Islam, Salekul (2008) Participant access control in IP multicasting. PhD thesis, Concordia University.
Preview |
Text (application/pdf)
8MBNR42547.pdf - Accepted Version |
Abstract
IP multicast is best-known for its bandwidth conservation and lower resource utilization. The classical multicast model makes it impossible to restrict access to authorized End Users (EU) or paying receivers and to forward data originated by an authorized sender(s) only. Without an effective participant (i.e., receivers and sender(s)) access control, an adversary may exploit the existing IP multicast model, where a host can join or send any multicast group without prior authentication and authorization. The Authentication, Authorization and Accounting (AAA) protocols are being used successfully, in unicast communication, to control access to network resources. AAA protocols can be used for multicast applications in a similar way. In this thesis, a novel architecture is presented for the use of AAA protocols to manage IP multicast group access control, which enforces authentication, authorization and accounting of group participants. The AAA framework has been deployed by implementing the Network Access Server (NAS) functionalities inside the Access Router (AR). The proposed architecture relates access control with e-commerce communications and policy enforcement. The Internet Group Management Protocol with Access Control (IGMP-AC), an extended version of the IGMPv3, has been developed for receiver access control. The IGMP-AC, which encapsulates Extensible Authentication Protocol (EAP) packets, has been modeled in PROMELA, and has also been verified using SPIN. Finally, the security properties of an EAP method, EAP Internet Key Exchange, have been validated using AVISPA. Protocol for Carrying Authentication for Network Access, a link-layer agnostic protocol that encapsulates EAP packets, has been deployed to authenticate a sender that establishes an IPsec Security Association between the sender and the AR to cryptographically authenticate each packet. Next, a policy framework has been designed for specifying and enforcing the access control policy for multicast group participants. The access control architecture has been extended to support inter-domain multicast groups by deploying Diameter agents that discover network entities located in remote domains and securely transport inter-domain AAA information. Furthermore, the inter-domain data distribution tree has been protected from several attacks generated by a compromised network entity (e.g., router, host) by deploying a Multicast Security Association. Finally, the scope of receiver access control architecture and IGMP-AC has been broadened by demonstrating the usability of IGMP-AC in wireless networks for mobile receiver (or EU) access control. In addition, using the EAP Re-authentication Protocol (ERP), a secured and fast handoff procedure of mobile EUs in wireless networks has been developed
Divisions: | Concordia University > Gina Cody School of Engineering and Computer Science > Computer Science and Software Engineering |
---|---|
Item Type: | Thesis (PhD) |
Authors: | Islam, Salekul |
Pagination: | xxi, 204 leaves : ill. ; 29 cm. |
Institution: | Concordia University |
Degree Name: | Ph. D. |
Program: | Computer Science and Software Engineering |
Date: | 2008 |
Thesis Supervisor(s): | Atwood, J. W |
Identification Number: | LE 3 C66C67P 2008 I85 |
ID Code: | 976128 |
Deposited By: | Concordia University Library |
Deposited On: | 22 Jan 2013 16:20 |
Last Modified: | 13 Jul 2020 20:09 |
Related URLs: |
Repository Staff Only: item control page