UWSpace: Bootstrapping Secure Multicast using Kerberized Multimedia Internet Keying

Library Home Page > UWSpace

	Home

Browse
	Communities & Collections
	Titles
	Authors
	Subjects
	By Date

Sign on to:
	Receive email updates
	My UWSpace registered users
	Edit Profile

UWSpace >
University of Waterloo >
Electronic Theses and Dissertations (UW) >

Please use this identifier to cite or link to this item: http://hdl.handle.net/10012/6635

Title:	Bootstrapping Secure Multicast using Kerberized Multimedia Internet Keying
Authors:	Woo, Jeffrey Lok Tin
Keywords:	MIKEY Kerberos Multicast Security Multimedia Internet Keying Protocol Composition Logic
Approved Date:	24-Apr-2012
Date Submitted:	2012
Abstract:	We address bootstrapping secure multicast in enterprise and public-safety settings. Our work is motivated by the fact that secure multicast has important applications in such settings, and that the application setting significantly influences the design of security systems and protocols. This document presents and analyzes two designs for the composition of the authentication protocol, Kerberos, and the key transport protocol, Multimedia Internet KEYing (MIKEY). The two designs are denoted to be KM1 and KM2 . The main aspect in which the objective impacts the design is the assumption of an additional trusted third party (called a Key Server) that is the final arbiter on whether a principal is authorized to receive a key. Secure composition can be a challenge, and therefore the designs were kept to be simple so they have intuitive appeal. Notwithstanding this, it was recognized that even simple, seemingly secure protocols can have flaws. Two main security properties of interest called safety and avail- ability were articulated. A rigorous analysis of KM1 and KM2 was conducted using Protocol Composition Logic (PCL), a symbolic approach to analyzing security protocols, to show that the designs have those properties. The value of the analysis is demonstrated by a possible weakness in KM1 that was discovered which lead to the design of KM2 . A prototype of KM1 and KM2 was implemented starting with the publicly available reference implementation of Kerberos, and an open-source implementation of MIKEY. This document also discusses the experience from the implementation, and present empirical results which demonstrate the inherent trade-off between security and performance in the design of KM1 and KM2 .
Program:	Electrical and Computer Engineering
Department:	Electrical and Computer Engineering
Degree:	Master of Applied Science
URI:	http://hdl.handle.net/10012/6635
Appears in Collections:	Faculty of Engineering Theses and Dissertations Electronic Theses and Dissertations (UW)

Files in This Item:

File	Description	Size	Format
Woo_Jeffrey_Lok_Tin.pdf		553.54 kB	Adobe PDF	View/Open

This item is protected by original copyright

View Licence

University of Waterloo Library
200 University Avenue West
Waterloo, Ontario, Canada N2L 3G1
519 888 4883

contact us | give us feedback | http://www.lib.uwaterloo.ca | © 2006 University of Waterloo