Login | Register

Participant access control in IP multicasting

Title:

Participant access control in IP multicasting

Islam, Salekul (2008) Participant access control in IP multicasting. PhD thesis, Concordia University.

[img]
Preview
Text (application/pdf)
NR42547.pdf - Accepted Version
8MB

Abstract

IP multicast is best-known for its bandwidth conservation and lower resource utilization. The classical multicast model makes it impossible to restrict access to authorized End Users (EU) or paying receivers and to forward data originated by an authorized sender(s) only. Without an effective participant (i.e., receivers and sender(s)) access control, an adversary may exploit the existing IP multicast model, where a host can join or send any multicast group without prior authentication and authorization. The Authentication, Authorization and Accounting (AAA) protocols are being used successfully, in unicast communication, to control access to network resources. AAA protocols can be used for multicast applications in a similar way. In this thesis, a novel architecture is presented for the use of AAA protocols to manage IP multicast group access control, which enforces authentication, authorization and accounting of group participants. The AAA framework has been deployed by implementing the Network Access Server (NAS) functionalities inside the Access Router (AR). The proposed architecture relates access control with e-commerce communications and policy enforcement. The Internet Group Management Protocol with Access Control (IGMP-AC), an extended version of the IGMPv3, has been developed for receiver access control. The IGMP-AC, which encapsulates Extensible Authentication Protocol (EAP) packets, has been modeled in PROMELA, and has also been verified using SPIN. Finally, the security properties of an EAP method, EAP Internet Key Exchange, have been validated using AVISPA. Protocol for Carrying Authentication for Network Access, a link-layer agnostic protocol that encapsulates EAP packets, has been deployed to authenticate a sender that establishes an IPsec Security Association between the sender and the AR to cryptographically authenticate each packet. Next, a policy framework has been designed for specifying and enforcing the access control policy for multicast group participants. The access control architecture has been extended to support inter-domain multicast groups by deploying Diameter agents that discover network entities located in remote domains and securely transport inter-domain AAA information. Furthermore, the inter-domain data distribution tree has been protected from several attacks generated by a compromised network entity (e.g., router, host) by deploying a Multicast Security Association. Finally, the scope of receiver access control architecture and IGMP-AC has been broadened by demonstrating the usability of IGMP-AC in wireless networks for mobile receiver (or EU) access control. In addition, using the EAP Re-authentication Protocol (ERP), a secured and fast handoff procedure of mobile EUs in wireless networks has been developed

Divisions:Concordia University > Gina Cody School of Engineering and Computer Science > Computer Science and Software Engineering
Item Type:Thesis (PhD)
Authors:Islam, Salekul
Pagination:xxi, 204 leaves : ill. ; 29 cm.
Institution:Concordia University
Degree Name:Ph. D.
Program:Computer Science and Software Engineering
Date:2008
Thesis Supervisor(s):Atwood, J. W
ID Code:976128
Deposited By: Concordia University Library
Deposited On:22 Jan 2013 16:20
Last Modified:18 Jan 2018 17:41
Related URLs:
All items in Spectrum are protected by copyright, with all rights reserved. The use of items is governed by Spectrum's terms of access.

Repository Staff Only: item control page

Downloads per month over past year

Back to top Back to top