SlideShare una empresa de Scribd logo

Participant Access Control in IP Multicasting

Bangladesh Network Operators Group
Bangladesh Network Operators Group

Participant Access Control in IP Multicasting

Internet
1 de 26
Descargar para leer sin conexión
Participant Access Control in IP Multicasting Salekul Islam (salekul@cse.uiu.ac.bd) United International University (UIU) Dhaka, Bangladesh
Outline of the presentation 24-May-14 Participant Access Control in IP Multicasting 2 Sender Access Control PANA, IKEv2 and IPsec SA Receiver Access Control IGMP with Access Control (IGMP-AC) PIM-SM Routers build the data distribution tree IGMP End hosts join/leave a multicast group IP Multicast Secure Multicast: Protects multicast data and control messages. Why it fails to provide access control? Access Control Architecture Access Control: Authentication, Authorization & Accounting Participant: Receivers & Sender(s)
Protocols Involved in IP Multicast •  Internet Group Management Protocol (IGMP) o  IGMPv3 has been standardized by the IETF o  End hosts inform the neighboring router(s) about the multicast group memberships using IGMP o  Two types of messages: Query and Report •  Protocol Independent Multicast - Sparse Mode (PIM-SM) o  Depends on underlying unicast routing information base o  Builds unidirectional shared trees o  Optionally creates shortest-path trees per source. 24-May-14 Participant Access Control in IP Multicasting 3
IGMP Query Message 24-May-14 Participant Access Control in IP Multicasting 4 Querier Query Message Directly connected Access Router (AR) AR AR CR
IGMP Report Message 24-May-14 Participant Access Control in IP Multicasting 5 Querier Directly connected Access Router (AR) AR AR CR Receiver 1 Receiver 2 Report Messages
IP Multicast Service Model 24-May-14 Participant Access Control in IP Multicasting 6 AR1 AR2 AR3CR3 Sender Receivers End Users Routing Protocol (PIM-SM) Builds DDT IGMP Messages User Joins/Leaves Sends multicast data Data forwarding using DDT CR1 CR2 CR3 DDT: Data Distribution Tree
Multicast-based Applications 24-May-14 Participant Access Control in IP Multicasting 7 Number of Participants Applications One-to-many (single sender multiple receivers) • Scheduled audio/video distribution • Push media: news headlines, weather updates • File distribution and caching • Announcements: multicast session, key updates • Monitoring: stock prices, sensor equipment Many-to-many (multiple senders multiple receivers) • Multimedia conferencing • Synchronized resources • Distance learning with input from receivers • Multi-player games Many-to-one (multiple senders single receivers) • Resource discovery • Auctions • Polling
Multicast Service Model: Vulnerabilities 24-May-14 Participant Access Control in IP Multicasting 8 AR1 AR2 AR3CR3 Sender Receivers End Users CR1 CR2 CR3 AR4 AR1 IGMP Join Routing Protocol Join Adversary Receiver Forged data Adversary Sender IP multicast model: • Multicast groups are open • Any one can join any one can send
Motivation: Revenue Generation Architecture •  Secure Multicasting is composed of o  Protecting control messages—routing protocol specific (secured IGMP and PIM-SM) o  Protecting multicast data—encryption and authentication (IETF standardized TESLA ) •  Significant progress of securing multicasting fails to happen in large scale commercial deployment •  A revenue generation architecture considers o  Participant access control—AAA for sender(s) and receivers o  Policy enforcement o  E-commerce communications 24-May-14 Participant Access Control in IP Multicasting 9
