Efficient security for large and dynamic multicast groups

Abstract

Proposals for multicast security that have been published so far are complex, often require trust in network components or are inefficient. In this paper we propose a series of novel approaches for achieving scalable security in IP multicast, providing group-wide privacy and authentication. They can be employed to efficiently secure multi-party applications where members of highly dynamic groups of arbitrary size may participate. Supporting dynamic groups implies that newly joining members must not be able to understand past group communications, and that leaving members may not follow future communications. Key changes are required for all group members when a leave or join occurs, which poses a problem if groups are large. The algorithms presented here require no trust in third parties, support either centralized or fully distributed man agement of keying material, and have low complexity (O(log N) or less). This grants scalability even for large groups. In this paper we discuss the requirements for secure multicasting, present our approaches, and evaluate their properties, based on an experimental implementation.