70 likes | 289 Views
Group Key Management for PIM-SM Routers. J.W. Atwood, Salekul Islam Concordia University supplement to draft-ietf-pim-sm-linklocal-00. Multicast groups formed by PIM routers. PIM routers will form a large number of small SSM groups
E N D
Group Key Management for PIM-SM Routers J.W. Atwood, Salekul Islam Concordia University supplement to draft-ietf-pim-sm-linklocal-00
Multicast groups formed by PIM routers • PIM routers will form a large number of small SSM groups • The number of SSM groups will be equal to the number of routers in the region • In each SSM group, one router will be the speaker, and all the adjacent routers will be the listeners.
Join/Leave mechanisms • No explicit join/leave • Join deemed following • New router added • Router rebooted/power restored • Leave deemed following • Router crashes • Router shut down/power fails
Forward/backward secrecy • For user applications, PFS and PBS can be important • For PIM-SM, legitimate routers are allowed to receive future messages • This will reduce the work of the GCKS and simplify the required group key management
Functions of GCKS • Maintain membership information of all SSM groups • Generate keys for each SSM group, and distribute keys to all pertinent routers • Maintain key hygiene: re-key as necessary • Authenticate individual routers
Functions 2 • When new router joins region, it is speaker for its group, and its neighbors are listeners. Need to send new key to (n+1) routers. • Refreshing the sequence numbers (for anti-replay) will be non-trivial • Re-initialize SAs, or • Inform new router of current sequence #s
Contact Information • PPT/PDF of these slides are at www.cse.concordia.ca/~bill/internet-drafts/IETF67-KeyManagement.ppt orIETF67-KeyManagement.pdf • Email addresses • bill@cse.concordia.ca • salek_is@cse.concordia.ca