1. Fact Sheet SEN-214
Simple Secure Multicast
Transmission
Copyright Senetas Corporation 2012 - All rights reserved. Permission to reproduce and distribute this document is
granted provided this copyright notice is included and that no modifications are made to the original. Revisions to this
document may be issued, without notice, from time to time.
2. Simple Secure Multicast Transmission
Introduction
Senetas Ethernet encryptors are layer 2 (data link) devices that can secure traffic at wire speeds
across wide area Ethernet services to provide confidentiality of transmitted information.
Encryption of multicast traffic is conventionally difficult because of the one to many nature of the
data flow. This paper describes how multicast traffic can be transmitted simply and securely when
encrypting at layer 2 in the OSI model.
Multicast applications
Multicast transmission is a means of simultaneously sending information to a group of interested
receivers in a single transmission and is considered a bandwidth saving technology as it provides an
efficient way of delivering the same information to a group rather than copying it individually to
each of the group members.
Multicast traffic volumes have been increasing rapidly mainly due to the growth of video-based
applications but also from other uses such as real-time information feeds and content delivery
systems.
Figure 1 - Types of transmission
Multicast delivery across layer 2 networks
Figure 1 shows data transmission for the unicast, broadcast and multicast cases. Whereas
traditional unicast delivery requires that a source transmits just one copy of the data to one receiver
and broadcast delivery requires one copy of the data to be sent to all members of a group; multicast
delivery requires that traffic be delivered to only selected members of a group.
Efficient multicast delivery therefore requires all network devices in the path between transmitter
and receivers to have knowledge of the selected group members as well as the ability to intelligently
deliver those packets only where they are needed.
__________________________________________________________________________________
Page 1
3. Simple Secure Multicast Transmission
Multicast transmission uses various protocols and reserved network addresses to allow this efficient
distribution. At layer 3 the class D range of IP addresses is reserved for multicast protocols and at
layer 2 the low order bit of the high-order byte in the destination MAC address is used to distinguish
unicast addresses from multicast addresses.
For example:
00:80:C8:F9:76:EF is a Unicast address –as indicated by the 00 in the first octet of the MAC address
01:00:5E:00:00:05 is a Multicast address since the first octet of the MAC address is set to 01.
Multicast group membership is normally implemented using the Internet Group Management
Protocol (IGMP) for IPv4 networks or Multicast Listener Discovery (MLD) Messages for IPv6
networks. Both protocols provide a mechanism to dynamically register individual hosts in a
particular multicast group with a multicast router.
The default behaviour of a layer 2 switch is to broadcast multicast traffic out all destination ports.
To prevent this and allow efficient delivery of multicast traffic layer 2 switches need to learn which
ports are associated with each multicast group. This process is normally achieved by IGMP/MLD
snooping which is the process of “listening in” on IGMP network traffic as it passes through the
switch.
Figure 2 - IGMP Snooping
__________________________________________________________________________________
Page 2
4. Simple Secure Multicast Transmission
Figure 2 shows a layer 2 switch in the path between a multicast router and the participating hosts.
IGMP snooping requires the switch to eavesdrop on the information in the IGMP packets that are
sent between the hosts and the multicast router. This allows the switch to learn when hosts join a
group (using IGMP join) or leave the group (using IGMP leave) and therefore intelligently transmit
multicast data only out the relevant ports.
The encryption of IGMP/MLD packets will prevent snooping and cause multicast traffic to be
broadcast everywhere. For this reason Senetas encryptors have a policy control that permits them
to selectively encrypt OR bypass IGMP/MLD packets through the encryptor thus allowing switch
snooping and efficient network delivery.
Security of multicast traffic
The risk to multicast communication is similar to or greater than that for unicast transmission and
includes the threat of eavesdropping as well as unauthorised modification or destruction of data.
The nature of multicast distribution introduces some particular vulnerabilities that are not present
for unicast traffic; for example because multicast group membership is open and not authenticated
it means that anyone is able to easily join a multicast group so that they can receive the traffic
stream or alternately insert data for malicious purposes into the group (even senders need not be
members).
Increasingly businesses are using multicast technologies to reduce the number and frequency of
face-to-face meetings by using widely available webinar and video conferencing tools.
Recent research has shown that insecure video conferencing systems can be ‘the bug in the
boardroom’ and allow hackers to listen in to a company’s confidential discussions. To prevent this
encrypted multicast sessions should be used to ensure the confidentiality of network traffic.
Encryption of multicast traffic encryption is challenging because a single sender must synchronise
encryption state with multiple receivers. Each receiver must securely have knowledge of the
encryption key, the encryption state and be able to both receive and send traffic to other members
of the group.
