Key Management for Secure Multicast in Hybrid Satellite Networks

Keywords: This paper proposes a design for key management for secure multicast in hybrid satellite networks. Communication satellites offer an efficient way to extend IP multicast services for groups in wide-area networks. In order to be commercially viable, the multicast traffic should be accessible only to paying subscribers. Access control can be achieved by data encryption. This requires secure and efficient methods to generate, distribute and update the keys. Most current key management protocols do not scale well when applied to large dynamic groups in wide-area networks. This paper attempts to solve the above problem for groups in a hybrid network that is composed of terrestrial Ethernet LANs interconnected by ATM-based satellite channels. We investigate current group key management protocols, and design a framework for secure and scalable key management for the multicast routing architecture in the satellite network. The proposed framework is presented in detail, alongwith analysis and simulation results. Satellite network, secure multicast, group key management. 1

Key Management for Secure Multicast in Hybrid Satellite Networks

This paper proposes a design for key management for secure multicast in hybrid satellite networks. Communication satellites offer an efficient way to extend IP multicast services for groups in wide-area networks. In order to be commercially viable, the multicast traffic should be accessible only to paying subscribers. Access control can be achieved by data encryption. This requires secure and efficient methods to generate, distribute and update the keys. Most current key management protocols do not scale well when applied to large dynamic groups in wide-area networks. This paper attempts to solve the above problem for groups in a hybrid network that is composed of terrestrial Ethernet LANs interconnected by ATM-based satellite channels. We investigate current group key management protocols, and design a framework for secure and scalable key management for the multicast routing architecture in the satellite network. The proposed framework is presented in detail, alongwith analysis and simulation results

MULTI-USER SECURITY FOR MULTICAST COMMUNICATIONS

The ubiquity of communication networks is facilitating the development of wireless and Internet applications aimed at allowing users to communicate and collaborate amongst themselves. In the future, group-oriented services will be one of the dominant services that facilitate real-time information exchange among a large number of diverse users. However, before these group-oriented services can be successful deployed, technologies must be developed to guarantee the security of the information and data exchanged in group communications. Among all security requirements of group communication, access control is paramount as it is the first line of defense that prevents unauthorized access to the group communication and protects the value of application data. Access control is usually achieved by encrypting the data using a key that is shared among all legitimated group members. The problem of access control becomes more difficult when the content is distributed to a dynamic group with user joining and leaving the service for a variety of reasons. Thus, Group Key Management is required to achieve key update with dynamic group membership. Existing group key management schemes seek to minimize either the amount of rounds needed in establishing the group key, or the size of the key updating messages. They do not, however, considering the varying requirements of the users, the underlying networks or the applications. Those generic solutions of access control often yield large consumption of communication, computation and storage resources. In addition, the design of existing key management schemes focus on protecting the application data, but introduces vulnerabilities in protecting the statistics of group membership information. This poses severe security concern in various group applications. The focus of this dissertation is to design network-specific and application specific group key management and solve the security vulnerability of key management that reveals dynamic group membership information. This dissertation will present scalable group key management in heterogeneous wireless network, the hierarchical access control for multimedia applications, and a framework of securing dynamic group membership information over multicast. The main contribution of this dissertation is to advance the group key management research to achieve higher level of scalability and security

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

A component-based middleware framework for configurable and reconfigurable Grid computing

Significant progress has been made in the design and development of Grid middleware which, in its present form, is founded on Web services technologies. However, we argue that present-day Grid middleware is severely limited in supporting projected next-generation applications which will involve pervasive and heterogeneous networked infrastructures, and advanced services such as collaborative distributed visualization. In this paper we discuss a new Grid middleware framework that features (i) support for advanced network services based on the novel concept of pluggable overlay networks, (ii) an architectural framework for constructing bespoke Grid middleware platforms in terms of 'middleware domains' such as extensible interaction types and resource discovery. We believe that such features will become increasingly essential with the emergence of next-generation e-Science applications. Copyright (c) 2005 John Wiley & Sons, Ltd

GRIDKIT: Pluggable overlay networks for Grid computing

A `second generation' approach to the provision of Grid middleware is now emerging which is built on service-oriented architecture and web services standards and technologies. However, advanced Grid applications have significant demands that are not addressed by present-day web services platforms. As one prime example, current platforms do not support the rich diversity of communication `interaction types' that are demanded by advanced applications (e.g. publish-subscribe, media streaming, peer-to-peer interaction). In the paper we describe the Gridkit middleware which augments the basic service-oriented architecture to address this particular deficiency. We particularly focus on the communications infrastructure support required to support multiple interaction types in a unified, principled and extensible manner-which we present in terms of the novel concept of pluggable overlay networks

Requirements of a middleware for managing a large, heterogeneous programmable network

Programmable networking is an increasingly popular area of research in both industry and academia. Although most programmable network research projects seem to focus on the router architecture rather than on issues relating to the management of programmable networks, there are numerous research groups that have incorporated management middleware into the programmable network router software. However, none seem to be concerned with the effective management of a large heterogeneous programmable network. The requirements of such a middleware are outlined in this paper. There are a number of fundamental middleware principles that are addressed in this paper; these include management paradigms, configuration delivery, scalability and transactions. Security, fault tolerance and usability are also examined—although these are not essential parts of the middleware, they must be addressed if the programmable network management middleware is to be accepted by industry and adopted by other research projects

Reflections on security options for the real-time transport protocol framework

The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol

A Review of the Energy Efficient and Secure Multicast Routing Protocols for Mobile Ad hoc Networks

This paper presents a thorough survey of recent work addressing energy efficient multicast routing protocols and secure multicast routing protocols in Mobile Ad hoc Networks (MANETs). There are so many issues and solutions which witness the need of energy management and security in ad hoc wireless networks. The objective of a multicast routing protocol for MANETs is to support the propagation of data from a sender to all the receivers of a multicast group while trying to use the available bandwidth efficiently in the presence of frequent topology changes. Multicasting can improve the efficiency of the wireless link when sending multiple copies of messages by exploiting the inherent broadcast property of wireless transmission. Secure multicast routing plays a significant role in MANETs. However, offering energy efficient and secure multicast routing is a difficult and challenging task. In recent years, various multicast routing protocols have been proposed for MANETs. These protocols have distinguishing features and use different mechanismsComment: 15 page