Why Access Control? •  Effects of forged IGMP messages o  Join message pulls distribution tree, may create DoS o  Leave message prunes distribution tree, prevents legitimate users from receiving o  IGMP security—only authenticates IGMP messages •  Attacks by a forged sender o  Replay attack o  Sender address spoofing attack o  May create DoS •  Secure Multicast (Group Key Management) fails to prevent these attacks 24-May-14 Participant Access Control in IP Multicasting 10
How to deploy access control? •  Receiver access control for a secured group o  While joining/leaving o  Changing reception state at ARs •  Sender access control for a secured group o  Sending data 24-May-14 Participant Access Control in IP Multicasting 11 Coupling access control with IGMP Per-packet cryptographic protection at AR
Sender Access Control •  AAA for sender(s) •  Per-packet protection Data Distribution Control •  Protects distribution tree from forged sender •  Not routing protocol security Receiver Access Control •  AAA for receivers/EUs Overview of Access Control Architecture 24-May-14 Participant Access Control in IP Multicasting 12 AR1 AR2 AR3CR3 CR1 CR2 Sender Receivers EUs
Unicast Access Control and Authentication •  Access Control is achieved by AAA framework o  RADIUS—older version, with limited functionalities o  Diameter—next generation AAA protocol •  Extensible •  Large AVP •  Agent support •  For authentication IETF has designed o  Extensible Authentication Protocol (EAP) o  Protocol for carrying Authentication for Network Access (PANA)—EAP lower layer 24-May-14 Participant Access Control in IP Multicasting 13
Authentication, Authorization and Accounting (AAA) Framework 24-May-14 Participant Access Control in IP Multicasting 14 AAA protocol AAA Server Authentication Authorization Accounting NAS AAA Client End User Network End User Database Requesting access to network EU credentials Accept Access is granted NAS: Network Access Server
Extensible Authentication Protocol (EAP) 24-May-14 Participant Access Control in IP Multicasting 15 EAP Request1 EAP Response1 EAP Request2 EAP ResponseN Diameter (EAP ResponseN) Diameter (EAP Success) EAP Success NAS/ EAP Authenticator AAA Server EAP Server EAP Diameter (EAP) End User EAP Peer §  EAP summary -  Authentication framework -  Multiple authentication -  EAP methods -  Four EAP messages Request, Response Success, Failure (Initiate EAP) By peer or authenticator Authenticator to peer Peer to authenticator Diameter (EAP Response1) Diameter (EAP Request2) Encapsulated over Diameter
Key Challenges for Access Control •  The most generic architecture o  Deployable for multi-domain distributed groups o  Supports wide range of authentication o  Independent of routing protocol o  Supports both ASM and SSM •  A scalable solution o  Minimum workload for on-tree routers and end hosts o  A distributed solution (e.g., using AAA) •  Reuse standard frameworks/protocols o  Fits easily in the existing Internet service model o  Will reduce the work of service providers 24-May-14 Participant Access Control in IP Multicasting 16
Out of the scope NAS NAS Access Control Architecture 24-May-14 Participant Access Control in IP Multicasting 17 AR1 AR2 AR3CR3 CR1 CR2 Sender End Users AAAS Participants Database & Policy Server Updates Registration GO/MR FI Diameter IGMP Carrying EU auth. info
NAS Receiver Access Control using IGMP-AC 24-May-14 Participant Access Control in IP Multicasting 18 AR1 AR2 AR3 CR1 CR2 CR3 End Users Sender IGMP-AC (EAP) IGMP with Access Control (IGMP-AC) •  Extended version of IGMPv3 •  Encapsulates EAP packets •  Verification using SPIN •  Validation using AVISPA AAA ServerParticipants Database Diameter (EAP)
EAP auth End User Authentication using Extensible Authentication Protocol (EAP) 24-May-14 Participant Access Control in IP Multicasting 19 EAP method EAP peer EAP layer IGMP-AC Lower layers EAP peer IGMP-AC EAP layer Lower layers EAP auth EAP layer AAA/IP EAP method EAP auth EAP layer AAA/IP EU/ Peer AR/Authenticator/NAS AAA Server EAP Encapsulation over IGMP-AC
