1 / 7

Group Key Management for PIM-SM Routers

Group Key Management for PIM-SM Routers. J.W. Atwood, Salekul Islam Concordia University supplement to draft-ietf-pim-sm-linklocal-00. Multicast groups formed by PIM routers. PIM routers will form a large number of small SSM groups

wilhelmina
Download Presentation

Group Key Management for PIM-SM Routers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Group Key Management for PIM-SM Routers J.W. Atwood, Salekul Islam Concordia University supplement to draft-ietf-pim-sm-linklocal-00

  2. Multicast groups formed by PIM routers • PIM routers will form a large number of small SSM groups • The number of SSM groups will be equal to the number of routers in the region • In each SSM group, one router will be the speaker, and all the adjacent routers will be the listeners.

  3. Join/Leave mechanisms • No explicit join/leave • Join deemed following • New router added • Router rebooted/power restored • Leave deemed following • Router crashes • Router shut down/power fails

  4. Forward/backward secrecy • For user applications, PFS and PBS can be important • For PIM-SM, legitimate routers are allowed to receive future messages • This will reduce the work of the GCKS and simplify the required group key management

  5. Functions of GCKS • Maintain membership information of all SSM groups • Generate keys for each SSM group, and distribute keys to all pertinent routers • Maintain key hygiene: re-key as necessary • Authenticate individual routers

  6. Functions 2 • When new router joins region, it is speaker for its group, and its neighbors are listeners. Need to send new key to (n+1) routers. • Refreshing the sequence numbers (for anti-replay) will be non-trivial • Re-initialize SAs, or • Inform new router of current sequence #s

  7. Contact Information • PPT/PDF of these slides are at www.cse.concordia.ca/~bill/internet-drafts/IETF67-KeyManagement.ppt orIETF67-KeyManagement.pdf • Email addresses • bill@cse.concordia.ca • salek_is@cse.concordia.ca

More Related