Abstract
The bandwith requirements of interactive multimedia applications are exhaustive, causing network congestion to be a major problem. One way to deal with this problem is to use a resource reservation scheme, such as e.g. Tenet Scheme 2. This paper proposes a security architecture for Tenet Scheme 2. The basic ideas are to use Internet layer security protocols, such as the IP Security Protocol (IPSP) and Internet Key Management Protocol (IKMP), to establish authentic communication channels between RCAP daemons, to handle client authentication and authorization locally, and to use a proxy-based mechanism to distribute access rights for target sets and channels. The security architecture uses as its building blocks a collision-resistant one-way hash function and a digital signature system.
This is a preview of subscription content, log in via an institution.
Preview
Unable to display preview. Download preview PDF.
References
R. Braden, L. Zhang, D. Estrin, S. Herzog, and S. Jamin. Resource ReServation Protocol (RSVP) — Version 1 Functional Specification. Internet Draft, November 1995. work in pogress.
F. Baker. RSVP Cryptographic Authentication. Internet Draft, November 1995. work in pogress.
D. Ferrari, A. Banerjea, and H. Zhang. Network support for multimedia — A discussion of the Tenet Approach. Computer Networks and ISDN Systems, 26:1267–1280, 1994.
A. Gupta and M. Moran. Channel Groups — A Unifying Abstraction for Specifying Inter-stream Relationships. TR-93-015, International Computer Science Institute (ICSI), Berkeley, CA, March 1993.
A. Gupta, W. Howe, M. Moran, and Q. Nguyen. Scalable resource reservation for multi-party real-time communication. TR-94-050, International Computer Science Institute (ICSI), Berkeley, CA, October 1994.
A. Gupta and D. Ferrari. Resource partitioning for multi-party real-time communication. TR-94-061, International Computer Science Institute (ICSI), Berkeley, CA, November 1994.
S. Deering and D.R. Cheriton. Multicast Routing in Datagram Internetworks and Extended LANs. ACM Transactions on Computer Systems, 8(2):85–110, 1990.
S. Deering. Multicast Routing in a Datagram Internetwork. PhD thesis, Stanford University, December 1991.
R. Braden, D. Clark, S. Crocker, and C. Huitema. Report of IAB Workshop on Security in the Internet Architecture, February 8–10, 1994. Request for Comments 1636, June 1994.
B. Schneier. Applied Cryptography: Protocols, Algorithms, and Source Code in C. John Wiley & Sons, Inc., New York, NY, 1994.
D. Stinson. Cryptography Theory and Practice. CRC Press, Boca Raton, FL, 1995.
R.L. Rivest. The MD4 Message-Digest Algorithm. Request for Comments 1320, April 1992.
R.L. Rivest and S. Dusse. The MD5 Message-Digest Algorithm. Request for Comments 1321, April 1992.
NIST. Secure Hash Standard (SHS). FIPS PUB 180, Gaithersburg, MD, May 1993.
L. Gong. Using One-Way Functions for Authentication. ACM Computer Communication Review, 19(5):8–11, 1989.
G. Tsudik. Message Authentication with One-Way Hash Functions. ACM Computer Communication Review, 22(5):29–38, 1992.
R.L. Rivest, A. Shamir, and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
T. ElGamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithm. IEEE Transactions on Information Theory, IT-31(4):469–472, July 1985.
NIST. Digital Signature Standard (DSS). FIPS PUB 186, Gaithersburg, MD, May 1994.
ISO/IEC. Information Processing Systems — Open Systems Interconnection Reference Model — Part 2: Security Architecture. ISO/IEC 7498-2, 1989.
ISO/IEC. Information technology — Telecommunications and information exchange between systems — Network Layer Security Protocol. ISO/IEC 11577, 1993.
J. Ioannidis and M. Blaze. The Architecture and Implementation of Network-Layer Security Under Unix. In Proceedings of the USENIX UNIX Security IV Symposium, pages 29–39, Berkeley, CA, October 1993. USENIX Association.
NIST. Data Encryption Standard. FIPS PUB 46, Gaithersburg, MD, January 1977. Originally issued by National Bureau of Standards (NBS).
NIST. DES Modes of Operation. FIPS PUB 81, Gaithersburg, MD, December 1980. Originally issued by National Bureau of Standards (NBS).
P.C. Cheng, J.A. Garay, A. Herzberg, and H. Krawczyk. Design and Implementation of Modular Key Management Protocol and IP Secure Tunnel on AIX. In Proceedings of the USENIX UNIX Security V Symposium, Berkeley, CA, June 1995. USENIX Association.
A. Aziz, M. Patterson, and G Baehr. Simple Key-Management for Internet Protocols (SKIP). In Proceedings of the Internet Society International Networking Conference, June 1995.
H. Krawczyk. SKEME: A Versatile Secure Key Exchange Mechanism for Internet. In Proceedings of the Internet Society Symposium on Network and Distributed System Security, February 1996.
A. Liebl. Authentication in Distributed Systems: A Bibliography. ACM Operating Systems Review, 27(1):31–41, 1993.
B.C. Neuman. Proxy-Based Authorization and Accounting for Distributed Systems. In Proceedings of the 11th International Conference on Distributed Computing Systems, pages 283–291, May 1993.
Editor information
Rights and permissions
Copyright information
© 1996 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Oppliger, R., Gupta, A., Moran, M., Bettati, R. (1996). A security architecture for Tenet Scheme 2. In: Butscher, B., Moeller, E., Pusch, H. (eds) Interactive Distributed Multimedia Systems and Services. IDMS 1996. Lecture Notes in Computer Science, vol 1045. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-60938-5_12
Download citation
DOI: https://doi.org/10.1007/3-540-60938-5_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60938-4
Online ISBN: 978-3-540-49742-4
eBook Packages: Springer Book Archive