[AG-TECH] AG Security
Bill Nickless
nickless at mcs.anl.gov
Sun Jul 21 22:19:55 CDT 2002
Hi Markus--
Some first reactions to your comments.
I'm not convinced of the viability of a security/encryption model that
operates below the application layer.
You mention the possibility of an attacker joining the group "and running
crack over it". Quoting Rescorla(?) at the IETF IESG Plenary in Yokohama
last week, "the Internet is where you hand your packets off to your
attacker to deliver for you." In other words, the possibility of the
attacker getting your traffic is assumed even in the case of
unicast. Granted, multicast traffic is easier to get hold of than by
compromising an intermediate router to send you unicast traffic. But the
assumptions should be the same--your attacker has all your traffic.
That being said, you might like to look over some of the IETF MAGMA Working
Group discussions on secure IGMP. The attack model here is slightly
different; it appeared to be focused to help a service provider secure
multicast media content. That is, the service provider would supply (say)
HBO on a certain multicast group address, and only those subscribers to HBO
would be able to join that multicast group.
Deb Agarwal of LBNL presented some work at the last Access Grid retreat on
securing multicast groups and sessions. She pointed to
http://www-itg.lbl.gov/CIF/GroupComm/ in her presentation, which is
available at
http://www-fp.mcs.anl.gov/fl/accessgrid/ag-retreat-2002/proceedings/agarwal.pdf
.
===
Bill Nickless http://www.mcs.anl.gov/people/nickless +1 630 252 7390
PGP:0E 0F 16 80 C5 B1 69 52 E1 44 1A A5 0E 1B 74 F7 nickless at mcs.anl.gov
More information about the ag-tech
mailing list