Participant Access Control in IP Multicasting

Participant Access Control in IP Multicasting

Salekul Islam ([email protected]) United International University (UIU)

Dhaka, Bangladesh

Outline of the presentation

24-May-14 Participant Access Control in IP Multicasting 2

Sender Access Control PANA, IKEv2 and IPsec SA

Receiver Access Control IGMP with Access Control (IGMP-AC)

PIM-SM Routers build the data distribution tree

IGMP End hosts join/leave a multicast group

IP Multicast

Secure Multicast: Protects multicast data and control messages. Why it fails to provide access control?

Access Control Architecture

Access Control: Authentication, Authorization &

Accounting

Participant: Receivers & Sender(s)

Protocols Involved in IP Multicast •  Internet Group Management Protocol (IGMP)

o  IGMPv3 has been standardized by the IETF o  End hosts inform the neighboring router(s) about the

multicast group memberships using IGMP o  Two types of messages: Query and Report

•  Protocol Independent Multicast - Sparse Mode (PIM-SM) o  Depends on underlying unicast routing information base o  Builds unidirectional shared trees o  Optionally creates shortest-path trees per source.


IGMP Query Message


Querier

Query Message

Directly connected Access Router (AR)

AR AR

CR

IGMP Report Message


Querier

Directly connected Access Router (AR)

AR AR

CR

Receiver 1 Receiver 2

Report Messages

IP Multicast Service Model


AR1

AR2

AR3 CR3

Sender

Receivers End Users

Routing Protocol (PIM-SM) Builds DDT

IGMP Messages User Joins/Leaves

Sends multicast data

Data forwarding using DDT

CR1

CR2

CR3

DDT: Data Distribution Tree

Multicast-based Applications


Number of Participants Applications

One-to-many (single sender

multiple receivers)

• Scheduled audio/video distribution • Push media: news headlines, weather updates • File distribution and caching • Announcements: multicast session, key updates • Monitoring: stock prices, sensor equipment

Many-to-many (multiple senders multiple receivers)

• Multimedia conferencing • Synchronized resources • Distance learning with input from receivers • Multi-player games

Many-to-one (multiple senders single receivers)

• Resource discovery • Auctions • Polling

Multicast Service Model: Vulnerabilities


AR1

AR2

AR3 CR3

Sender

Receivers End Users

CR1

CR2

CR3

AR4

AR1

IGMP Join

Routing Protocol Join

Adversary Receiver

Forged data

Adversary Sender

IP multicast model: •  Multicast groups are open •  Any one can join any one can send

Motivation: Revenue Generation Architecture

•  Secure Multicasting is composed of o  Protecting control messages—routing protocol

specific (secured IGMP and PIM-SM) o  Protecting multicast data—encryption and

authentication (IETF standardized TESLA ) •  Significant progress of securing multicasting fails to

happen in large scale commercial deployment •  A revenue generation architecture considers

o  Participant access control—AAA for sender(s) and receivers

o  Policy enforcement o  E-commerce communications


Why Access Control?

•  Effects of forged IGMP messages o  Join message pulls distribution tree, may create DoS o  Leave message prunes distribution tree, prevents

legitimate users from receiving o  IGMP security—only authenticates IGMP messages

•  Attacks by a forged sender o  Replay attack o  Sender address spoofing attack o  May create DoS

•  Secure Multicast (Group Key Management) fails to prevent these attacks


How to deploy access control? •  Receiver access control for a secured group

o  While joining/leaving o  Changing reception state at ARs

•  Sender access control for a secured group o  Sending data


Coupling access control with IGMP

Per-packet cryptographic protection at AR

Sender Access Control

•  AAA for sender(s) •  Per-packet protection

Data Distribution Control

•  Protects distribution tree from forged sender •  Not routing protocol security

Receiver Access Control

•  AAA for receivers/EUs

Overview of Access Control Architecture


AR1

AR2

AR3 CR3

CR1

CR2 Sender

Receivers EUs

Unicast Access Control and Authentication

•  Access Control is achieved by AAA framework o  RADIUS—older version, with limited functionalities o  Diameter—next generation AAA protocol

•  Extensible •  Large AVP •  Agent support

•  For authentication IETF has designed o  Extensible Authentication Protocol (EAP) o  Protocol for carrying Authentication for Network Access

(PANA)—EAP lower layer


Authentication, Authorization and Accounting (AAA) Framework


AAA protocol

AAA Server Authentication

Authorization

Accounting NAS AAA Client

End User

Network

End User Database

Requesting access to network

EU credentials

Accept

Access is granted

NAS: Network Access Server

Extensible Authentication Protocol (EAP)


EAP Request1

EAP Response1

EAP Request2

EAP ResponseN Diameter (EAP ResponseN)

Diameter (EAP Success) EAP Success

NAS/ EAP Authenticator

AAA Server EAP Server

EAP Diameter (EAP)

End User EAP Peer

§  EAP summary -  Authentication framework

-  Multiple authentication

-  EAP methods

-  Four EAP messages

Request, Response

Success, Failure

(Initiate EAP)

By peer or authenticator

Authenticator to peer

Peer to authenticator

Diameter (EAP Response1)

Diameter (EAP Request2)

