The Internet today has no support for privacy or authentication in multicast data distribution. Multicast groups are open in the sense that any host can join a group, and to send datagrams to a multicast group a sender need not even be a member of the group. However, a number of applications such as pay-per -view distribution of digital media, pay-per-view multi-party games and restricted conferences, require facilities to restrict the set of receivers and mechanisms to authenticate the data senders.
In this paper we describe the architecture and prototype implementation of a toolkit for secure Internet Multicast. This toolkit provides a middleware for developing applications that can send and receive multicast data with appropriate levels of authentication and confidentiality. It employs a novel key management and distribution scheme that is scalable in terms of group size and dynamics. Another notable feature of the toolkit is the separation of control and data plane functions. This separation of control and data paths can provide applications with fine grain control in the data path, while keeping the control plane as transparent to the applications as possible. We have prototyped this toolkit in Java and used it to enhance several multicast applications with security features. We present initial results of our experimentation with this toolkit.
By: Isabella Chang, Robert Engel, Dilip Kandlur, Dimitrois Pendarakis, Debanjan Saha
Published in: RC21376 in 1998
This Research Report is not available electronically. Please request a copy from the contact listed below. IBM employees should contact ITIRC for a copy.
Questions about this service can be mailed to reports@us.ibm.com .