Protocol for carrying Authentication for Network Access (PANA) 24-May-14 Participant Access Control in IP Multicasting 20 PaC (EU) PAA (NAS/AR) AS (AAAS) EP (AR) SNMP/ API PANA RADIUS/ Diameter IKE PaC : PANA Client AS : Authentication Server EP : Enforcement Point PAA : PANA Authentication Agent §  PANA summary -  Network access protocol -  Works as EAP lower layer -  Four entities: PaC, PAA, AS, EP
Sender Access Control 24-May-14 Participant Access Control in IP Multicasting 21 AR1 AR2 AR3 CR1 CR2 CR3 PANA (EAP) AAA Server End User Sender IKEv2 IPsec SA NAS IKE-pre- shared-Key 1. Anti-replay 2. Prevents source address spoofing 3. Minimizes DoS AAA-Key PaC-EP- Master-Key IKE-pre- Shared-Key
More about access control in multicast •  This is a brief description of our work in this area •  What else we have done? o  Policy framework o  Inter-domain access control architecture based on Diameter agents o  Data distribution control using multicast SA o  Mobile multicast: receiver access control & secured handoff 24-May-14 Participant Access Control in IP Multicasting 22
Conclusion: Present status •  A set of Internet Drafts have been written and presented to bring our ideas at the IETF o  J. William Atwood, Salekul Islam and Bing Li “Requirements for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-req-00, 2014. o  J. William Atwood, Bing Li and Salekul Islam “Architecture for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-arch-00, 2014. 24-May-14 Participant Access Control in IP Multicasting 23
Other Publications 1.  Salekul Islam and J. William Atwood, "Sender Access and Data Distribution Control for Inter-domain Multicast Groups", Computer Networks, Vol. 54, No. 10, 2010, pp. 1646-1671. 2.  Salekul Islam and J. William Atwood, "Multicast Receiver Access Control by IGMP-AC", Computer Networks, Vol. 53, No. 7, 2009, pp. 989-1013. 3.  Salekul Islam and J. William Atwood, "Multicast Security", in Horizons in Computer Science Research Vol. 2. Thomas S. Clay (ed.), Nova Publishers. 2011, pp. 127-149. 4.  Salekul Islam, "Participant Access Control in IP Multicasting", VDM Verlag, Nov. 2009. 5.  S. Islam and J.W. Atwood, "Receiver Access Control and Secured Handoff in Mobile Multicast using IGMP-AC", submitted to 33rd IEEE Conference on Local Computer Networks. 6.  S. Islam and J.W. Atwood, "Sender Access Control in IP Multicast", in 32nd IEEE Conference on Local Computer Networks, Dublin, Ireland, 2007 October 15-18, pp. 79-86. 7.  S. Islam and J.W. Atwood, "A Policy Framework for Multicast Group Control", in IEEE CCNC--Workshop on Peer-to-Peer Multicasting, Las Vegas, NV, 2007 January 11, pp. 1103-1107. 8.  S. Islam and J.W. Atwood, "The Internet Group Management Protocol with Access Control (IGMP-AC) ", in 31st IEEE Conference on Local Computer Networks, Tampa, Florida, U.S.A., 2006 November 14-16, pp. 475-482. 9.  S. Islam and J.W. Atwood, "A Framework to Add AAA Functionalities in IP Multicast'', in Advanced International Conference on Telecommunications (AICT'06), Guadeloupe, French Caribbean, 2006 February 19-22. 24-May-14 Participant Access Control in IP Multicasting 24
Project Funding •  FQRNT (Quebec Provincial Govt’s fund) o  Doctoral Research Scholarship •  NSERC (Canada Govt’s fund) o  Discovery Grant •  Concordia University 24-May-14 Participant Access Control in IP Multicasting 25
Contact •  Dr. Salekul Islam UIU, Bangladesh Email: salekul@cse.uiu.ac.bd •  Dr. J. William Atwood Concordia University, Canada Email: william.atwood@concordia.ca 24-May-14 Participant Access Control in IP Multicasting 26

