Multicast Security (msec)

Last Modified: 2007-04-17

Additional information is available at tools.ietf.org/wg/msec

Chair(s):

  • Ran Canetti <canetti@watson.ibm.com>

  • Lakshminath Dondeti <ldondeti@qualcomm.com>

    Security Area Director(s):

  • Tim Polk <tim.polk@nist.gov>
  • Sam Hartman <hartmans-ietf@mit.edu>

    Security Area Advisor:

  • Tim Polk <tim.polk@nist.gov>

    Mailing Lists:

    General Discussion: msec@ietf.org
    To Subscribe: https://www1.ietf.org/mailman/listinfo/msec
    Archive: http://www.ietf.org/mail-archive/web/msec/current/index.html

    Description of Working Group:

    The purpose of the MSEC WG is to standardize protocols for securing
    group communication over internets, and in particular over the global
    Internet. Initial efforts will focus on scalable solutions for groups
    with a single source and a very large number of recipients. Additional
    emphasis will be put on groups where the data is transmitted via
    IP-layer multicast routing protocols (with or without guaranteed
    reliability). The developed standard will assume that each group has a
    single trusted entity (the Group Controller) that sets the security
    policy and controls the group membership. The standard will strive
    to provide at least the following basic security guarantees:

    + Only legitimate group members will have access to current group
    communication. This includes groups with highly dynamic membership.

    + Legitimate group members will be able to authenticate the source
    and contents of the group communication. This includes cases where
    group members do not trust each other.

    An additional goal of the standard will be to protect against
    denial-of-service attacks, whenever possible.

    Due to the large number of one-to-many multicast applications and the
    sometimes conflicting requirements these applications exhibit, it is
    believed that a single protocol will be unable to meet the requirements
    of all applications. Therefore, the WG will first specify a general
    Reference Framework that includes a number of functional building
    blocks. Each such building block will be instantiated by one or more
    protocols that will be interchanable. The Reference Framework will not
    only describe one-to-many multicast, but also many-to-many multicast.

    In addition, as a secondary goal the MSEC WG will also focus on
    distributed architectures for group key management and group policy
    management, where for scalability purposes multiple trusted entities
    (such as Key Distributors) are deployed in a distributed fashion. For
    this purpose, the Reference Framework will not only describe
    one-to-many multicast, but also many-to-many multicast.

    MSEC will generate at least the following documents, which could be
    considered as base documents:

    1. An RFC describing the security requirements of multicast security
    and
    an RFC describing the MSEC Architecture.

    2. An RFC describing the Group Key Management Architecture and an RFC
    describing Group Policy Management Architecture in MSEC.

    3. Several RFCs describing specifications for protocols that implement
    source authentication, group key management and group policy
    management.
    As multicast security covers a broad range of issues, and therefore
    touches other Working Groups in the IETF, the MSEC WG will work closely
    with othersecurity-related Working Groups (e.g. IPsec, IPSP), as well
    as other Working Groups which maybe considered a 'consumer' of the
    technologies produced in the MSEC WG (e.g. AVT, MMUSIC) or which may
    have a multicast focus (e.g. PIM, RMT, IDRM, MAGMA).

    With this in mind, the MSEC WG is open to receiving new work items,
    whenever it is considered appropriate to be homed in the MSEC WG. Such
    drafts will be matured in conjunction with the MSEC base documents.

    Goals and Milestones:

    Done  Working Group Last Call on GDOI Protocol
    Done  Working Group Last Call on MIKEY Protocol
    Done  WG Last Call on MSEC Architecture draft
    Done  WG Last Call on Group Key Management Architecture
    Done  WG Last Call on DHHMAC for MIKEY
    Done  WG Last Call on MSEC Security Requirements draft
    Done  WG Last Call on GSAKMP
    Done  WG Last Call on MSEC Policy Token
    Done  WG Last call on TESLA-Intro draft
    Done  WG Last call on Use of RSA/SHA-1 Signatures within ESP and AH
    Done  WG Last Call on The Use of TESLA in SRTP
    Done  WG Last Call on Bootstrapping TESLA
    Done  WG Last Call on MIKEY-RSA-R
    Feb 2007  WG Last Call on Multicast Extensions to IPsec
    Mar 2007  WG Last Call on MIKEY-ECC
    May 2007  WG Last Call on TESLA-Spec
    Jul 2007  WG Last Call on GKDP
    Sep 2007  WG re-charter for other work items or disband

    Internet-Drafts:

    ECC Algorithms for MIKEY (30877 bytes)
    Multicast Extensions to the Security Architecture for the Internet Protocol (69094 bytes)
    On the applicability of various MIKEY modes and extensions (65527 bytes)
    Updates to the Group Domain of Interpretation (GDOI) (53516 bytes)
    Use of TESLA in the ALC and NORM Protocols (123672 bytes)
    Using Counter Modes with Encapsulating Security Payload (ESP) and Authentication Header (AH) to Protect Group Traffic (20409 bytes)
    The Use of Timed Efficient Stream Loss-Tolerant Authentication (TESLA) in IPsec (25065 bytes)

    Request For Comments:

    The Group Domain of Interpretation (RFC 3547) (108901 bytes)
    The Multicast Security Architecture (RFC 3740) (65531 bytes)
    MIKEY: Multimedia Internet KEYing (RFC 3830) (145238 bytes) updated by RFC 4738
    Multicast Security (MSEC) Group Key Management Architecture (RFC 4046) (97885 bytes)
    Timed Efficient Stream Loss-Tolerant Authentication (TESLA): Multicast Source Authentication Transform Introduction (RFC 4082) (54316 bytes)
    The Use of RSA/SHA-1 Signatures within Encapsulating Security Payload (ESP) and Authentication Header (AH) (RFC 4359) (26989 bytes)
    The Use of Timed Efficient Stream Loss-Tolerant Authentication (TESLA) in the Secure Real-time Transport Protocol (SRTP) (RFC 4383) (41766 bytes)
    Bootstrapping Timed Efficient Stream Loss-Tolerant Authentication (TESLA) (RFC 4442) (37345 bytes)
    GSAKMP: Group Secure Association Group Management Protocol (RFC 4535) (240863 bytes)
    Group Security Policy Token v1 (RFC 4534) (54157 bytes)
    The Key ID Information Type for the General Extension Payload in Multimedia Internet KEYing (MIKEY) (RFC 4563) (20464 bytes)
    HMAC-Authenticated Diffie-Hellman for Multimedia Internet KEYing (MIKEY) (RFC 4650) (63016 bytes)
    MIKEY-RSA-R: An Additional Mode of Key Distribution in Multimedia Internet KEYing (MIKEY) (RFC 4738) (43015 bytes) updates RFC 3830
    IETF Secretariat - Please send questions, comments, and/or suggestions to ietf-web@ietf.org.

    Return to working group directory.

    Return to IETF home page.