Security Issues and Solutions in Multicast Environment through Tree based Scheme

Multicast is the delivery of a message or information to a group of destination computers simultaneously in a single transmission from the source creating copies automatically in other network elements, such as routers, only when the topology of the network requires it. Multicasting security is hard because of Open group membership, everyone gets same pack ets, Senders need not be members. We first present taxonomy of mu lticast scenarios on the Internet and point out relevant security concerns. Next we address two major security problems of multicast communication: source authentication, and key revocation. Maintaining authenticity in multicast protocols is a much more complex problem than for unicast, in particular known solutions are prohibitively inefficient in many cases. We present a solution that is reasonable for a range of scenarios. Our approach can be regarded as a midpoi nt between traditional Message Authentication Codes and digital signatures. We also present an improved solution to the key revocation problem

To Achieve Perfect Resilience To Packet Loss In Lossy Channels Through Mabs

Authentication is one of the decisive subjects in protecting multicast in a situation attractive to malicious attacks.  Multicast is a competent method to transport multimedia content from a sender to a group of receivers and is gaining popular applications such as real time stock quotes, interactive games, video conference, live video broadcast or video on demand. The batch signature methods can be used to perk up the presentation of broadcast authentication. In this paper we recommend all-inclusive revise on this approach and suggest a novel multicast authentication protocol called MABS (Multicast Authentication based on Batch Signature). The essential scheme called MABS-B hereafter operates an well-organized asymmetric cryptographic primitive called batch signature which supports the authentication of any number of packets concurrently with one signature verification to address the competence and packet loss problems in universal surrounding

Distributed control of coded networks

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2010.Cataloged from PDF version of thesis.Includes bibliographical references (p. 97-101).The introduction of network coding has the potential to revolutionize the way people operate networks. For the benefits of network coding to be realized, distributed solutions are needed for various network problems. In this work, we look at three aspects of distributed control of coded networks. The first one is distributed algorithms for establishing minimum-cost multicast connections in coded networks. The subgraph optimization problem can be viewed as an linear optimization problem, and we look at algorithms that solve this problem for both static and dynamic multicasts. For static multicast, we present decentralized dual subgradient algorithms to find the min-cost subgraph. Due to the special structure of the network coding problem, we can recover a feasible primal solution after each iteration, and also derive theoretical bounds on the convergence rate in both the dual and the primal spaces. In addition, we propose heuristics to further improve our algorithm, and demonstrate through simulations that the distributed algorithm converges to the optimal subgraph quickly and is robust against network topology changes. For dynamic multicast, we introduce two types of rearrangements, link rearrangement and code rearrangement, to characterize disturbances to users. We present algorithms to solve the online network coding problem, and demonstrate through simulations that the algorithms can adapt to changing demands of the multicast group while minimizing disturbances to existing users.(cont.) The second part of our work focuses on analysis of COPE, a distributed opportunistic network coding system for wireless mesh networks. Experiments have shown that COPE can improve network throughput significantly, but current theoretical analysis fails to fully explain this performance. We argue that the key factor that shapes COPE's performance curve is the interaction between COPE and the MAC protocol. We also propose a simple modification to COPE that can further increase the network throughput. Finally, we study network coding for content distribution in peer-to-peer networks. Such systems can improve the speed of downloads and the robustness of the systems. However, they are very vulnerable to Byzantine attacks, and we need to have a signature scheme that allows nodes to check the validity of a packet without decoding. In this work, we propose such a signature scheme for network coding. Our scheme makes use of the linearity property of the packets in a coded system, and allows nodes to check the integrity of the packets received easily. We show that the proposed scheme is secure, and its overhead is negligible for large files.by Fang Zhao.Ph.D

Design Quality of Security Service Negotiation Protocol

With future network equipment the security service becomes a critical and serious problem. Especially in the network, users do not want to expose their message to others or to be forged by others. They make extensive use of cryptography and integrity algorithms to achieve security. The sender can achieve the high quality of security service (high security level), only if the receivers and routers along path to receivers can support or satisfy the quality of security service requested by the sender. Therefore, this paper proposes a protocol to provide the needed mechanism for quality of security service, to dynamically negotiate the quality of security service among the senders and receivers of multicasts in the network. It provides different quality of security service resolutions to different receiver nodes with different security service needs and includes six different negotiation styles

Authenticated file broadcast protocol

The File Broadcast Protocol (FBP) was developed as a part of the DETIboot system. DETIboot allows a host to broadcast an operating system image through an 802.11 wireless network to an arbitrary number of receivers. Receivers can load the image and immediately boot a Linux live session. The initial version of FBP had no security mechanisms. In this paper we present an authentication protocol developed for FBP that ensures a correct file distribution from the intended source to the receivers. The performance valuations have shown that, with the best operational configuration tested, the file download time is increased by less than 5%