Gothic: A Group Access Control Architecture for Secure Multicast and Anycast

Multicast and anycast have received considerable attention due to their ability to support networked services. There are distinct and significant security vulnerabilities in both the multicast and anycast model including denial of service, theft of service, eavesdropping, and masquerading. The multicast problem requires a secure IGMP. The anycast problem requires secure anycast server advertisements. We generalize these two problems into a problem of group access control and propose Gothic, a complete architecture for providing group access control. Gothic centers around a novel authorization architecture. This is complemented by a proposal for a group policy management system that allows the group owner to be authenticated before being allowed to specify the group access rights. This system can be applied to other works that involve group policy. We show how Gothic operates in a number of environments including application-layer multicast, source-specific multicast, application-layer anycast and global IP-anycast. We evaluate the security and scalability of the architecture and show that it improves scalability over previous solutions while maintaining or increasing the level of security. We also propose methods of integrating Gothic with the group key management system and content distribution tree. We propose and evaluate a group access control aware group key management technique that leverages the existence of a group access control system to substantially reduce overhead.