Browse Prior Art Database

Scalable Multicast Key Distribution (RFC1949)

IP.com Disclosure Number: IPCOM000004178D
Original Publication Date: 1996-May-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 14 page(s) / 39K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

A. Ballardie: AUTHOR

Abstract

The benefits of multicasting are becoming ever-more apparent, and its use much more widespread. This is evident from the growth of the MBONE [1]. Providing security services for multicast, such as traffic integrity, authentication, and confidentiality, is particularly problematic since it requires securely distributing a group (session) key to each of a group's receivers. Traditionally, the key distribution function has been assigned to a central network entity, or Key Distribution Centre (KDC), but this method does not scale for wide-area multicasting, where group members may be widely-distributed across the internetwork, and a wide-area group may be densely populated.

This text was extracted from a ASCII document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group A. Ballardie

Request for Comments: 1949 University College London

Category: Experimental May 1996

Scalable Multicast Key Distribution

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. This memo does not specify an Internet standard of any

kind. Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Abstract

The benefits of multicasting are becoming ever-more apparent, and its

use much more widespread. This is evident from the growth of the

MBONE [1]. Providing security services for multicast, such as traffic

integrity, authentication, and confidentiality, is particularly

problematic since it requires securely distributing a group (session)

key to each of a group's receivers. Traditionally, the key

distribution function has been assigned to a central network entity,

or Key Distribution Centre (KDC), but this method does not scale for

wide-area multicasting, where group members may be widely-distributed

across the internetwork, and a wide-area group may be densely

populated.

Even more problematic is the scalable distribution of sender-specific

keys. Sender-specific keys are required if data traffic is to be

authenticated on a per-sender basis.

This memo provides a scalable solution to the multicast key

distribution problem.

NOTE: this proposal requires some simple support mechanisms, which,

it is recommended here, be integrated into version 3 of IGMP. This

support is described in Appendix B.

1. Introduction

Growing concern about the integrity of Internet communication [13]

(routing information and data traffic) has led to the development of

an Internet Security Architecture, proposed by the IPSEC working

group of the IETF [2]. The proposed security mechanisms are

implemented at the network layer - the layer of the protocol stack at

which networking resources are best protected [3].

Unlike many network layer protocols, the Core Based Tree (CBT)

multicast protocol [4] makes explicit provision for security; it has

its own protocol header, unlike existing IP multicast schemes

[10,11], and other recently proposed schemes [12].

In this document we describe how the CBT multicast protocol can

provide for the secure joining of a CBT group tree, and how this same

process can provide a scalable solution to the multicast key

distribution problem. These security services are an integral part

of the CBT protocol [4]. Their use i...