Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [STDS-802-21] NISTIR 7298 link



Hi Greg,

Thank you for the clarification question.

We are trying to protect multicast content carried in MIH message.

In fact, we have already identified several MSEC deliverables (GDOI,
GSAKMP and MIKEY) in
https://mentor.ieee.org/802.21/dcn/12/21-12-0059-00-MuGM-identification-of-sdos-related-to-802-21d.ppt.

On the other hand, we are not sure how the MSEC deliverables can be
used as multicast key management for MIH, and not sure if the MSEC
deliverables satisfy scalability requirements for 802.21d where a
group size can be tens of thousands.  You are welcomed to help us with
giving some detailed guidances.

Best Regards,
Yoshihiro Ohba


(2012/07/19 14:26), Greg Daley wrote:
> Hi,
> 
> I can only see the preceding message in this thread for some reason.  (I am assuming this is a TGd thread)
> 
> Can I ask a clarifying question?
> 
> Are we protecting access to multicast content, or protecting users' data streams from being rehomed passed to another link due to someone else's movement?
> 
> If we are authenticating or keying for multicast content protection, then the group keying mechanisms from MSEC are applicable.
> 
> If we are performing authentication to prevent content stealing or DoS, it is still possible we are looking at a one-to-one trust mechanism, where the wireless client proves its identity to the network, and the network determines if it has a trust chain back to an authority trusted by the client.
> 
> How this proof of trust occurs is orthogonal to the base signalling mechanism, and could be an existing two-party certificate exchange system, or group oriented.
> 
> The host is effectively only in one (or a few places) at a time, and when the device proves that it is valid for Unicast, it also proves it is valid for Multicast (but may not be selecting to move its streams)
> 
> 
> Sincerely,
> 
> Greg
> 
>> Hi Charles,
>>
>> (2012/07/19 7:04), Charles E. Perkins wrote:
>>> Hello folks,
>>>
>>> Here are some materials on secure multicast.
>>>        http://datatracker.ietf.org/wg/msec/charter/
>>>
>>> Please let me know whether these are applicable, and what else might
>>> be needed for securing wide-area multicast.
>>>
>>> While I do see that neighboring MIH domains have use cases for
>>> multicast, I am confused about how it might be that such use cases
>>> could apply to groups of networks with thousands of PoSs.
>>
>> If IP multicast is always available to support groups of networks with
>> thousands of PoSs, then we should just use it, but my point is that is not
>> always the case (i.e., there may be some router that does not support IP
>> multicast).  I think application-layer multicast can fill the gap.  On the
>> other hand, application-layer multicast does not have to be based on
>> RELOAD/DHT.
>>
>> Regards,
>> Yoshihiro Ohba
>>
> 
> Greg Daley
> Solutions Architect
> Logicalis Australia Pty Ltd
> gdaley@xxxxxxxxxxxxxxxx
> t +61 3 8532 4042
> m +61 401 772 770
>