정보보호학회논문지 (Journal of the Korea Institute of Information Security & Cryptology)

  • 제17권2호
  • /
  • Pages.3-17
  • /
  • 2007
  • /
  • 1598-3986(pISSN)
  • /
  • 2288-2715(eISSN)
한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지
DOI QR코드

DOI QR Code

멀티캐스트 분배트리 접근제어를 위한 Authenticated IGMP

Authenticated IGMP for Controlling Access to Multicast Distribution Tree

  • 발행 : 2007.04.30
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

본 논문에서는 IGMP(Internet group management protocol)를 부당하게 사용함으로써 발생하는 DoS(Denial-of Service) 공격으로부터 멀티캐스트 분배트리를 보호하기 위해 IGMP의 보안관련 기능을 확장시킴으로써 수신자 접근제어기법을 제안하였다. IP 멀티캐스트 애플리케이션의 상업적인 적용을 위해 채택된 특정 네트워크와 비즈니스 모델을 기반으로, CP(Content Provider), NSP(Network Service Provider), 그룹멤버(group member)에 대한 회계 및 청구와 함께 제안 접근제어기법의 부트스트래핑(bootstrapping)을 위해 키 관리기법 또한 제시하였다.

Receiver access control scheme is proposed to protect multicast distribution tree from DoS(Denial-of Service) attack induced by unauthorized use of IGMP(Internet group management protocol), by extending the security-related functionality of IGMP. Based on a specific network and business model adopted for commercial deployment of IP multicast applications, key management scheme is also presented for bootstrapping the proposed access control as well as accounting and billing for CP(Content Provider), NSP(Network Service Provider), and group members.

키워드

참고문헌

  1. W. Fenner, 'Internet Group Management Protocol, Version 2,' RFC 2236, Nov
  2. B. Cain, S. Deering, I. Kouvelas, B. Fenner, and A. Thyagarajan, 'InternetGroup Management Protocol, Version 3,' RFC 3376, Oct. 2002
  3. L. Gong and N. Shacham, 'Elements of trusted multicasting,' in Proceedings of2nd ACM Conference on Computer and Communications Security, Fairfax,1994, pp. 176-183
  4. T. Hayashi, H. He, H. Satou, H. Ohta, S. Vaidya, 'Accounting, Authentication and Authorization Issues in Managed IP Multicasting Services', Internet Draft, draft-hayashi-maccnt-02.txt, Feb. 2005
  5. T. Hardjono and B. Cain 'Key Establishment for IGMP Authentication in IPECUMN,' France, Oct. 2000, pp. 247-52
  6. H. He, T. Hardjono, and B. Cain, 'Simple Multicast Receiver Access Control,' Internet draft, draft-irtf-gsec-smrac-00.txt, Nov. 2001
  7. P. Judge and M. Ammar, 'Gothic: A Group Access Control Architecture forMulticast and Anycast,' IEEE INFOCOM, New York, June 2002, pp. 1547-56
  8. C. Castelluccia and G. Montenegro, 'Securing Group Management in IPv6 withCryptographically Based Addresses,' Proc. 8th IEEE International Symposium on Computer andCommunication, Turkey, July 2003, pp. 588-93
  9. N. Ishikawa, N. Yamanouchi, O. Takahashi, 'IGMP Extension for Authentication of IP Multicast,' Internet Draft, draft-ishikawaigmp-auth-01.txt, Aug. 1998
  10. N. Yamanouchi, N. Ishikawa, Takahashi, 'RADIUS Extension for Multicast Router Authentication,' Internet Draft, draft-yamanouchi-radius-ext-00.txt, Mar. 1998
  11. H. Ueno, H. Suzuki, N. Ishikawa, and O. Takahashi, 'A Receiver Authenticationband Group Key Delivery Protocol for Secure Multicast,' IEICE Trans. onvol. E88-B, no. 3, Mar. 2005, pp. 1139-1148 https://doi.org/10.1093/ietcom/e88-b.3.1139
  12. T. Hayashi, D. Andou, H. He, W. Tawbi, and T. Niki, 'IGMP for user Authentication Protocol (IGAP),' Internet Draft, draft-hayashi-igap-00.txt, Oct. 2002
  13. B. Coan, V. Kaul, S. Narain, W. Stephens, 'HASM: Hierachical Application-Level Secure Multicast,' Internet Draft, draft-coan-hasm-00.txt, Nov. 2001
  14. R. M. Needham and M. D. Schroeder, 'Using Encryption for Authentication in Large Networks of Computers,' Communications of the ACM, vol.21, 1978, pp. 993-999 https://doi.org/10.1145/359657.359659
  15. M. Baugher, R. Canetti, L. Dondeti, and F. Lindholm, 'Multicast Security (MSEC) Group Key Management Architecture,' RFC 4046, Apr. 2005
  16. L. Lamport, 'Password authentication with insecure communication,' Communications of the ACM, vol. 24, no.11, 1981, pp. 770-772 https://doi.org/10.1145/358790.358797
  17. M. Handley, C. Perkins, and E. Whelan, 'Session Announcement Protocol,' RFC 2974, Oct. 2000
  18. M. Baugher, B. Weis, T. Hardjono, H. Harney, 'The Group Domain of Interpretation,' RFC 3547, July 2003
  19. T. Hayashi, H. He, H. Satou, H. Ohta, S. Vaidya, 'Issues Related to Receiver Access Control in the Current Multicast Protocols,' Internet Draft, draft-ietf-mboned-rac-issues-00.txt, July 2005