Multimedia streaming is considered to be a major evolving Internet application since it aims at replacing widely known television applications such as video-on-demand, pay-per-view, or video broadcast. Currently, a number of portal sites offer Internet protocol (IP) multicast services to be extended to the communication of such services to wireless terminals. With such a service, a wireless system broadcasts data packets to a plurality of wireless terminals. Each wireless terminal receives and processes the same stream of packets. An example of a multicast service is IP multicast streaming for news and entertainment content in audio and video formats. In other types of services, multiple sources broadcast data packets to a plurality of wireless terminals. An example of this type of service is multiparty multimedia conferencing whereby a plurality of wireless terminals multicast data packets to one another during a conferencing session. As will be appreciated, multicast communication is typically more spectrum efficient than unicast communication since multicast communication services are amenable to broadcasting to a group of wireless terminals. Because frequency spectrum for wireless services is very limited and very expensive to expand, the utilization of multicast services is very appealing to wireless service providers.
With an increase in the use of multicast communication, providing security for such communication also increases. Generally, multicast security has a number of goals, including for example, securing multicast communication for the multicast group (e.g., encryption), integrity protection, and providing an automated exchange and management of keying material for the multicast group. In addition, multicast security often attempts to deploy one or more security policies for multicast communications within the multicast group.
Multicast security also typically desires to provide data source authentication, often in addition to securing multicast communication for the multicast group. As will be appreciated, a source of data is often automatically authenticated in the case of in point-to-point communications. This is particularly the case when such point-to-point communications are symmetric key secured since only the source and destination possess the symmetric keys necessary to decrypt and/or authenticate the transmitted content. In contrast, in many conventional multicast security techniques, all of the members of a multicast group possess a symmetric key common to the group members. In such an instance, the source of data can typically only be identified as being a member of the multicast group, without identifying the particular group member.
One conventional technique for authenticating the data source in multicast communications is to digitally sign each data packet transmitted from the source to the members of the multicast group. Digital signatures provide non-repudiation on top of data source authentication and integrity protection. However, digital signatures also typically utilize public-key cryptography, which can be significantly slower to implement than symmetric key cryptography message authentication codes (MACs). Digital signatures also often require more data space overhead than MACs.
In an effort to alleviate the overhead associated with digital signatures, techniques have been developed whereby digital signatures are amortized over a number of packets. Examples of such techniques are star/hashing techniques, and different variations of hash chaining. Whereas such amortization techniques do reduce the overhead associated with digital signatures, such techniques also typically increase the communication costs, and often require the source and destinations to buffer data. In addition, various techniques such as that provided by the Timed Efficient Stream Loss-Tolerant Authentication (TESLA) protocol and its variations can require a form of time synchronization between the source and destinations, further complicating the source authentication procedure.
A more recently developed technique is disclosed by U.S. patent application Ser. No. 10/867,150, entitled: System, Method and Computer Program Product for Authenticating a Data Source in Multicast Communications, filed Jun. 14, 2004, the contents of which are hereby incorporated by reference in its entirety. In accordance with this more recently developed technique, a multicast group includes a source member that multicasts data packets, and a plurality of destination members that receive the data packets, where each member of the multicast group is associated with a symmetric key that is known to each other member of the multicast group.
In operation, the source member is capable of generating a code for a data packet using a symmetric key associated with the source member and thereafter multicasting the data packet and the code. Each of the destination members, then, is capable of receiving the data packet and the code. The destination member can then multicast a recall packet to the members of the multicast group when the destination member determines that the source member claims an identity of the respective destination member (i.e., spoofs the identity of the respective destination member), the source member in this instance operating as a rogue member of the multicast group. Otherwise, the destination member is capable of authenticating the source member based upon the code.
A technique for authenticating a source in multicast communications such as that disclosed by the '150 application overcomes the drawbacks of the other aforementioned techniques. In this regard, the technique of the '150 application permits the destination members to authenticate a source member without requiring digital signatures or time synchronization between the source and destinations in point-to-multipoint, multicast communication. As will be readily appreciated by those skilled in the art, however, it is generally desirable to further improve upon existing techniques, including that of the '150 application.