Intro & Agenda - Mark Baugher ---------------------------- Focus of smug for last 18 months was to form an IETF WG; this has now been done. What next? Did we really finish everything we started out to do? Not really, pretty focused on SSM. Proposals for new focus areas are solicited, and there is room for discussion. Smugs Charter/Organizational Issues -- Pete Dinsmore ---------------------------------------------------- i) Name Change? SMUGS = Secure Multicast and Group Security Research Group Why? Expand focus, distinguish from MSEC. Suggestion (Calvert): why not GSEC? Multicast is almost misleading, so long as you don't restrict the underlying distribution tree -- it's really broadcast. Baugher: GSEC was my original suggestion. ii) Charter Want it to be broad and open. Look at emerging or immature technologies to distinguish from msec. Note: no transforms -- msec working on that. Goals: review, evaluation, collaboration of ideas; development Next steps: Mailing list discussions [Canetti: advantage of meeting on Sunday was a long meeting time, can take your time and get the ideas across. This time we only have 2.5 hours. Dinsmore: yes, other concerns about getting a slot, esp. back in the U.S.] Another possible next step: write framework document? Probably premature at this point, need to see what ideas are out there and what to focus on. iii) Research Agenda Group Policy Mgmt Group Key Mgmt -- in general, as opposed to specific to certain scenarios. Non-multicast security? Anycast? Reliable multicast... Not meant to be exclusive, starting point for discussion. Presentations to pete_dinsmore@nai.com. Rekeying Dynamic Groups -- Canetti ---------------------------------- Ran did a nice job presenting the work of Naor, Naor and Lotspi???. Draft currently in the pipeline, will be out after the meeting. Algorithm patented by IBM (for CPRM). Bottom-line: very inexpensive re-keying, < 13 bytes for a group of 2^32 members. New algorithm -- Mingyan Li (presenting) ---------------------------------------- Explicit Deisgn of Sub-Lienar Trees with Prespecified Bound on ... Problem: given prespecified communication bound, compute optimal tree, i.e. compute cluster size to minimize storage requirements. Result: reduce storage requirements (from O(N) to O(N/log N) with only a small increase in key update communication. Group Key Mgmt in Wireless -- Lakshminath Dondeti ------------------------------------------------- DARPA-sponsored work, joint with TASC/UMass Domain/Area 2-level hierarchy. Domain/Area Key Distributors. Areas may be defined by geography. AKDs are not mobile -- that's the research topic. [but not what he talked about, which was members moving] When members move between areas, three approaches: i) Baseline rekeying -- rekey both area keys on each move, also change domain (SEK) key. ii) Immediate rekeying -- transfer is a new op (besides join/leave). Both areas rekey, but SEK not changed. iii) Delayed rekeying -- defer rekeying until a member joins/leaves the domain or a threshold is reached, either in terms of number of areas visited, or number of members holding an area key, or just periodically. Result from analytical studies of performance: immediate rekeying is almost as good as deferred rekeying. Future work: AKD mobility and further analysis. [Discussion: how many keys can a mobile node hold onto?] Authenticated Receivers in IGMP, Haixiang He ------------------------------- (Draft forthcoming soon.) Problem: prevent distribution to unauthorized receivers. Solves DoS, may be simple solution to protect content on non-shared medium. Goal: prevent pulling distribution tree into a subnet where there are no other receivers. Lightweight solution required. Approach: use current GKM service to distribute Access Tokens to hosts. Tokens signed by GCKS. Only legitimate routers possess the public key of GCKS. Hosts attach Access Token to the IGMP join message. Host and Router behavior need to be modified slightly; hosts need to use a different token for each host in SSM. When group record first created, router sends a Group-specific Authentication query. Also have to send a group-specific query after every leave message. Discussion: protecting against maintaining the flow after last legit member leaves is by expiration time on token -- has to be engineered for the join/leave characteristics of the particular group. Hardjono: also need to protect the leave messages to prevent DoS for legit receivers on the net. Discussion: public key of GCKS is kept secret so only routers can decrypt the tokens. Discussion: recommend sending notification of draft to IDMR when it is published. Not sure if they would want to take it, but they should be aware of it. (Haixiang agreed) Discussion: does this handle IGMP proxying? Answer: author believes it should be kept separate from proxying mechanism. (Taken offline.) Future Work Items -- Dinsmore ----------------------------- Group Key Mgmt will continue to be an item, as various improvements continue to show up. Plan to have more presentations in next SMUGS/GSEC meeting. Other suggestions for work areas in SMUG? (none) "You won't find this stuff anywhere else..." Attendees ~~~~~~~~~ Hugh Harner hh@sparta.com Ran Canetti canetti@watson.ibm.com Peter Maersk-Moller pmm@ebone.net Catherine Meadows meadows@itd.nrl.navy.mil Steven Berson berson@idi.edu Christian Gayda christian.gayda@icn.siemens.de Tetsuro Morimoto morimoto@mrit.mei.co.jp Angela Schuett amschue@tycho.ncsc.mil Watani Itonaga w-itonaga@ab.jo.nec.com Mingyan Li myli@ee.washington.edu Ralf Schaffechofer ralf.schaffechofer@t-systems.de Steila Frankel steila.frankel@nist.gov Marlin Carlzon malin@sunet.se Marius Janulis mjanulis@genuity.com Hitoshi Asaeda asaeda@wide.ad.jp Michael Bungert michael.bungert@icn.siemens.de Yukihiro Takatani yukihiro.takatani@hitachi-eu.com Peter Liefooghe pieter@info.rib.ac.be Naomichi Nonaka nnokaa@cica.tr Pradeep Behl pradeepb@microsoft.com Peter Higginson plh@lucent.com Disamod Flynn flynn@equinix.com Robert Tashjian rwt@netopia.com Gilles Bourdon gilles.bourdon@francetelcom.com Friyo Majstar franjo@cisco.com Greg Roth groth@genuity.com Hidetaka Izumiyama izu@jsat.net Thierry Turletti turletti@sophia.inria.com Ken Calvert calvert@netlab.uky.com Ulla Sandberg ulla@crt.se Yongguang Zhang ygz@hrl.com Hong-Yon Lach lach@crm.mot.com J-Ch Gregoire gregoire@inrs.telecom.uquebec.ca Hirosato Tsuji hirosato@iss.isl.melco.co.jp Sara Poltan sarab@cs.technion.ac.il Andrew Valentine a.valentine@eu.hns.com Atsushi Kamakita kawakita-atsushi@sic.hitachi.co.jp Patrice Tadonki patrice.tadonki@eust-belague.fr Andy Adams ala@nexthop.com Yann Guinamand yann.guinamand@space.alcatel.fr Mana Lingammani mmani@avaya.com Shinji Matsumoto s-matsumoto@pv.jp.nec.com Emmanuel Lety emmanuel.lety@udcast.com Antoine Clerget antoine.clerget@udcast.com Marty Schoch mschock@multicasttech.com Patrice Cipiere pplc@udcast.com Jonathon Nicholas jonathan.nicholas@itt.com Markku Maki markku.maki@rc.elisa.fr Bakamaimis Byron byronbak@aol.com Julian Chesterfield julian@reearch.att.com Ian Brown i.brown@cs.ucl.ac.uk Reha Civanlar civanlar@reearch.att.com Armin Harhew armin@digitalfountain.com Marshall Eubanks tme@multicasttech.com Radha Poovendran radha@ee.washington.edu Carsten Borman David Arnold davida@pobox.com Luis Costa luis.costa@lipb.fr Andrew Krywaniuk andrew.krywaniuk@alcatel.com Khamphuc Daulasim kdaulasim@agere.com Kai Martius kai@securenet.de Roberto Zamparo roberto.x.zamparo@telia.se Jongwon Choe choejn@sookmyung.ac.kr Vladimir Ksinant vladimir.ksinant@6wind.com Sumyoung Han syhan@konkuk.ac.kr Adrian Tregunna adrian.tregunna@bt.com Roger Cummings roger.cummings@veritas.com Nicolai Leyindun nicolai.legendun@telekan.de Brett Chappall chappallbl@nswg.navy.mil Masahiro Jibiki jibiki@netlab.nec.co.jp Tania Zseby zseby@focus.gmd.de Sunil Iyengar s.iyengar@ems.siurrey.ac.uk Rolland Vida rolland.vida@lip6.fr Haithana Crinkshank h.cruickshank@surrey.ac.uk Akira Watanabe watanabeakr@neco.go.jp Ari Singer asinger@nrtu.com Tobias Martin tobias.martin@t-myrtenis.de Chris Kubic cmkubic@micsi.ncsc.mil Fallow Dressler dressler@rrze.uni-erlangen.de Samuel Sundstrom samuel.l.sundstrom@telia.se Mark Barrett mark.a.barrett@bt.com Hainaix He hainaix@nortelnetworks.com Lakshminath Dondeti ldondeti@nortelnetworks.com Thomas Eriksson thomas.a.eriksson@telia.se Dae Young Kim dykim@cnu.ac.kr Jaehood Nab jhnab@etri.re.kr Ki Young Kim kykim@etri.re.kr Kijoon Chae kjchae@ewha.ac.kr Claude Castellacan claude.castellucaa@innalpas.fr Steve Hanna steve.hanna@sun.com Terry Hayes thayes@netscape.com Thomas Hardjono thardjono@verisign.com Heung Youl Youm hyyoum@sch.ac.kr Kyung Hee Lee leekh@sait.samsung.co.kr Felix Aeschlimann felix.aeschlimann@swisscom.com S Ramanan s.ramanan@hd.neeear.com Yoongtae Shin shin@comp.ssu.ac.kr Tommi Elo tommi.elo@vdslsystems.com Cheryl Madson cmadson@cisco.com Brian Weis bew@cisco.com Peter Dinsmore pete_dinsmore@nai.com Mark Baugher mbaugher@cisco.com