Encapsulated over Diameter

Key Challenges for Access Control

•  The most generic architecture o  Deployable for multi-domain distributed groups o  Supports wide range of authentication o  Independent of routing protocol o  Supports both ASM and SSM

•  A scalable solution o  Minimum workload for on-tree routers and end hosts o  A distributed solution (e.g., using AAA)

•  Reuse standard frameworks/protocols o  Fits easily in the existing Internet service model o  Will reduce the work of service providers


Out of the scope

NAS

NAS

Access Control Architecture


AR1

AR2

AR3 CR3

CR1

CR2 Sender

End Users

AAAS

Participants Database &

Policy Server

Updates Registration

GO/MR FI

Diameter

IGMP Carrying EU auth. info

NAS

Receiver Access Control using IGMP-AC


AR1

AR2

AR3

CR1

CR2

CR3

End Users

Sender

IGMP-AC (EAP)

IGMP with Access Control (IGMP-AC) •  Extended version of IGMPv3 •  Encapsulates EAP packets

•  Verification using SPIN •  Validation using AVISPA

AAA Server Participants Database

Diameter (EAP)

EAP auth

End User Authentication using Extensible Authentication Protocol (EAP)


EAP method

EAP peer

EAP layer

IGMP-AC

Lower layers

EAP peer

IGMP-AC EAP layer

Lower layers

EAP auth

EAP layer

AAA/IP

EAP method

EAP auth

EAP layer

AAA/IP

EU/ Peer

AR/Authenticator/NAS

AAA Server

EAP Encapsulation over IGMP-AC

Protocol for carrying Authentication for Network Access (PANA)


PaC (EU)

PAA (NAS/AR)

AS (AAAS)

EP (AR)

SNMP/ API

PANA RADIUS/ Diameter

IKE

PaC : PANA Client AS : Authentication Server EP : Enforcement Point PAA : PANA Authentication Agent

§  PANA summary -  Network access protocol -  Works as EAP lower layer -  Four entities: PaC, PAA, AS, EP

Sender Access Control


AR1

AR2

AR3

CR1

CR2

CR3

PANA (EAP)

AAA Server

End User

Sender

IKEv2

IPsec SA

NAS

IKE-pre-shared-Key

1. Anti-replay 2. Prevents source address spoofing 3. Minimizes DoS

AAA-Key

PaC-EP-Master-Key

IKE-pre-Shared-Key

More about access control in multicast

•  This is a brief description of our work in this area •  What else we have done?

o  Policy framework o  Inter-domain access control architecture based on Diameter

agents o  Data distribution control using multicast SA o  Mobile multicast: receiver access control & secured handoff


Conclusion: Present status •  A set of Internet Drafts have been written and

presented to bring our ideas at the IETF o  J. William Atwood, Salekul Islam and Bing Li “Requirements

for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-req-00, 2014.

o  J. William Atwood, Bing Li and Salekul Islam “Architecture for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-arch-00, 2014.


Other Publications 1.  Salekul Islam and J. William Atwood, "Sender Access and Data Distribution Control for

Inter-domain Multicast Groups", Computer Networks, Vol. 54, No. 10, 2010, pp. 1646-1671. 2.  Salekul Islam and J. William Atwood, "Multicast Receiver Access Control by IGMP-AC",

Computer Networks, Vol. 53, No. 7, 2009, pp. 989-1013. 3.  Salekul Islam and J. William Atwood, "Multicast Security", in Horizons in Computer Science

Research Vol. 2. Thomas S. Clay (ed.), Nova Publishers. 2011, pp. 127-149. 4.  Salekul Islam, "Participant Access Control in IP Multicasting", VDM Verlag, Nov. 2009. 5.  S. Islam and J.W. Atwood, "Receiver Access Control and Secured Handoff in Mobile

Multicast using IGMP-AC", submitted to 33rd IEEE Conference on Local Computer Networks.

6.  S. Islam and J.W. Atwood, "Sender Access Control in IP Multicast", in 32nd IEEE Conference on Local Computer Networks, Dublin, Ireland, 2007 October 15-18, pp. 79-86.

7.  S. Islam and J.W. Atwood, "A Policy Framework for Multicast Group Control", in IEEE CCNC--Workshop on Peer-to-Peer Multicasting, Las Vegas, NV, 2007 January 11, pp. 1103-1107.

8.  S. Islam and J.W. Atwood, "The Internet Group Management Protocol with Access Control (IGMP-AC) ", in 31st IEEE Conference on Local Computer Networks, Tampa, Florida, U.S.A., 2006 November 14-16, pp. 475-482.

9.  S. Islam and J.W. Atwood, "A Framework to Add AAA Functionalities in IP Multicast'', in Advanced International Conference on Telecommunications (AICT'06), Guadeloupe, French Caribbean, 2006 February 19-22.


Project Funding •  FQRNT (Quebec Provincial Govt’s fund)

o  Doctoral Research Scholarship

•  NSERC (Canada Govt’s fund) o  Discovery Grant

•  Concordia University


Contact •  Dr. Salekul Islam

UIU, Bangladesh Email: [email protected]

•  Dr. J. William Atwood

Concordia University, Canada Email: [email protected]
