Efficient Security Mechanisms for Overlay Multicast-Based Content Distribution

This paper studies the security issues that arise in an overlay multicast architecture where service providers distribute content such as web pages, static and streaming multimedia data, realtime stock quotes, or security updates to a large number of users. In particular, two major security problems of overlay multicast, network access control and group key management, are addressed. We first present a bandwidthefficient scheme, called CRBR, that seamlessly integrates network access control and group key management. Performance analysis and simulation results show that our scheme incurs much smaller communication overhead than two other well-known schemes. Next we propose a DoS-resilient key distribution scheme, called k-RIP, that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy. k-RIP does not rely on knowledge of overlay topology, and can therefore scale up to very large overlay networks. An important application of k-RIP is distributing critical messages (e.g., keys, new virus signatures, or certificate revocation lists) to a large number of nodes that are organized into trees, meshes, or other types of graphs.