Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Having particular address related cryptography
Reexamination Certificate
1999-10-07
2003-09-30
Barrón, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Having particular address related cryptography
C713S171000, C380S278000
Reexamination Certificate
active
06629243
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to multicast communications systems in general, and in particular to key distribution mechanisms suitable for use in multicast communications systems.
BACKGROUND OF THE INVENTION
Multicast communications systems, particularly Internet Protocol (IP) multicast communication systems, are well-known in the art. As is well-known in the art, in an IP multicast message, a single address is used by the sender to indicate a multicast comprising plurality of recipients, possibly including recipients at many different locations.
Multicast is an internetwork service that provides efficient delivery of data from a source to multiple recipients. It reduces sender transmission overhead, network bandwidth requirements, and the latency observed by receivers. IP Multicast enables efficient, many-to-many datagram distribution over an IP network.
Multicast is more susceptible to attacks than unicast for many reasons. Multicast presents many more opportunities for interception of traffic. When an attack on a multicast service does take place, a larger number of principals is affected. It is easier for an attacker to target an attack, as multicast services are generally well advertised and their addresses are well-known. Lastly, multicast services typically involve a “crowd” of principals, making it potentially easier for an attacker to pose as another (legitimate) principal or to try to attack in parallel at several locations.
The following references discuss multicast technology and related security issues known in the art:
R. Canetti, B. Pinkas, “A taxonomy of multicast security issues”, draft-canetti-secure-multicast-taxonomy-00.txt, May 1998.
D. Harkins and D. Carrel, “The Internet Key Exchange (IKE)”, draft-ietf-ipsec-isakmp-oakley07.txt, March 1998.
A. Aziz, T. Markson, and H. Prafullchandra, “Simple Key-Management for Internet Protocols (SKIP)”.
D. Maughan, M. Schertler, M. Schneider, and J. Turner, “Internet Security Association and Key Management Protocol (ISAKMP)”, draft-ietf-ipsec-isakmp-09.txt, March 1998.
H. Orman, “The OAKLEY Key Determination Protocol”, draft-ietf-ipsec-oakley-02.txt, July 1997.
H. Krawczyk, “SKEME: A Versatile Secure Key Exchange Mechanism for Internet”. IEEE Proceedings of the 1996 Symposium on Network and Distributed Systems Security.
P. Karn and W. Simpson, “Photuris: Session-Key Management Protocol”, draft-simpson-photuris-17.txt, November 1997.
H. Harney and C. Muckenhim, “Group Key Management Protocol (GKMP) Specification +Architecture”, RFC2093 & RFC2094, July 1997.
A. Aziz, T. Markson, and H. Prafullchandra, “SKIP Extensions for IP Multicast”.
A. Ballardie, “Scalable Multicast Key Distribution”, RFC1949, May 1996.
T. Hardjono, B. Cain, N. Doraswamy, “A Framework for Group Key Management for Multicast Security”, draft-ietf-gkmframework-00.txt, July 98.
D. Harkins and N. Doraswamy, “A Secure Scalable Multicast Key Management Protocol,” ETF, IETF Draft draft-ietf-ipsecond-00.txt, November 1997.
S. Mittra, “The Iolus Framework for Scalable Secure Multicasting,” presented at Proceedings of ACM SIGCOMM97, 1997.
M. Handley and V. Jacobson, “SDP: Session Description Protocol”, RFC 2327, April 1998.
A television system for controlling access to broadcast transmissions is described in U.S. Pat. Nos. 5,282,249 and 5,481,609, both to Cohen et al.
The disclosures of all references mentioned above and throughout the present specification are hereby incorporated herein by reference.
SUMMARY OF THE INVENTION
The present invention seeks to provide improved apparatus and methods for key distribution, suitable for use in a multicast communication system. While the apparatus and methods of the present invention are particularly suited to an Internet Protocol (IP) Multicast system, it is appreciated that the present invention would also be applicable to other types of Multicast systems, with appropriate modifications as will be appreciated by persons skilled in the art. Without limiting the generality of the foregoing, the example of IP Multicast will generally be used throughout the present specification, and the example of IP Multicast will be taken to include Multicast over an Intranet wherever applicable.
In securing IP Multicast traffic from one source to multiple recipients, it is desirable to implement security apparatus and methods to authenticate the source, to authenticate and to ensure integrity of the data, and possibly to encrypt and/or sign the data At first glance, it appears that these services can be provided using standard authentication, integrity, and encryption methods, based either on symmetric-key or asymmetric-key designs. One might look to known schemes, such as well-known pay television schemes, to provide such standard methods and apparatus.
A major problem in Secure Multicast systems involves distributing, in real time, the appropriate cryptographic keys from the multicast source to all the authorized recipients of the multicast. The keys used for authentication, integrity, and confidentiality may change frequently, either due to policies that determine that keys need to change, for example, every few seconds, or in response to changes in the membership of the multicast group. A multicast group membership change might comprise an existing member having just left or a new member having just joined the group.
Generally, the goal of multicast key distribution is to securely deliver common keys to all the authorized members of a multicast group. Having such keys allows a sender to authenticate and/or to encrypt the traffic destined for a multicast group. Thus, the group keys also afford membership-enforcement by allowing only key holders to verify and/or decrypt the multicast traffic. A sender must authenticate and/or encrypt all traffic that it sends to the group in order to maintain secure delivery.
In certain prior art systems, the key distribution function is assigned to a central network entity, sometimes known as the Key Distribution Center (KDC). However, this method does not scale well for wide-area multicasting, where group members may be distributed across many networks and a wide-area group may be densely populated. Even more complicated is the problem of distributing sender-specific keys in a scalable manner, sender-specific keys being required when data is to be authenticated on a per-sender basis. Pair-Wise key-management protocols and Key Distribution Centers do not provide scalable solutions for the multicast key-management problem.
Completely automatic protocols for multicast key distribution are currently not considered mature enough for use. For small multicast groups, manual. key distribution or multiple invocations of a unicast (point-to-point) key distribution protocol, such as authenticated Diffie-Hellman, appear adequate. However, for large multicast groups, new scalable techniques and protocols are needed.
In P Multicast systems, unlike in broadcast TV systems, the multicast traffic is typically routed from the sender to multiple recipients over the existing Internet infrastructure. This means that traffic may pass through intermediate nodes and that it can be listened in to in an unauthorized manner by interested parties. In addition, multicast traffic in the Internet is not synchronized in the way that broadcast over a satellite or over cables is synchronized. Due to the fact that data flows through routers, some packets may be lost, some packets may be delayed, and some packets may come out of order. Finally, the nature of the connectivity in Internet systems may make the use of different key-distribution methods than the ones used in TV broadcasting desirable.
Known multicast key-distribution methods include:
1. Star methods—where the multicast sender corresponds directly with each one of the clients, and keys are handed over securely over point-to-point connections.
2. Multicast methods—where keys are sent in multicast packets from the multicast sender to many recipients, and each key in the multicast packet is encrypted specifically for one client, typically using a
Kipnis Shlomo
Kleinman Amit
Barrón Gilberto
Gurshman G.
Ladas & Parry
NDS Limited
LandOfFree
Secure communications system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure communications system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure communications system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3083404