Multicast Security BOF (msec) Tuesday, December 12 at 1415-1515 Tuesday, December 12 at 1700-1800 ================================= CHAIRS: Ran Canetti Thomas Hardjono DESCRIPTION: There is significant interest in the networking industry and content delivery network industry to use IP multicast a vehicle for data delivery to a large audience. One major hindrance to the successful deployment of IP multicast and other group-oriented communication protocols has been the lack of security for both the content and the content-delivery infrastructure. In particular, there has been increasing demand for secure solutions for the 1-to-Many type of group communications, as exemplified by the interest of the cable television sector in using the Internet for content distribution and by the recent emergence of the single-source paradigm in IP multicasting. To this end, the Secure Multicast (SMuG) research group was formed in 1998 under the umbrella of the IRTF. That group has characterized the security concerns and problem areas, has come up with a framework for an overall solution, and has developed protocols for solving much of the problem space in a satisfactory manner. Several of these protocols have reached the needed maturity to be considered for standardization at the IETF. The proposed WG will further develop and standardize the protocols developed at the SMuG RG. The focus will be on mature protocols that are deployable in short term in today's internet. The SMuG RG will continue to examine issues that need further research, delivering protocols to MSEC when they are mature. In the immediate future MSEC will focus on the 1-to-Many group communication, and will address at least the following issues: - Developing the transformations to be applied to the multicasted data. These transformations will provide at least the following functionalities: + Encryption of data using a group key available to all members. + Source and Data Authentications even when the data receivers do not trust each other. Both functionalities are required for content-authors and content-distributors. They represent an important element in the larger digital rights management area. - Group Security Association and Key Management. Secure protocols are needed for management of cryptographic keys and Security Associations for groups. These include techniques for initial key dissemination, key updates and refreshments, and Group Security Association (Group SA) management. Depending on the acceptance and stability of the above two issues, the following issues will be addressed by the WG in the immediate future: - Group Security Policies. Different levels of policies exist for a group, covering a range from member behavior to cryptographic policies. - Secure group announcements. Information regarding the existence of a group, its policies, base security mechanisms and methods for joining needs to be announced in a suitable manner. Secure multicast touches upon the work of several other working groups. The proposed WG will take care to coordinate its activities with the relevant directorates (security, routing, transport) and especially with the IPSec and RMT working groups. The WG will not work on: - Security issues at firewalls and NATs relating to multicast traffic. - Protection against illegal re-distribution of multicasted data. AGENDA: 10 mins - Agenda bashing 10 mins - Charter presentation 80 mins - Internet draft presentations: 10 mins - Taxonomy of multicast security concerns (draft-irtf-smug-taxonomy-01.txt) 10 mins - Framework overview (draft-irtf-smug-framework-01.txt) - Data transforms: 10 mins - Overall design (draft-irtf-smug-data-transforms-00.txt) 10 mins - Source authentication (draft-irtf-smug-tesla-00.txt) - Group key and SA management 10 mins - GKM Building Block (draft-irtf-smug-gkmbb-gsadef-00.txt) 10 mins - GSAKMP (draft-harney-sparta-gsakmp-sec-02.txt) 10 mins - Group DOI for ISAKMP (draft-irtf-smug-gdoi-00.txt) 10 mins - Group policy management (draft-mcast-pol-req00.txt) 20 mins - Open Discussion (work descriptions, objectives, goals/milestones) MAILING LIST The mailing list is at msec-request@securemulticast.org (or email the chairs). The website is at www.securemulticast.org READING MATERIAL draft-irtf-smug-taxonomy-02.txt draft-irtf-smug-framework-01.txt draft-irtf-smug-data-transforms-01.txt draft-irtf-smug-tesla-00.txt draft-irtf-smug-gkmbb-gsadef-00.txt draft-harney-sparta-gsakmp-sec-02.txt draft-irtf-smug-gdoi-00.txt draft-irtf-smug-pol-req00.txt