This problem can be solved using a group key system in which all members of the shared community
(which could be the multicast group or a VLAN) share a common key that is used to encrypt and
decrypt traffic. This is in contrast to unicast encryption in which a unique key per connection is used
between a single sender and a single receiver.
One approach to group key implementation is to use a dedicated key server (see Figure 3) that
pushes encryption keys to all members.
__________________________________________________________________________________
Page 3
5. Simple Secure Multicast Transmission
This approach is commonly used but does have some limitations:
Requires purchase & maintenance of another server in the network (in practice more than
one is required if load balancing / redundancy is needed)
Server must be located where it is always reachable by all members of the group
Server must be always online or the keys are not refreshed
Presents a single point of compromise (redundant servers don’t necessarily mitigate this
because a compromise to one server is a compromise to all with shared keys)
Presents a single point of failure (redundant servers can reduce this to some degree at
additional expense)
Figure 3 - External Key server model
Senetas group encryption
Senetas uses an alternate approach to group key distribution, which avoids the need for a separate
key server, by giving one encryptor in the group responsibility for generating and distributing keys to
all other members as shown in Figure 4.
__________________________________________________________________________________
Page 4
6. Simple Secure Multicast Transmission
Figure 4 - Encryptor Key Master
In this model an encryptor is delegated the role of key master from an automatic election process
amongst the visible encryptors in the network.
This mechanism has the following features:
Automatic discovery of multicast encryption groups and secure connections (no manual
configuration of MAC addresses or VLAN IDs is required)
Secure distribution and automatic updates of keys to all members of the group
New members can securely join or leave the group at any time
Automatic aging/deletion of inactive groups
Fault tolerant to network outages and topology changes
In the event of a temporary isolation of network segments (caused for example by a network outage
or reconfiguration as shown in Figure 5), the group key management scheme will automatically
maintain/establish new group key managers within each visible network.
When the network segments rejoin the network will transparently re-elect a single group key
master. Importantly this ‘split-rejoin’ process can occur with no disruption to network traffic as long
as the network is separated for less than two key update periods.
If the key update period is for example one hour, then two split groups will have the same key to use
for more than an hour, but less than 2 hours. Key updates effectively keep the encryptor with keys
one key update period change ahead.
__________________________________________________________________________________
Page 5
7. Simple Secure Multicast Transmission
If two or more key updates occur while the networks are separate, the terminating group (i.e. the
group controlled by the key master that terminates) will synchronise with the remaining Master,
which results in less than three seconds of disruption.
Figure 5 - Network split with 2 key masters
Policy control
Multicast encryption is supported in both MAC and VLAN modes of operation on Senetas encryption
appliances.
i. In MAC mode the encryptor will establish both unicast and multicast connections based on the
MAC address in each received Ethernet frame.
In this mode pairwise keys are used for encrypting frames with unicast destination addresses
and dynamic multicast connections are established using group keys for frames with multicast
destination addresses. Multicast connections can be automatically deleted when no traffic is
present for a specified number of minutes
ii. In VLAN mode the encryptor will establish an encrypted connection per VLAN using group keys
only. The VLAN identifier in the frame is used to distinguish secure connections. VLAN
connections are automatically discovered but do not age with inactivity.
__________________________________________________________________________________
Page 6
8. Simple Secure Multicast Transmission
Figure 6 - Multicast group that spans VLANs
In architectures where one multicast group address spans multiple VLAN IDs (for example in Figure 6
where all hosts are part of the same multicast group) then VLAN mode must be used. This is to
ensure that the encryptor’s key management traffic is always on the same VLAN for a given
connection.
Senetas provides a GUI management tool CypherManager to configure the encryptor policy. This
tool provides fine-grained control of traffic processing and allows encryption policy to be set on a
per ethertype / per address class level of resolution as shown in Figure 7.
Figure 7 - Policy control
__________________________________________________________________________________
Page 7
9. Simple Secure Multicast Transmission
Performance
The CN encryption platform uses dedicated silicon to perform cut-through forwarding of data plane
traffic. This allows for wire speed processing of encrypted traffic at full line rate at up to 10Gbps.
Latency on the CN1000 Ethernet encryptor for example is approximately 7uS and is independent of
packet size. Encryption introduces little or no jitter regardless of the network application or traffic
profile.
Encryption is performed using the AES algorithm with 256 or 128 bit keys. In group encryption mode
(VLAN or multicast MAC) the CTR mode of encryption is used which introduces an additional eight
bytes of data to every encrypted frame.
Summary
There is a growing need to securely and efficiently deliver multicast traffic across networks for a
variety of applications.
Traditional approaches to this using layer 3 encryption can be problematic from both a complexity
and performance perspective.
Encryption at layer 2 can provide a simple, effective way to secure multicast traffic streams without
compromising network performance.
__________________________________________________________________________________
Page 8