Multicast encryption: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 13:44, 2 June 2011 edit Sadads (talk \| contribs) Administrators 147,555 edits Added {{context}} and {{wikify}} tags to article (TW) ← Previous edit		Latest revision as of 21:16, 4 May 2025 edit undo Lfstevens (talk \| contribs) Extended confirmed users 70,716 edits ce, rem tag Tag: Visual edit
(24 intermediate revisions by 16 users not shown)
Line 1: {{~~context~~mi\|{{Update\|date=~~June~~April ~~2011~~2025}} {{~~wikify~~Notability\|date=~~June~~April ~~2011~~2025}} {{Unreliable sources\|date=April 2025}}}} [[Multicast]] is what enables a node on a network to send one unit of data to a special set of receivers.<ref name=r1>Micciancio, Daniele and Saurabh Panjwani. [http://cseweb.ucsd.edu/~spanjwan/multicast.html “Multicast Encryption: How to maintain secrecy in large, dynamic groups?”]</ref> One copy of the data is sent, and multiple copies are created and then sent to the desired recipient.<ref name=r1/> A multicast group is identified by a class D [[IP address]]. A [[Host (network)\|host]] enters or exits a group using IGMP ([[Internet Group Management Protocol]]).<ref name=r5/> A message sent via multicast is sent to all nodes on the network, but only the intended nodes accept the multicast frames.<ref name=r3>Pessi, Pekka. Department of Computer Science, Helsinki University Of Technology. [http://www.tml.tkk.fi/Opinnot/Tik-110.501/1995/multicast.html “Secure Multicast”].</ref> Multicasting is useful in situations such as video conferencing and online gaming.<ref name=r1/> Multicast was used originally in [[LAN]]s, with [[Ethernet]] being the best example.<ref name=r3/> A problem with multicast communication is that it is difficult to guarantee that only designated receivers receive the data being sent. This is largely due to the fact that multicast groups are always changing; users come and go at any time. A solution to the problem of ensuring that only the chosen recipient obtains the data is known as '''multicast encryption'''.<ref name=r1/>▼ '''Multicast''' '''encryption''' is the use of [[encryption]] to ensure that only the chosen recipient(s) has access to multicast data.<ref name="r1" /> ~~==ISO Standards==~~ The ISO ([[International Organization for Standardization]]) states that confidentiality, integrity, authentication, access control, and non-repudiation should all be considered when creating any secure system.<ref name=r3/>▼ == Multicasting == Confidentiality: No untrusted party can access appropriate messages.▼ ▲~~One~~[[Multicast]] is what enables a node on a network to address one unit of data to a specific group of receivers.<ref name="r1">Micciancio, Daniele and Saurabh Panjwani. [http://cseweb.ucsd.edu/~spanjwan/multicast.html “Multicast Encryption: How to maintain secrecy in large, dynamic groups?”]</ref> In interactive multicast at the [[Data link layer\|data link]] or [[network layer]], such as [[IP multicast]], Ethernet multicast or [[MBMS]] service over [[cellular network]], receivers may join and leave the group using an interaction channel. Only one copy of the data is sent from the source, and ~~multiple~~while copies are created and ~~then~~ sent to the desired ~~recipient~~recipients by network infrastructure nodes.<ref name="r1" /> AIn for example IP multicast, a multicast group is identified by a class D [[IP address]]. A [[Host (network)\|host]] enters or exits a group using IGMP ([[Internet Group Management Protocol]]).<ref name="r5" /> A message sent via multicast is sent to all nodes on the network, but only the intended nodes accept the multicast frames.<ref name="r3">Pessi, Pekka. Department of Computer Science, Helsinki University Of Technology. [http://www.tml.tkk.fi/Opinnot/Tik-110.501/1995/multicast.html “Secure Multicast”].</ref> Multicasting is useful in situations such as [[video conferencing]] and [[Online game\|online gaming]].<ref name="r1" /> Multicast was used originally in [[LAN]]s, with [[Ethernet]] ~~being~~as the best example.<ref name="r3" /> A problem with multicast communication is that it is difficult to guarantee that only designated receivers receive the data ~~being sent~~. This is largely ~~due to the fact that~~because multicast groups are ~~always changing~~dynamic; users come and go at any time~~. A solution to the problem of ensuring that only the chosen recipient obtains the data is known as '''multicast encryption'''~~.<ref name="r1" /> Integrity: Messages cannot be changed during transit without being discovered.▼ Authentication: The message needs to be sent by the person/machine who claims to have sent it.▼ Access control: Only those users enabled can access the data.▼ Non-repudiation: The receiver can prove that the sender actually sent the message.<ref name=r3/>▼ ==Protocols== To be secure, members who are just being added to the group must be restricted from viewing past data. Also, members removed from a group may not access future data.