BloomCasting: Security in bloom filter based multicast

Mikko Särelä*, Christian Esteve Rothenberg, András Zahemszky, Pekka Nikander, Jörg Ott

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionScientificpeer-review

7 Citations (Scopus)

Abstract

Traditional multicasting techniques give senders and receivers little control for who can receive or send to the group and enable end hosts to attack the multicast infrastructure by creating large amounts of group specific state. Bloom filter based multicast has been proposed as a solution to scaling multicast to large number of groups. In this paper, we study the security of multicast built on Bloom filter based forwarding and propose a technique called BloomCasting, which enables controlled multicast packet forwarding. Bloomcasting group management is handled at the source, which gives control over the receivers to the source. Cryptographically computed edge-pair labels give receivers control over from whom to receive. We evaluate a series of data plane attack vectors based on exploiting the false positives in Bloom filters and show that the security issues can be averted by (i) locally varying the Bloom filter parameters, (ii) the use of keyed hash functions, and (iii) per hop bit permutations on the Bloom filter carried in the packet header.

Original languageEnglish
Title of host publicationInformation Security Technology for Applications - 15th Nordic Conference on Secure IT Systems, NordSec 2010, Revised Selected Papers
Pages1-16
Number of pages16
DOIs
Publication statusPublished - 4 Jun 2012
MoE publication typeA4 Article in a conference publication
EventNordic Conference on Secure IT Systems - Aalto-yliopisto, Espoo, Finland
Duration: 27 Oct 201029 Oct 2010
Conference number: 15

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume7127 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

ConferenceNordic Conference on Secure IT Systems
Abbreviated titleNordSec
Country/TerritoryFinland
CityEspoo
Period27/10/201029/10/2010

Fingerprint

Dive into the research topics of 'BloomCasting: Security in bloom filter based multicast'. Together they form a unique fingerprint.

Cite this