As internet continues to grow phenomenally, the desire for
more efficient ways of distributing information across network is increasing.
Multicast technology is used for distributing data to a group of participants
by conserving bandwidth more efficiently than traditional unicast mechanism. This
is done by replicating IP streams in the router at the same time thus achieving
better delivery to multiple users.
This would mean conservation of computational resources of
the sender and bandwidth efficiency in the network .A group membership can be
performed using the Internet Group Multicast Protocol (IGMP) protocol. It
provides admission control operation such as "join" and
"leave". Some examples of applications that take advantage of
multicast technology are video conferencing, digital broadcasting, software
distribution and electronic learning. The Figure 1 depicts an example of a
multicast distribution tree where information from a single sender traversing
to multiple receivers.
Security
in the other hand is a critical element for the deployment of IP multicast
technology. According to the recommendation from International Standards
Organization (ISO), criteria’s for designing a secure system are
confidentiality, integrity, authentication, non-repudiation and access control.
Cryptography is fundamental to these criteria as it involves asymmetric and symmetric
key operations. Therefore, management of these keys plays an important role in
designing multicast security. On the standardization front, IETF has formed
Multicast Security (MSEC) Workgroup to standardize protocols for securing group
communication over the internet. The workgroup has made it an important
objective to standardize group key management architecture. This paper will
incorporate many of the features documented in MSEC Group Key Management
Architecture, Multicast Security Architecture, Group Security Association Key Management Protocol , Group Domain of
Interpretation and other related group key management documentations within
IETF multicast security workgroup.
Group Key Management
Group Key Management refers to the process of managing cryptographic
keys in a secure multicast group .The handling of these keys in multicast
security is complex because it has to operate in a very dynamic environment.
Typically in a unicast key management mechanism usually works only between two
hosts. Multicast in the other hand requires handling scenarios that involves
one-to-many or many-to-many
Communication. Consequently, these may require more than one
keys required for a session. Ideally, due to handling of more cryptographic
keys, a trusted entity is needed to manage them. Therefore, multicast security
workgroup proposals are mainly base on the Group Controller and Key Server (GCKS)
trust model developed in GKMP. It provides a high-level overview on the
relationship of the entities involved
In multicast security that is centered on GCKS.
Additionally, Group Security Association (GSA) is an important element for the
construction of a secure multicast group.
It provides a way to associate cryptographic attributes so
that all members in the group can communicate together securely. The trust
model and GSA forms the basis for group key management. The following
subsection will elaborate on them.
