Abstrakti
Traditional multicasting techniques give senders and receivers little control for who can receive or send to the group and enable end hosts to attack the multicast infrastructure by creating large amounts of group specific state. Bloom filter based multicast has been proposed as a solution to scaling multicast to large number of groups. In this paper, we study the security of multicast built on Bloom filter based forwarding and propose a technique called BloomCasting, which enables controlled multicast packet forwarding. Bloomcasting group management is handled at the source, which gives control over the receivers to the source. Cryptographically computed edge-pair labels give receivers control over from whom to receive. We evaluate a series of data plane attack vectors based on exploiting the false positives in Bloom filters and show that the security issues can be averted by (i) locally varying the Bloom filter parameters, (ii) the use of keyed hash functions, and (iii) per hop bit permutations on the Bloom filter carried in the packet header.
| Alkuperäiskieli | Englanti |
|---|---|
| Otsikko | Information Security Technology for Applications - 15th Nordic Conference on Secure IT Systems, NordSec 2010, Revised Selected Papers |
| Sivut | 1-16 |
| Sivumäärä | 16 |
| DOI - pysyväislinkit | |
| Tila | Julkaistu - 4 kesäk. 2012 |
| OKM-julkaisutyyppi | A4 Artikkeli konferenssijulkaisuussa |
| Tapahtuma | Nordic Conference on Secure IT Systems - Aalto-yliopisto, Espoo, Suomi Kesto: 27 lokak. 2010 → 29 lokak. 2010 Konferenssinumero: 15 |
Julkaisusarja
| Nimi | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
|---|---|
| Vuosikerta | 7127 LNCS |
| ISSN (painettu) | 0302-9743 |
| ISSN (elektroninen) | 1611-3349 |
Conference
| Conference | Nordic Conference on Secure IT Systems |
|---|---|
| Lyhennettä | NordSec |
| Maa/Alue | Suomi |
| Kaupunki | Espoo |
| Ajanjakso | 27/10/2010 → 29/10/2010 |