Recomendados

KRACK attack
KRACK attackKRACK attack
KRACK attack
VadimDavydov3
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloud
Fotios Lindiakos
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?
Stephen Kho
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
 
On her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy Agency
Stephen Kho
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul Coggin
EC-Council
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield Systems
MyNOG
 

Recomendados

KRACK attack
KRACK attackKRACK attack
KRACK attack
VadimDavydov3
 
Cracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloud
Fotios Lindiakos
 
4G LTE Security - What hackers know?
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?
Stephen Kho
 
Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...
EC-Council
 
On her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy Agency
Stephen Kho
 
Hallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul Coggin
EC-Council
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
Traffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield SystemsTraffic Insight Using Netflow and Deepfield Systems
Traffic Insight Using Netflow and Deepfield Systems
MyNOG
 
authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
Azad Kaki
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Omer Coskun
 
Squire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 SoftswitchSquire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 Softswitch
Squire Technologies
 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication Protocols
Pradeep Kumar TS
 
MQTT 5 - What's New?
MQTT 5 - What's New?MQTT 5 - What's New?
MQTT 5 - What's New?
Dominik Obermaier
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
Mohd Arif
 
Securing Internet of Things with Trustworthy Computing
Securing Internet of Things with Trustworthy ComputingSecuring Internet of Things with Trustworthy Computing
Securing Internet of Things with Trustworthy Computing
The Security of Things Forum
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
Mostafa El Lathy
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
Bangladesh Network Operators Group
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
akruthi k
 
Advanced: 5G Service Based Architecture (SBA)
Advanced: 5G Service Based Architecture (SBA)Advanced: 5G Service Based Architecture (SBA)
Advanced: 5G Service Based Architecture (SBA)
3G4G
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric VanderburgInformation Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Eric Vanderburg
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
Sarthak Patel
 
Igmp presentation
Igmp presentationIgmp presentation
Igmp presentation
SamreenAkhtar8
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
Siddharth Rao
 
Securing Asterisk: A practical approach
Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approach
Bangladesh Network Operators Group
 
Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
Bangladesh Network Operators Group
 

Más contenido relacionado

La actualidad más candente

MQTT 5 - What's New?
MQTT 5 - What's New?MQTT 5 - What's New?
MQTT 5 - What's New?
Dominik Obermaier
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
Mohd Arif
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
Sarthak Patel
 

La actualidad más candente (20)

authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
 
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
 
Squire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 SoftswitchSquire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 Softswitch
 
IoT Communication Protocols
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication Protocols
 
MQTT 5 - What's New?
MQTT 5 - What's New?MQTT 5 - What's New?
MQTT 5 - What's New?
 
Assaulting diameter IPX network
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
 
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
 
Ip sec and ssl
Ip sec and sslIp sec and ssl
Ip sec and ssl
 
Securing Internet of Things with Trustworthy Computing
Securing Internet of Things with Trustworthy ComputingSecuring Internet of Things with Trustworthy Computing
Securing Internet of Things with Trustworthy Computing
 
7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
 
Fortinet FortiOS 5 Presentation
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
 
MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
 
802.11 mgt-opern
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
 
Advanced: 5G Service Based Architecture (SBA)
Advanced: 5G Service Based Architecture (SBA)Advanced: 5G Service Based Architecture (SBA)
Advanced: 5G Service Based Architecture (SBA)
 
Cisco Router As A Vpn Server
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
 
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric VanderburgInformation Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric Vanderburg
 
Network Monitoring System
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
Igmp presentation
Igmp presentationIgmp presentation
Igmp presentation
 
User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
 

Destacado

Destacado (20)

Securing Asterisk: A practical approach
Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approach
 
Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
 
Practical Implementation of BGP Community with Geotags
Practical Implementation of BGP Community with GeotagsPractical Implementation of BGP Community with Geotags
Practical Implementation of BGP Community with Geotags
 
RPKI with rpki.net Tools
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
 
APNIC Policy Update
APNIC Policy Update APNIC Policy Update
APNIC Policy Update
 
Shikkhok.com, An ISIF awarded project
Shikkhok.com, An ISIF awarded project Shikkhok.com, An ISIF awarded project
Shikkhok.com, An ISIF awarded project
 
APNIC Services Update
APNIC Services Update APNIC Services Update
APNIC Services Update
 
Traffic Engineering for CDNs
Traffic Engineering for CDNs Traffic Engineering for CDNs
Traffic Engineering for CDNs
 
Monetizing 4G LTE : How we make money out of LTE
Monetizing 4G LTE : How we make money out of LTEMonetizing 4G LTE : How we make money out of LTE
Monetizing 4G LTE : How we make money out of LTE
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
Prefix Filtering BCP
Prefix Filtering BCP Prefix Filtering BCP
Prefix Filtering BCP
 
IPv6 Greenfield
IPv6 Greenfield IPv6 Greenfield
IPv6 Greenfield
 
How Internet is Empowering Women in Bangladesh
How Internet is Empowering Women in Bangladesh How Internet is Empowering Women in Bangladesh
How Internet is Empowering Women in Bangladesh
 
Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
 
Discovering and Participating at ICANN
Discovering and Participating at ICANNDiscovering and Participating at ICANN
Discovering and Participating at ICANN
 
