3

I'm interested in securing IP Multicast traffic for content that will be sent globally with several low bandwidth receivers.

I understand that simplified Broadcast encryption takes N public keys and encrypts a symmetric key N times. This is an O(N) operation, that needs to be refreshed any time the membership of N changes.

I'm hoping that a technology is proven in either IPv6 or IP Multicast that will solve the need to secure IP Multicast problem.

makerofthings7
  • 50,090
  • 54
  • 250
  • 536
  • Well, if every listener needs a different key then you need to know who your listeners are and negotiate keys with them. Or else you just use one shared key that every listener knows. Not much you can change about that... – Sander Steffann Nov 13 '13 at 00:02
  • @SanderSteffann I'm sure this problem has been solved more efficiently than O(N) by Satellite companies, cable boxes, etc. I'm hoping it's also native to IPv6 – makerofthings7 Nov 13 '13 at 00:09
  • IPv6 is just another transport protocol like IPv4, so nothing that will solve this there. And if you want per-recipient control then then you need per-recipient keys. The only way you are going to get something better than O(n) is to make n smaller by grouping recipients, like control per subscription period/group/etc. – Sander Steffann Nov 13 '13 at 23:19
  • Just for the record: There are protocols to enable O(1) encryption and decryption using dynamic group keys, e.g. the Multicast Internet Key Exchange (MIKE) protocol. But this generates a certain overhead, depending on the frequency of members joining/leaving/being excluded, and it could be hard to get hands on an implementation. – Dubu Jan 17 '14 at 14:16
  • Have you considered looking into DRM-like solutions? Something along these lines http://research.microsoft.com/apps/pubs/default.aspx?id=193328 and http://en.wikipedia.org/wiki/HTTP_Live_Streaming – lorenzog Jun 25 '14 at 14:19

1 Answers1

2

IPv6 is just advanced addressing and networking protocol. With respect to Multicast Traffic and related security it will not provide any specific solution.

There are various encryption available for securing the Multicast Traffic. Cisco has implemented it in its IOS. Cisco IOS® Secure Multicast is native IP Multicast encryption that does not rely on a tunnel-based architecture, lowering administrative overhead and helping ensure optimum WAN flexibility.

Application level security and encryption can also be implied in order to secure generated Multicast Traffic. Cisco has published in depth analysis of Threats in the Multicast Environment and Securing a Multicast Network as The Multicast Security Tool Kit you can refer that for more.

Shashank Bajpai
  • 133
  • 8