<ref name=r4>Pannetrat, Alain and Refik Molva. [http://www.eurecom.fr/util/publidownload.fr.htm?id=1069 “Multiple Layer Encryption for Multicast Groups”].</ref>▼ One ~~theory for the creation of an~~ encryption protocol ~~explains that ideally,~~gives each member of a group ~~should have~~ a key ~~which~~that changes upon the entrance or exit of a member of the group.<ref name=r1/> Another ~~theory suggests~~proposes a primary key subsidized by additional keys belonging to legitimate group members.<ref name=r1/> ~~One protocol found on~~ The ~~College of New Jersey website called~~ [[UFTP]] (encrypted UDP based FTP over multicast) ~~was created in an attempt to solve this problem. The~~ protocol ~~is designed in~~uses three phases: announce/register, file transfer, and completion/confirmation. The latest version 5.0 was released on 34/2922/~~2011 and the source code is available in the website~~2020.<ref name="r2">~~[http://www.tcnj.edu/~bush/uftp.html~~{{Cite ~~“UFTP~~web \|title=UFTP –- Encrypted UDP based FTP with ~~multicast”]~~multicast \|url=https://uftp-multicast.sourceforge.net/ \|access-date=2025-05-04 \|website=uftp-multicast.sourceforge.net}}</ref>▼ ~~Today,~~Another ~~one~~protocol ~~alternative~~uses ~~in multicast encryption involves the use of~~[[Symmetric-key algorithm\|symmetric key encryption]] where data is decoded by intended receivers using a [[Session key\|traffic encryption key]] (TEK). The TEK is changed any time a member joins or leaves the group. This is not feasible for large groups. Users must be continuously connected to obtain the new keys. ~~Another~~Yet ~~more~~another ~~common method~~protocol involves [[Public-key cryptography\|asymmetric keys]]. Here, a private key is shared and those shares are given out asymmetrically. The initial member is given a number of shares, one of which is passed to each group member. IfMembers ~~a member has~~with a valid share of the key~~, he~~ can view the message.<ref name=r5>Duan, Yitao and John Canny. Computer Science Division, UC Berkeley. [http://www.cs.berkeley.edu/~jfc/papers/06/CT-RSA06.pdf “How to Construct Multicast Cryptosystems Provably Secure Against Adaptive Chosen Ciphertext Attack”].</ref>▼ ~~==Theories==~~ ▲One theory for the creation of an encryption protocol explains that ideally, each member of a group should have a key which changes upon the entrance or exit of a member of the group.<ref name=r1/> Another theory suggests a primary key subsidized by additional keys belonging to legitimate group members.<ref name=r1/> One protocol found on The College of New Jersey website called UFTP (encrypted UDP based FTP over multicast) was created in an attempt to solve this problem. The protocol is designed in three phases: announce/register, file transfer, and completion/confirmation. The latest version was released on 3/29/2011 and the source code is available in the website.<ref name=r2>[http://www.tcnj.edu/~bush/uftp.html “UFTP – Encrypted UDP based FTP with multicast”]</ref> ==~~Current~~ ~~alternatives~~ISO == ▲The ~~ISO (~~[[International Organization for Standardization]] (ISO) states that confidentiality, integrity, authentication, access control, and non-repudiation should all be considered when creating ~~any~~a secure system.<ref name="r3" /> ▲Today, one alternative in multicast encryption involves the use of symmetric key encryption where data is decoded by intended receivers using a traffic encryption key (TEK). The TEK is changed any time a member joins or leaves the group. This is not feasible for large groups. Users must be continuously connected to obtain the new keys. Another more common method involves asymmetric keys. Here, a private key is shared and those shares are given out asymmetrically. The initial member is given a number of shares, one of which is passed to each group member. If a member has a valid share of the key, he can view the message.<ref name=r5>Duan, Yitao and John Canny. Computer Science Division, UC Berkeley. [http://www.cs.berkeley.edu/~jfc/papers/06/CT-RSA06.pdf “How to Construct Multicast Cryptosystems Provably Secure Against Adaptive Chosen Ciphertext Attack”].</ref> ▲ Confidentiality: No ~~untrusted~~unauthorized party can access appropriate messages. ▲* Integrity: Messages cannot be changed during transit without being discovered. ▲* Authentication: The message needs to be sent by the person/machine who claims to have sent it. ▲* Access control: Only those users enabled can access the data. ▲* Non-repudiation: The receiver can prove that the sender actually sent the message.<ref name="r3" /> ▲To be secure, members who are just being added to the group must be restricted from viewing past data. Also, members removed from a group may not access future data.<ref name="r4">Pannetrat, Alain and Refik Molva. [http://www.eurecom.fr/util/publidownload.fr.htm?id=1069 “Multiple Layer Encryption for Multicast Groups”].</ref> == See also == * [[Broadcast encryption]] ==References== {{Reflist}} [[Category:~~Cryptography~~Multicast encryption\| ]] ~~[[Category:Article Feedback Pilot]]~~