Embed Size (px)
Citation preview
7/11/2006 IETF-66 MSEC applied to RMTpage 1
George Gross
IdentAware™ Multicast Security [email protected]
IETF-66, Montreal, Canada
July 11th 2006
Secure Multicast Applied to Reliable Multicast Transport
7/11/2006 IETF-66 MSEC applied to RMTpage 2
Problem Statement
• Several RMT protocols and building blocks are approaching final standardization phase
• To date, no comprehensive survey or solution for the security problems latent in these protocols:– denial of service attacks are easy
– adversaries along the path could alter data in transit and/or masquerade as a group speaker
– no provision for confidentiality
7/11/2006 IETF-66 MSEC applied to RMTpage 3
RMT over MSEC IPsec
Crypto-token
I/O driver
UDP
RMT protocol library
multicast IP security (SPD/SAD)
SP
D/S
AD
control
Group Key Management Subsystem
GK
M p
rotocol
AP
I
IP-v4 or IP-v6 or link layer
Reliable multicastapplication
DBMS library
Operating system
PKI andcryptolibrary
7/11/2006 IETF-66 MSEC applied to RMTpage 4
Reliable Multicast TLS
Crypto-token
I/O driver
UDP
RMTLS security library
Group Key Management ProtocolG
KM
protocol
AP
I
IP-v4 or IP-v6 or link layer
Reliable multicastapplication
DBMS library
Operating system
RM
TL
S control
AP
I
PKI andcryptolibrary
RMT library
7/11/2006 IETF-66 MSEC applied to RMTpage 5
RMT and MSEC Have Worked In Parallel, Orthogonal Efforts
• Until now, it was assumed that IPsec protected NORM, FLUTE, ALC, & LCT
• MSEC has an IPsec standard in progress, yet a transport or application layer mechanism may be preferred for security that passes the “grandmother test”.
• Expertise needed from both RMT and MSEC areas to formulate that alternative
