architectures-lecture-24-ip-s.jpg)