Good Peering Practices
Good Peering Practices Good Peering Practices
Good Peering Practices
 
Launch a Successful LTE Footprints in Bangladesh
Launch a Successful LTE Footprints in BangladeshLaunch a Successful LTE Footprints in Bangladesh
Launch a Successful LTE Footprints in Bangladesh
 
Building REN in BD
Building REN in BD Building REN in BD
Building REN in BD
 
Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
 
Cloud Computing Using OpenStack
Cloud Computing Using OpenStack Cloud Computing Using OpenStack
Cloud Computing Using OpenStack
 

Similar a Participant Access Control in IP Multicasting

PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security
PROIDEA
 
Edge Device Multi-unicasting for Video Streaming
Edge Device Multi-unicasting for Video StreamingEdge Device Multi-unicasting for Video Streaming
Edge Device Multi-unicasting for Video Streaming
Tal Lavian Ph.D.
 
Using ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmissionUsing ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmission
ITU
 

Similar a Participant Access Control in IP Multicasting (20)

PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security
 
Using open source for IoT
Using open source for IoTUsing open source for IoT
Using open source for IoT
 
Protocol for QoS Support Chapter 18
Protocol for QoS Support Chapter 18Protocol for QoS Support Chapter 18
Protocol for QoS Support Chapter 18
 
Pristine rina-security-icc-2016
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
 
New world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter management
 
Rina converged network operator - etsi workshop
Rina converged network operator - etsi workshopRina converged network operator - etsi workshop
Rina converged network operator - etsi workshop
 
New world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter management
 
Chapter04
Chapter04Chapter04
Chapter04
 
Edge Device Multi-unicasting for Video Streaming
Edge Device Multi-unicasting for Video StreamingEdge Device Multi-unicasting for Video Streaming
Edge Device Multi-unicasting for Video Streaming
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
 
ICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
 
OPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC Foundation
 
Using ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmissionUsing ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmission
 
Squire Technologies: Signal Transfer Point
Squire Technologies: Signal Transfer PointSquire Technologies: Signal Transfer Point
Squire Technologies: Signal Transfer Point
 
Create New Value for You - Huawei Agile Network
Create New Value for You - Huawei Agile NetworkCreate New Value for You - Huawei Agile Network
Create New Value for You - Huawei Agile Network
 
LTE network: How it all comes together architecture technical poster
LTE network: How it all comes together architecture technical posterLTE network: How it all comes together architecture technical poster
LTE network: How it all comes together architecture technical poster
 
PLNOG 4: Emil Gągała - Deploying Next-Generation Multicast VPN
PLNOG 4: Emil Gągała - Deploying Next-Generation Multicast VPNPLNOG 4: Emil Gągała - Deploying Next-Generation Multicast VPN
PLNOG 4: Emil Gągała - Deploying Next-Generation Multicast VPN
 
Diameter_Apr2014.pptx
Diameter_Apr2014.pptxDiameter_Apr2014.pptx
Diameter_Apr2014.pptx
 
Design and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
 
SD-WAN Catalyst a brief Presentation of solution
SD-WAN Catalyst a brief Presentation of solutionSD-WAN Catalyst a brief Presentation of solution
SD-WAN Catalyst a brief Presentation of solution
 

Más de Bangladesh Network Operators Group

Más de Bangladesh Network Operators Group (20)

Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and CephAccelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
Accelerating Hyper-Converged Enterprise Virtualization using Proxmox and Ceph
 
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJRecent IRR changes by Yoshinobu Matsuzaki, IIJ
Recent IRR changes by Yoshinobu Matsuzaki, IIJ
 
Fact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in BangladeshFact Sheets : Network Status in Bangladesh
Fact Sheets : Network Status in Bangladesh
 
AI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the PyramidAI Driven Wi-Fi for the Bottom of the Pyramid
AI Driven Wi-Fi for the Bottom of the Pyramid
 
IPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCTIPv6 Security Overview by QS Tahmeed, APNIC RCT
IPv6 Security Overview by QS Tahmeed, APNIC RCT
 
Network eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life ProductNetwork eWaste : Community role to manage end of life Product
Network eWaste : Community role to manage end of life Product
 
A plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s DeploymentA plenarily integrated SIEM solution and it’s Deployment
A plenarily integrated SIEM solution and it’s Deployment
 
IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
 
Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
 
RPKI Deployment Status in Bangladesh
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
 
An Overview about open UDP Services
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
 
12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
 
Contents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
 
BdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
 
Tale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
 
MANRS for Network Operators
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
 
Re-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
 
RPKI ROA updates
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
 
Blockchain Demystified
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
 

Último

VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
SUHANI PANDEY
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
nilamkumrai
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
SUHANI PANDEY
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
nirzagarg
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
kojalkojal131
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
tanu pandey
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
Neha Pandey
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Escorts Call Girls
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
Delhi Call girls
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
EleniIlkou
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
ydyuyu
 

Último (20)

VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
( Pune ) VIP Baner Call Girls 🎗️ 9352988975 Sizzling | Escorts | Girls Are Re...
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
Pune Airport ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready...
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 

Participant Access Control in IP Multicasting

  • 1. Participant Access Control in IP Multicasting Salekul Islam (salekul@cse.uiu.ac.bd) United International University (UIU) Dhaka, Bangladesh
  • 2. Outline of the presentation 24-May-14 Participant Access Control in IP Multicasting 2 Sender Access Control PANA, IKEv2 and IPsec SA Receiver Access Control IGMP with Access Control (IGMP-AC) PIM-SM Routers build the data distribution tree IGMP End hosts join/leave a multicast group IP Multicast Secure Multicast: Protects multicast data and control messages. Why it fails to provide access control? Access Control Architecture Access Control: Authentication, Authorization & Accounting Participant: Receivers & Sender(s)
  • 3. Protocols Involved in IP Multicast •  Internet Group Management Protocol (IGMP) o  IGMPv3 has been standardized by the IETF o  End hosts inform the neighboring router(s) about the multicast group memberships using IGMP o  Two types of messages: Query and Report •  Protocol Independent Multicast - Sparse Mode (PIM-SM) o  Depends on underlying unicast routing information base o  Builds unidirectional shared trees o  Optionally creates shortest-path trees per source. 24-May-14 Participant Access Control in IP Multicasting 3
  • 4. IGMP Query Message 24-May-14 Participant Access Control in IP Multicasting 4 Querier Query Message Directly connected Access Router (AR) AR AR CR
  • 5. IGMP Report Message 24-May-14 Participant Access Control in IP Multicasting 5 Querier Directly connected Access Router (AR) AR AR CR Receiver 1 Receiver 2 Report Messages
  • 6. IP Multicast Service Model 24-May-14 Participant Access Control in IP Multicasting 6 AR1 AR2 AR3CR3 Sender Receivers End Users Routing Protocol (PIM-SM) Builds DDT IGMP Messages User Joins/Leaves Sends multicast data Data forwarding using DDT CR1 CR2 CR3 DDT: Data Distribution Tree
  • 7. Multicast-based Applications 24-May-14 Participant Access Control in IP Multicasting 7 Number of Participants Applications One-to-many (single sender multiple receivers) • Scheduled audio/video distribution • Push media: news headlines, weather updates • File distribution and caching • Announcements: multicast session, key updates • Monitoring: stock prices, sensor equipment Many-to-many (multiple senders multiple receivers) • Multimedia conferencing • Synchronized resources • Distance learning with input from receivers • Multi-player games Many-to-one (multiple senders single receivers) • Resource discovery • Auctions • Polling
