Dear all,
We have just released a new draft entitled "Securing Group Management
in IPv6".
Unfortunatly we've missed the IETF submission deadline but we'll
submit it
asap.
This draft can be downloaded at:
http://www.inrialpes.fr/planete/people/ccastel/draft-castelluccia-sgmv6-00.txt
We are looking forward your comments/feedbacks....
Thanks in advance...
Regards,
Claude.
======
Abstract
Currently, group membership management in IP multicast
and
anycast lacks sufficient security. It can be abused
by
malicious hosts in order to launch denial-of-service (DoS)
attacks. The root of the problem is that routers
cannot
determine if a given host is authorized to join a group,
sometimes referred to as the Proof-of-Membership
Problem
We propose a solution for IPv6 based on new types
of
multicast and anycast group addresses which we respectively
call
SUCV-M and SUCV-A addresses. Their statistical and cryptographic
characteristics lend themselves to severely limiting certain
classes of attacks. Our scheme is fully distributed
and does
not require any third trusted party or pre-established
security
association between the routers and the hosts. This
is not only
a huge gain in terms of scalability, reliability and overhead,
but also in terms of privacy.
-- ---------------------------------------- Claude CASTELLUCCIA, INRIA Rhone-Alpes ph: +33 4.76.61.52.15 (fax: 52.52) http://www.inrialpes.fr/planete/