Automatic multicast IPsec by using a proactive IPsec discovery protocol and a group key management

• Autorzy: Aurisch T. , Ginzler T. , Martini P. , Ogden R. , Tran T. , Seifert H.
• Języki publikacji: EN

Abstrakty

EN

Internet protocol based networking is gaining ground in armed forces, leading to a concept described by the NATO as network centric capabilities (NCC). The goal is to enable state-of-the-art, affordable and powerful electronic information services to the troops. A tighter connection of the forces is expected to further enhance the joined strike capabilities. Providing secure information exchange within groups of armed forces is one aspect of the NCC concept. Such group communication is enabled by the multicast feature of the IP technology. Security requirements are met by using the IP security (IPsec) architecture. IPsec enables secure communication between secure private networks via an unsecured public text network. While secure unicast transmission with IPsec is common, only few achievements have been made to secure multicast transmissions. The protection of multicast data traffic of a group in an automated way is described in this document. We utilize an automatic detection of IPsec devices and an efficient key management protocol to reach our aim.

Słowa kluczowe

EN

secure group communication group key management; multicast IPsec; automatic IPSec device discovery

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2008
• Tom: nr 2
• Strony: 77--83
• Opis fizyczny: Bibliogr. 19 poz., rys.

Twórcy

autor

Aurisch T.

autor

Ginzler T.

autor

Martini P.

autor

Ogden R.

autor

Tran T.

autor

Seifert H.

• Department Communication Systems, Research Establishment for Applied Science (FGAN), Neuenahrer st 20, D-53343 Wachtberg-Werthhoven, Germany,

Bibliografia

• [1] G. Nakamoto, L. Higgins, and J. Richter, “Scalable HAIPE discovery using a DNS-like referral mode”, MITRE Corporation, Aug. 2005.
• [2] H. Seifert et al., “Interoperable networks for secure communications II (INSC II) Task 2”, Final Rep., Aug. 2006, p. 6f.
• [3] A. Faul, C. Zänker, and M. Zeller, “PMIDP-implementation in LINUX”, IABG, March 2007.
• [4] A. Faul, T. Ginzler, and M. Zeller, “IDP and MIKE interoperation on LINUX”, IABG and FGAN, July 2007.
• [5] T. Ginzler, “Bewertung und Implementierung von Schlüsselmanagentsystemen in Rechnernetzen”, Diploma thesis, University of Bonn, 2006.
• [6] V. Smotlacha, “One-way delay measurement using NTP”, CESNET, 2003.
• [7] D. McDonald, C. Metz, and B. Phan, “RFC 2367 – PF KEY key management API”, Version 2, The Internet Society, 1998.
• [8] B. Fenner, M. Handley, H. Holbrook, and I. Kouvelas, “Protocol independent multicast – sparse mode (PIM-SM)”, The Internet Society, Aug. 2006.
• [9] T. Aurisch and C. Karg, “A deamon for multicast internet key exchange”, in Proc. 28th Ann. IEEE Int. Conf. Loc. Comput. Netw. LCN’03, K¨onigswinter, Germany, 2003, p. 368ff.
• [10] T. H. Tran, “Proactive multicast-based IPsec discovery protocol and multicast extension”, in Proc. IEEE MILCOM 2006 Conf., Washington, USA, 2006.
• [11] H. Harney and C. Muckenhirn, “Request for comments 2093: group key management protocol (GKMP) architecture”, IETF, 1997.
• [12] M. Baugher, B. Weis, T. Hardjono, and T. Harney, “Request for comments 3747: the group domain of interpretation”, IETF, 2003.
• [13] Y. Kim, A. Perrig, and G. Tsudik, “Simple, and fault-tolerant key agreement for dynamic collaborative groups”, in 7th ACM Conf. Comput. Commun. Secur., Athens, Greece, 2000, pp. 235–244.
• [14] L. Dondeti, S. Mukherjee, and A. Samal, “A distributed group key management scheme for secure many-to-many communication”, Tech. Rep. PINTL-TR-207-99, Department of Computer Science, University of Maryland, 1999.
• [15] S. Mittra, “IOLUS: a framework for scalable secure multicasting”, in Proc. ACM SIGCOMM’97 Conf., Cannes, France, 1997, pp. 277–288.
• [16] A. Ballardie, “Request for comments 1949: scalable multicast key distribution”, IETF, 1998.
• [17] D. Mills, “Request for comments 1305: network time protocol (Version 3) specification and analysis”, IETF, 1992.
• [18] T. Aurisch, “Using key trees for securing military multicast communication”, in Proc. IEEE MILCOM 2004 Conf., Monterey, USA, 2004.
• [19] T. Aurisch, “Optimization technique for military multicast key management”, in Proc. IEEE MILCOM 2005 Conf., Atlantic City, USA, 2005.