Foreword | p. xv |
Preface | p. xvii |
Acknowledgments | p. xxi |
1 Introduction | p. 1 |
1.1 Motivation for multicast security | p. 2 |
1.2 Multicast content protection | p. 5 |
1.3 Infrastructure protection | p. 12 |
1.4 Applications of secure multicasting | p. 13 |
1.5 Road map | p. 13 |
References | p. 14 |
2 Framework for multicast and group security | p. 17 |
2.1 The problem scope of multicast security | p. 17 |
2.2 Fundamental issues | p. 19 |
2.3 Transport and applications issues | p. 23 |
2.4 The IETF problem scope for multicast and group security | p. 25 |
2.5 Three problem areas in the management of keying material | p. 30 |
2.6 The building blocks approach | p. 34 |
2.7 Summary | p. 42 |
References | p. 43 |
3 Multicast data authentication | p. 45 |
3.1 Issues in multicast data authentication | p. 46 |
3.2 Digital signatures for source authentication | p. 50 |
3.3 Hash chaining to authenticate streaming data | p. 55 |
3.4 MAC-based source authentication of unreliable streams | p. 61 |
3.5 IPsec ESP and MESP | p. 68 |
3.6 Summary | p. 69 |
References | p. 70 |
4 Introduction to group key management | p. 73 |
4.1 A model for group key management | p. 74 |
4.2 Requirements in group key management | p. 76 |
4.3 Security requirements of group key management | p. 79 |
4.4 GSA management | p. 82 |
4.5 Classification of the group key management problem | p. 86 |
4.6 Summary | p. 88 |
References | p. 88 |
5 Architectures and protocols for group key management | p. 91 |
5.1 Architectural issues and motivations | p. 93 |
5.2 IKAM | p. 94 |
5.3 Iolus | p. 103 |
5.4 Key distribution protocols | p. 108 |
5.5 Summary | p. 126 |
References | p. 126 |
6 Group key management algorithms | p. 129 |
6.1 Batch and periodic rekeying | p. 131 |
6.2 MARKS | p. 134 |
6.3 LKH | p. 136 |
6.4 OFT | p. 142 |
6.5 Batch processing of membership changes in key trees | p. 148 |
6.6 Reliable transport of rekey messages | p. 148 |
6.7 Stateless key revocation algorithms | p. 150 |
6.8 Summary | p. 154 |
References | p. 156 |
7 Group security policy | p. 159 |
7.1 Group security policy framework | p. 161 |
7.2 Classification of group security policy | p. 164 |
7.3 Group security policy specification | p. 169 |
7.4 Policy negotiation and reconciliation | p. 174 |
7.5 Group security policy enforcement | p. 176 |
7.6 Summary | p. 178 |
References | p. 179 |
8 Securing multicast routing protocols | p. 181 |
8.1 The three components of multicast security | p. 182 |
8.2 Overview of multicast routing | p. 186 |
8.3 Security requirements in unicast and multicast routing | p. 194 |
8.4 PIM-SM security | p. 197 |
8.5 MSDP security | p. 205 |
8.6 IGMP security | p. 207 |
8.7 Security in other routing protocols | p. 214 |
8.8 Summary | p. 216 |
References | p. 218 |
9 Security in Reliable Multicast protocols | p. 223 |
9.1 Classification of RM protocols | p. 225 |
9.2 Generic security requirements for RM protocols | p. 229 |
9.3 Security of TRACK protocols | p. 231 |
9.4 Security of NORM protocols | p. 238 |
9.5 Security of FEC-based protocols | p. 247 |
9.6 Summary | p. 248 |
References | p. 249 |
10 Applications of multicast and their security | p. 253 |
10.1 Stock market data distribution | p. 254 |
10.2 Local area IP Television | p. 257 |
10.3 Nonreal-time multicast distribution | p. 261 |
10.4 SecureGroups project | p. 266 |
10.5 Summary | p. 268 |
References | p. 268 |
11 Conclusion and future work | p. 271 |
11.1 IETF multicast security framework | p. 272 |
11.2 Secure multicast data transmission | p. 272 |
11.3 Group key distribution | p. 274 |
11.4 Policy | p. 278 |
11.5 Infrastructure protection | p. 278 |
11.6 Future direction and final words | p. 280 |
Glossary | p. 283 |
About the Authors | p. 295 |
Index | p. 297 |