The invention generally relates networks and, more particularly, the invention relates to multicast transmissions across a computer network.
Multicasting is a well known method of transmitting data messages to selected groups of users across a network, such as the Internet. One simple example of multicasting entails transmitting an E-mail message to a plurality of users that each are on a mailing list. Video conferencing and teleconferencing also use multicasting principles and thus, often are referred to as xe2x80x9cmulticonferencing.xe2x80x9d Due to increasing demand, protocols are rapidly being developed and refined to support multicasting over a TCP/IP network (i.e., a Transmission Control Protocol/Internet Protocol network, such as the Internet). Among these protocols is the Internet Group Multicast Protocol (xe2x80x9cIGMPxe2x80x9d), which allows users to easily create and join multicasting sessions (xe2x80x9cmulticastsxe2x80x9d).
(Confidential information commonly is transmitted between multicast users (xe2x80x9cmembersxe2x80x9d) during a multicast. Accordingly, it often is desirable that such multicasts have an associated list of authorized members that each may participate in the multicast. Any user that is not on the list of authorized members (xe2x80x9cunauthorized usersxe2x80x9d) thus is not authorized to participate in the multicast.
There are instances, however, when unauthorized users can silently monitor messages transmitted between authorized members of a multicast. More particularly, a member of a subnet having an authorized member of a multicast often can receive data messages from a subnet network device (e.g., a network server or a router) without being detected by the authorized members of such multicast. Authorized members of the multicast therefore continue to transmit data between themselves without knowing that their messages are being received by the unauthorized user.
The art has responded to this problem by utilizing encryption methods for encrypting data messages transmitted during a multicast. One such encryption method utilizes a symmetrical encryption key to encrypt and decrypt multicast messages. Similar confidentiality problems arise, however, when the encryption key is obtained by an unauthorized user. For example, such encryption key can be illicitly given to the unauthorized user by an authorized member of the multicast. The unauthorized user thus can decrypt each received message with the encrypted key, thereby circumventing the advantages associated with the encryption methods.
In accordance with one aspect of the invention, an apparatus and method for limiting unauthorized access to a multicast by one or more members of a subnet reconfigures the multicast if all subnet members participating in the multicast do not reply to a query message. To that end, the apparatus first receives a query message requesting the identity of all subnet members that are participating in the multicast. Upon receipt, the query message is forwarded to each subnet member that is participating in the multicast. Receipt of the message by selected subnet members participating in the multicast causes a reply message to be forwarded. It then is determined if a reply message has been forwarded by all subnet members participating in the multicast. As noted above, the multicast is reconfigured if it is determined that a reply message has not been forwarded by all subnet members participating in the multicast.
The selected members participating in the multicast that forward a reply message preferably are authorized members. Moreover, the apparatus preferably is implemented on a subnet network device, such as a router or bridge. As is known by those skilled in the art, routers in a subnet often undesirably provide easy access to a multicast by any of the members of their respective subnets. There are instances, however, when access must be limited to selected users of the subnet. Receipt of a forwarded reply message from an unauthorized subnet member of a multicast thus would immediately alert the authorized multicast members to the existence of such unauthorized subnet member. To guard against those unauthorized subnet members that do not forward a reply message for this reason, each subnet network device automatically causes the multicast to be reconfigured if all participating subnet members (whether authorized or unauthorized) do not respond to the query message with a reply message. Accordingly, an unauthorized user cannot avoid being detected by not responding to the query message.
The multicast may be reconfigured in many ways known in the art. In preferred embodiments, a parameter of the multicast is reconfigured and forwarded to an authorized set of subnet members that are authorized to participate in the multicast (i.e., similar to the above referenced identification data). For example, the parameter may include a data encryption key that is utilized to encrypt and/or decrypt messages transmitted between authorized members. In other embodiments, a given subnet member in the authorized set forwards a reply message with identification data confirming that the given subnet member is an authorized member of the multicast. The identification data may include, for example, a digital signature of the given subnet member, or a random number associated with the data encryption key for the multicast.
In alternative embodiments, each reply message includes membership data indicating whether or not the forwarding member is an authorized member of the multicast. In such case, the membership data first is located in each reply message to determine if the replying member is an authorized member. The multicast is reconfigured if the membership data in any one of the reply messages indicates that one of the participating members is not an authorized member. The membership data may include a random number that is associated with the data encryption key.
In accordance with another aspect of the invention, an apparatus and method for limiting unauthorized access to a multicast by one or more members of a subnet first forwards a query message to all subnet members participating in the multicast. The query message includes, among other things, a request for the identity of all such subnet members. In response to receipt of the query message, selected subnet members forward a reply message. A given reply message that is forwarded by a given member includes identification data identifying the given member.
After the reply message is forwarded, the identification data in the given reply message is located. The multicast is reconfigured if the given member is not an authorized member of the multicast.
In preferred embodiments, the multicast is reconfigured by reconfiguring a parameter of the multicast, and then forwarding the reconfigured parameter to an authorized set of subnet members that are authorized to participate in the multicast. The identification data identifying the given member may include a digital signature of the given member, or a data encryption key that is utilized to encrypt and/or decrypt messages transmitted between authorized members of the multicast.
In alternative embodiments, it is determined if a reply message has been forwarded by all subnet members participating in the multicast. The multicast is reconfigured if it is determined that a reply message has not been forwarded by all subnet members participating in the multicast. In other embodiments, the query message is forwarded by a forwarding member of the multicast that is not a member of the subnet. The subnet may include a local network of computers that is coupled to a larger computer network (e.g., the Internet). The local network may be a local area network.
Preferred embodiments of the invention are implemented as a computer program product having a computer usable medium with computer readable program code thereon. The computer readable code may be read and utilized by the computer system in accordance with conventional processes.