Efficient security mechanisms for overlay multicast based content delivery

Sencun Zhu, Chao Yao, Donggang Liu, Sanjeev Setia, Sushil Jajodia

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

This paper studies the security issues that arise in an overlay multicast architecture where service providers distribute content such as web pages, static and streaming multimedia data, realtime stock quotes, or security updates to a large number of users. In particular, two major security problems of overlay multicast, network access control and group key management, are addressed. We first present a bandwidth-efficient scheme, called CRBR, that seamlessly integrates network access control and group key management. Performance analysis and simulation results show that our scheme incurs much smaller communication overhead than two other well-known schemes when they are directly applied in overlay multicast. Next we propose a DoS-resilient key distribution scheme, called k-RIP, that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy and command these compromised nodes to drop keying packets. The proposed schemes do not rely on knowledge of overlay topology and can scale up to very large overlay networks.

Original languageEnglish (US)
Pages (from-to)793-806
Number of pages14
JournalComputer Communications
Volume30
Issue number4
DOIs
StatePublished - Feb 26 2007

Fingerprint

Overlay networks
Access control
Websites
Topology
Bandwidth
Communication

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications

Cite this

Zhu, Sencun ; Yao, Chao ; Liu, Donggang ; Setia, Sanjeev ; Jajodia, Sushil. / Efficient security mechanisms for overlay multicast based content delivery. In: Computer Communications. 2007 ; Vol. 30, No. 4. pp. 793-806.
@article{89a72a66733a4f079b67936e7e3ff034,
title = "Efficient security mechanisms for overlay multicast based content delivery",
abstract = "This paper studies the security issues that arise in an overlay multicast architecture where service providers distribute content such as web pages, static and streaming multimedia data, realtime stock quotes, or security updates to a large number of users. In particular, two major security problems of overlay multicast, network access control and group key management, are addressed. We first present a bandwidth-efficient scheme, called CRBR, that seamlessly integrates network access control and group key management. Performance analysis and simulation results show that our scheme incurs much smaller communication overhead than two other well-known schemes when they are directly applied in overlay multicast. Next we propose a DoS-resilient key distribution scheme, called k-RIP, that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy and command these compromised nodes to drop keying packets. The proposed schemes do not rely on knowledge of overlay topology and can scale up to very large overlay networks.",
author = "Sencun Zhu and Chao Yao and Donggang Liu and Sanjeev Setia and Sushil Jajodia",
year = "2007",
month = "2",
day = "26",
doi = "10.1016/j.comcom.2006.10.003",
language = "English (US)",
volume = "30",
pages = "793--806",
journal = "Computer Communications",
issn = "0140-3664",
publisher = "Elsevier",
number = "4",

}

Efficient security mechanisms for overlay multicast based content delivery. / Zhu, Sencun; Yao, Chao; Liu, Donggang; Setia, Sanjeev; Jajodia, Sushil.

In: Computer Communications, Vol. 30, No. 4, 26.02.2007, p. 793-806.

Research output: Contribution to journalArticle

TY - JOUR

T1 - Efficient security mechanisms for overlay multicast based content delivery

AU - Zhu, Sencun

AU - Yao, Chao

AU - Liu, Donggang

AU - Setia, Sanjeev

AU - Jajodia, Sushil

PY - 2007/2/26

Y1 - 2007/2/26

N2 - This paper studies the security issues that arise in an overlay multicast architecture where service providers distribute content such as web pages, static and streaming multimedia data, realtime stock quotes, or security updates to a large number of users. In particular, two major security problems of overlay multicast, network access control and group key management, are addressed. We first present a bandwidth-efficient scheme, called CRBR, that seamlessly integrates network access control and group key management. Performance analysis and simulation results show that our scheme incurs much smaller communication overhead than two other well-known schemes when they are directly applied in overlay multicast. Next we propose a DoS-resilient key distribution scheme, called k-RIP, that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy and command these compromised nodes to drop keying packets. The proposed schemes do not rely on knowledge of overlay topology and can scale up to very large overlay networks.

AB - This paper studies the security issues that arise in an overlay multicast architecture where service providers distribute content such as web pages, static and streaming multimedia data, realtime stock quotes, or security updates to a large number of users. In particular, two major security problems of overlay multicast, network access control and group key management, are addressed. We first present a bandwidth-efficient scheme, called CRBR, that seamlessly integrates network access control and group key management. Performance analysis and simulation results show that our scheme incurs much smaller communication overhead than two other well-known schemes when they are directly applied in overlay multicast. Next we propose a DoS-resilient key distribution scheme, called k-RIP, that delivers updated keys to a large fraction of nodes with high probability even if an attacker can selectively compromise nodes in the multicast data delivery hierarchy and command these compromised nodes to drop keying packets. The proposed schemes do not rely on knowledge of overlay topology and can scale up to very large overlay networks.

UR - http://www.scopus.com/inward/record.url?scp=33846644358&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33846644358&partnerID=8YFLogxK

U2 - 10.1016/j.comcom.2006.10.003

DO - 10.1016/j.comcom.2006.10.003

M3 - Article

AN - SCOPUS:33846644358

VL - 30

SP - 793

EP - 806

JO - Computer Communications

JF - Computer Communications

SN - 0140-3664

IS - 4

ER -