Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1999-10-28
2001-08-14
Maung, Zarni (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S227000, C713S156000, C713S163000
Reexamination Certificate
active
06275859
ABSTRACT:
CROSS REFERENCE TO RELATED APPLICATIONS
None
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
Not Applicable
BACKGROUND OF THE INVENTION
The present invention is related to the field of data communications networks, and more particularly to maintaining security in conjunction with reliable multicast data distribution in data communications networks.
In data communications networks, a technique known as “multicast” data distribution is used to carry out communication between a sender and a group of receivers. The sender uses a multicast address when sending data to the receivers. Multicast delivery is a best effort delivery, and therefore it is not reliable. There are many different ways of providing reliability in multicast. One way of providing reliability is by organizing a tree based data distribution setup with the sender of the multicast session at the root of the tree, and the receivers forming the leaves and the internal nodes of the tree. The internal nodes are called the “repair nodes”. The repair nodes cache all data sent by the sender. Every repair node serves a set of receivers (member or child nodes) by performing retransmissions of the cached data when requested by the member/child nodes. When all the members of a repair node report the successful reception of a block of data, the particular block of data is freed by the repair node. This approach relieves the sender of performing retransmissions to every receiver of the multicast session that fails to receive the data successfully. The use of repair nodes improves the reliability of message delivery in a scalable manner. As the size of a multicast group increases, repair nodes can be added to share the tasks of caching and re-transmitting messages.
To build a tree based reliable data distribution setup, various security related issues have to be addressed to prevent malicious nodes from disrupting the data distribution. The repair nodes and the members have to authenticate each other, verify each other's permission to participate in the multicast session, and then exchange keying information so that the exchange of messages between the nodes can be digitally signed and verified every time. Some of the issues that can be exploited by malicious nodes in the absence of security are described below.
Each repair node has a limited number of “slots” or interfaces for different downstream receivers that it supports. For example, a given repair node may support up to a maximum of 32 downstream nodes. A malicious node may attempt to consume a large number of slots at a repair node, for example by joining the multicast session multiple times using different identities. If successful, this behavior may cause the repair node to deny requests from legitimate nodes to be admitted to the session, because the repair node has no slots available to support the legitimate nodes. These service denials represent unnecessary disruptions in the operation of the network.
Alternatively, a malicious node may continually request re-transmission of messages from a repair node, which interferes with the operation of the multicast session and undesirably increases network traffic.
It has been known to employ security measures in order to reduce the ability of a malicious node to interfere with a multicast session. In general, security features enable multicast session participants to authenticate each other (i.e., verify identity) and to verify each other's authorization to participate in the multicast session in a given capacity. For example, prior reliable multicast techniques have employed encrypted control messages or digitally signed control messages using symmetric keys, or digitally signed messages using asymmetric keys, for authentication purposes. It has also been known to maintain authorization information in a single trusted location within a network, and to require nodes to obtain authorization data from the trusted location before authorizing other nodes to participate in a multicast session.
While these prior techniques can be effective in improving security, they also have practical drawbacks. The use of a common group key (known as a symmetric key) for authentication in a multicast setup is generally less secure than other approaches, because the key is known to many nodes. In addition, a node verifying a message signature can only verify that the message came from a node belonging to the group, rather than verifying that it came from a particular node. The use of public/private keys (known as asymmetric keys) and certificates enables a node to verify that a message originated from a particular node by consulting information in a trusted location at the time of building the distribution tree. However, this approach can result in availability and performance related problems.
Moreover, enabling nodes to verify each other's authenticity independently by the use of digital certificates requires nodes to either have the public part of the asymmetric keys of many different certificate authorities stored locally or to procure the public keys over the network when required for verification of the certificate. Storing the public keys is unattractive because of the consumption of storage space, the inability to store the public keys of all possible certificate authorities and the cumbersome task of ensuring that the latest revisions of the keys are maintained. Procuring the public keys when required is unattractive for reasons related to performance and latency. Even if the nodes can verify authenticity of each other independently, the authorization to participate in a multicast session still needs to be verified.
It would be desirable to achieve desired security in reliable multicast communications while avoiding these practical drawbacks of prior approaches.
BRIEF SUMMARY OF THE INVENTION
Consistent with the present invention, a technique for member authentication and authorization in a reliable multicast data distribution setup is disclosed that provides desirable security while avoiding availability and performance problems of prior approaches.
In the disclosed technique, nodes that are prospective session members each contact a designated central authority to obtain a “participation certificate” for the multicast session. The central authority authenticates each node using any of a variety of techniques, and if authentication is successful then issues the certificate to the node. The participation certificate serves as a credential enabling the node to participate in the multicast session. Each certificate is digitally signed by the central authority, and contains information specifying the authorized node's public key, the manner in which the node can participate in the multicast session (e.g. permission to participate as a repair node or not), the details of the events or duration/interval for which the node is authorized to participate, etc.
Subsequently, when the nodes engage in session-establishment dialog with each other, the nodes exchange their participation certificates to prove their identities and their authorization to participate. Each node is responsible for verifying the other nodes' rights, abilities to participate in a particular segment of a session, etc., based on the authorization information contained in the participation certificate received from the other nodes. For example, before a repair node allocates a slot to a new downstream receiver node, the repair node checks the prospective receiver's certificate to verify that the node is authorized to participate in the session. Receiver nodes likewise check the certificates of nodes claiming to be available as repair nodes before admitting them in that capacity.
The participation certificates are all signed by a single central authority, and can therefore be decrypted using the public key of the central authority. Thus, member nodes need to maintain only the public key of the central authority to carry out authentication measures. In addition, member nodes obtain authorization information directly from the certific
Chiu Dah Ming
Hurst Stephen A.
Kadansky Miriam C.
Perlman Radia J.
Provino Joseph E.
Caldwell Andrew
Maung Zarni
Sun Microsystems Inc.
Weingarten, Schurgin Gagnebin & Hayes LLP
LandOfFree
Tree-based reliable multicast system where sessions are... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Tree-based reliable multicast system where sessions are..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Tree-based reliable multicast system where sessions are... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2540680