  • 8. Multicast Service Model: Vulnerabilities 24-May-14 Participant Access Control in IP Multicasting 8 AR1 AR2 AR3CR3 Sender Receivers End Users CR1 CR2 CR3 AR4 AR1 IGMP Join Routing Protocol Join Adversary Receiver Forged data Adversary Sender IP multicast model: • Multicast groups are open • Any one can join any one can send
  • 9. Motivation: Revenue Generation Architecture •  Secure Multicasting is composed of o  Protecting control messages—routing protocol specific (secured IGMP and PIM-SM) o  Protecting multicast data—encryption and authentication (IETF standardized TESLA ) •  Significant progress of securing multicasting fails to happen in large scale commercial deployment •  A revenue generation architecture considers o  Participant access control—AAA for sender(s) and receivers o  Policy enforcement o  E-commerce communications 24-May-14 Participant Access Control in IP Multicasting 9
  • 10. Why Access Control? •  Effects of forged IGMP messages o  Join message pulls distribution tree, may create DoS o  Leave message prunes distribution tree, prevents legitimate users from receiving o  IGMP security—only authenticates IGMP messages •  Attacks by a forged sender o  Replay attack o  Sender address spoofing attack o  May create DoS •  Secure Multicast (Group Key Management) fails to prevent these attacks 24-May-14 Participant Access Control in IP Multicasting 10
  • 11. How to deploy access control? •  Receiver access control for a secured group o  While joining/leaving o  Changing reception state at ARs •  Sender access control for a secured group o  Sending data 24-May-14 Participant Access Control in IP Multicasting 11 Coupling access control with IGMP Per-packet cryptographic protection at AR
  • 12. Sender Access Control •  AAA for sender(s) •  Per-packet protection Data Distribution Control •  Protects distribution tree from forged sender •  Not routing protocol security Receiver Access Control •  AAA for receivers/EUs Overview of Access Control Architecture 24-May-14 Participant Access Control in IP Multicasting 12 AR1 AR2 AR3CR3 CR1 CR2 Sender Receivers EUs
  • 13. Unicast Access Control and Authentication •  Access Control is achieved by AAA framework o  RADIUS—older version, with limited functionalities o  Diameter—next generation AAA protocol •  Extensible •  Large AVP •  Agent support •  For authentication IETF has designed o  Extensible Authentication Protocol (EAP) o  Protocol for carrying Authentication for Network Access (PANA)—EAP lower layer 24-May-14 Participant Access Control in IP Multicasting 13
  • 14. Authentication, Authorization and Accounting (AAA) Framework 24-May-14 Participant Access Control in IP Multicasting 14 AAA protocol AAA Server Authentication Authorization Accounting NAS AAA Client End User Network End User Database Requesting access to network EU credentials Accept Access is granted NAS: Network Access Server
  • 15. Extensible Authentication Protocol (EAP) 24-May-14 Participant Access Control in IP Multicasting 15 EAP Request1 EAP Response1 EAP Request2 EAP ResponseN Diameter (EAP ResponseN) Diameter (EAP Success) EAP Success NAS/ EAP Authenticator AAA Server EAP Server EAP Diameter (EAP) End User EAP Peer §  EAP summary -  Authentication framework -  Multiple authentication -  EAP methods -  Four EAP messages Request, Response Success, Failure (Initiate EAP) By peer or authenticator Authenticator to peer Peer to authenticator Diameter (EAP Response1) Diameter (EAP Request2) Encapsulated over Diameter
  • 16. Key Challenges for Access Control •  The most generic architecture o  Deployable for multi-domain distributed groups o  Supports wide range of authentication o  Independent of routing protocol o  Supports both ASM and SSM •  A scalable solution o  Minimum workload for on-tree routers and end hosts o  A distributed solution (e.g., using AAA) •  Reuse standard frameworks/protocols o  Fits easily in the existing Internet service model o  Will reduce the work of service providers 24-May-14 Participant Access Control in IP Multicasting 16
  • 17. Out of the scope NAS NAS Access Control Architecture 24-May-14 Participant Access Control in IP Multicasting 17 AR1 AR2 AR3CR3 CR1 CR2 Sender End Users AAAS Participants Database & Policy Server Updates Registration GO/MR FI Diameter IGMP Carrying EU auth. info
