Browse Prior Art Database

The Multicast Group Security Architecture (RFC3740)

IP.com Disclosure Number: IPCOM000023747D
Original Publication Date: 2004-Mar-01
Included in the Prior Art Database: 2004-Mar-31
Document File: 27 page(s) / 65K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

T. Hardjono: AUTHOR [+2]

Abstract

This document provides an overview and rationale of the multicast security architecture used to secure data packets of large multicast groups. The document begins by introducing a Multicast Security Reference Framework, and proceeds to identify the security services that may be part of a secure multicast solution.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group T. Hardjono

Request for Comments: 3740 Verisign

Category: Informational B. Weis

Cisco

March 2004

The Multicast Group Security Architecture

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2004). All Rights Reserved.

Abstract

This document provides an overview and rationale of the multicast

security architecture used to secure data packets of large multicast

groups. The document begins by introducing a Multicast Security

Reference Framework, and proceeds to identify the security services

that may be part of a secure multicast solution.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.1. Scope. . . . . . . . . . . . . . . . . . . . . . . . . . 2

1.2. Summary of Contents of Document. . . . . . . . . . . . . 3

1.3. Audience . . . . . . . . . . . . . . . . . . . . . . . . 4

1.4. Terminology. . . . . . . . . . . . . . . . . . . . . . . 4

2. Architectural Design: The Multicast Security Reference

Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . 4

2.1. The Reference Framework. . . . . . . . . . . . . . . . . 4

2.2. Elements of the Centralized Reference Framework. . . . . 5

2.2.1. Group Controller and Key Server. . . . . . . . . 6

2.2.2. Sender and Receiver. . . . . . . . . . . . . . . 7

2.2.3. Policy Server. . . . . . . . . . . . . . . . . . 7

2.3. Elements of the Distributed Reference Framework. . . . . 8

3. Functional Areas . . . . . . . . . . . . . . . . . . . . . . . 9

3.1. Multicast Data Handling. . . . . . . . . . . . . . . . . 9

3.2. Group Key Management . . . . . . . . . . . . . . . . . . 10

3.3. Multicast Security Policies. . . . . . . . . . . . . . . 11

4. Group Security Associations (GSA). . . . . . . . . . . . . . . 12

4.1. The Security Association . . . . . . . . . . . . . . . . 12

Hardjono & Weis Informational [Page 1]

RFC 3740 Multicast Group Security Architecture March 2004

4.2. Structure of a GSA: Introduction . . . . . . . . . . . . 13

4.3. Structure of a GSA: Reasoning. . . . . . . . . . . . . . 14

4.4. Definition of GSA. . . . . . . . . . . . . . . . . . . . 15

4.5. Typical Compositions of a GSA. . . . . . . . . . . . . . 17

5. Security Services. . . . . . . . . . . . . . . . . . . . . . . 17

5.1. Multicast Data Confidentiality . . . . . . . . . . . . . 18

5.2. Multicast Source Authentication and Data Integrity . . . 18

5.3. Multicast Group Authentication . . . . . . . . . . . . . 19

5.4. Multicast Group Membership Management. . . . . . . . . . 19

5.5. Multicast Key Management . . . . . . . . . . . . . . . . 20

5.6. Multicast Policy Management. . . . . . . . . . . . . . . 21

6. Security Considerations. . . . . . . . . . . . . . . . . . . . 22

6.1. Multicast Data Handling. . . . . . . . . . . . . . . . . 22

6.2. Group Key Management . . . . . . . . . . . . . . . . . . 22

6.3. Multicast...