Efficient security mechanisms for overlay multicast based content delivery

This paper studies the security issues that arise in an overlay multicast architecture where service providers distribute content such as web pages, static and streaming multimedia data, realtime stock quotes, or security updates to a large number of users. In particular, two major security problems of overlay multicast, network access control and group key management, are addressed. We first present a bandwidth-efficient scheme, called CRBR, that seamlessly integrates network access control and group key management. Performance analysis and simulation results show that our scheme incurs much smaller communication overhead than two other well-known schemes when they are directly applied in overlay multicast. Next we propose a DoS-resilient key distribution scheme, called k-RIP, that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy and command these compromised nodes to drop keying packets. The proposed schemes do not rely on knowledge of overlay topology and can scale up to very large overlay networks.