  • 18. NAS Receiver Access Control using IGMP-AC 24-May-14 Participant Access Control in IP Multicasting 18 AR1 AR2 AR3 CR1 CR2 CR3 End Users Sender IGMP-AC (EAP) IGMP with Access Control (IGMP-AC) •  Extended version of IGMPv3 •  Encapsulates EAP packets •  Verification using SPIN •  Validation using AVISPA AAA ServerParticipants Database Diameter (EAP)
  • 19. EAP auth End User Authentication using Extensible Authentication Protocol (EAP) 24-May-14 Participant Access Control in IP Multicasting 19 EAP method EAP peer EAP layer IGMP-AC Lower layers EAP peer IGMP-AC EAP layer Lower layers EAP auth EAP layer AAA/IP EAP method EAP auth EAP layer AAA/IP EU/ Peer AR/Authenticator/NAS AAA Server EAP Encapsulation over IGMP-AC
  • 20. Protocol for carrying Authentication for Network Access (PANA) 24-May-14 Participant Access Control in IP Multicasting 20 PaC (EU) PAA (NAS/AR) AS (AAAS) EP (AR) SNMP/ API PANA RADIUS/ Diameter IKE PaC : PANA Client AS : Authentication Server EP : Enforcement Point PAA : PANA Authentication Agent §  PANA summary -  Network access protocol -  Works as EAP lower layer -  Four entities: PaC, PAA, AS, EP
  • 21. Sender Access Control 24-May-14 Participant Access Control in IP Multicasting 21 AR1 AR2 AR3 CR1 CR2 CR3 PANA (EAP) AAA Server End User Sender IKEv2 IPsec SA NAS IKE-pre- shared-Key 1. Anti-replay 2. Prevents source address spoofing 3. Minimizes DoS AAA-Key PaC-EP- Master-Key IKE-pre- Shared-Key
  • 22. More about access control in multicast •  This is a brief description of our work in this area •  What else we have done? o  Policy framework o  Inter-domain access control architecture based on Diameter agents o  Data distribution control using multicast SA o  Mobile multicast: receiver access control & secured handoff 24-May-14 Participant Access Control in IP Multicasting 22
  • 23. Conclusion: Present status •  A set of Internet Drafts have been written and presented to bring our ideas at the IETF o  J. William Atwood, Salekul Islam and Bing Li “Requirements for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-req-00, 2014. o  J. William Atwood, Bing Li and Salekul Islam “Architecture for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-arch-00, 2014. 24-May-14 Participant Access Control in IP Multicasting 23
  • 24. Other Publications 1.  Salekul Islam and J. William Atwood, "Sender Access and Data Distribution Control for Inter-domain Multicast Groups", Computer Networks, Vol. 54, No. 10, 2010, pp. 1646-1671. 2.  Salekul Islam and J. William Atwood, "Multicast Receiver Access Control by IGMP-AC", Computer Networks, Vol. 53, No. 7, 2009, pp. 989-1013. 3.  Salekul Islam and J. William Atwood, "Multicast Security", in Horizons in Computer Science Research Vol. 2. Thomas S. Clay (ed.), Nova Publishers. 2011, pp. 127-149. 4.  Salekul Islam, "Participant Access Control in IP Multicasting", VDM Verlag, Nov. 2009. 5.  S. Islam and J.W. Atwood, "Receiver Access Control and Secured Handoff in Mobile Multicast using IGMP-AC", submitted to 33rd IEEE Conference on Local Computer Networks. 6.  S. Islam and J.W. Atwood, "Sender Access Control in IP Multicast", in 32nd IEEE Conference on Local Computer Networks, Dublin, Ireland, 2007 October 15-18, pp. 79-86. 7.  S. Islam and J.W. Atwood, "A Policy Framework for Multicast Group Control", in IEEE CCNC--Workshop on Peer-to-Peer Multicasting, Las Vegas, NV, 2007 January 11, pp. 1103-1107. 8.  S. Islam and J.W. Atwood, "The Internet Group Management Protocol with Access Control (IGMP-AC) ", in 31st IEEE Conference on Local Computer Networks, Tampa, Florida, U.S.A., 2006 November 14-16, pp. 475-482. 9.  S. Islam and J.W. Atwood, "A Framework to Add AAA Functionalities in IP Multicast'', in Advanced International Conference on Telecommunications (AICT'06), Guadeloupe, French Caribbean, 2006 February 19-22. 24-May-14 Participant Access Control in IP Multicasting 24
  • 25. Project Funding •  FQRNT (Quebec Provincial Govt’s fund) o  Doctoral Research Scholarship •  NSERC (Canada Govt’s fund) o  Discovery Grant •  Concordia University 24-May-14 Participant Access Control in IP Multicasting 25
  • 26. Contact •  Dr. Salekul Islam UIU, Bangladesh Email: salekul@cse.uiu.ac.bd •  Dr. J. William Atwood Concordia University, Canada Email: william.atwood@concordia.ca 24-May-14 Participant Access Control in IP Multicasting 26