"Multicast and Group Security", Thomas Hardjono/Lakshminath R.
Dondeti, 2003, 1-58053-342-6, U$89.00/C$137.95
%A Thomas Hardjono
%A Lakshminath R. Dondeti
%C 685 Canton St., Norwood, MA 02062
%I Artech House/Horizon
%O U$89.00/C$137.95 617-769-9750 artech@...
%P 307 p.
%T "Multicast and Group Security"
Multicast security may involve a problem of confidentiality in a
situation where confidential information is distributed to a number of
parties simultaneously, and also where you may wish to authenticate
the user, while simultaneously preserving his (or her) privacy. This
is a very interesting problem in another area of security, that of
emergency preparedness and communication. Technically, the problem
has solutions. Practically, it may not: can you completely trust the
recipients not to redistribute the confidential information that you
sent? The other obvious application lies in the realm of the ultimate
promiscuous network: wireless.
Chapter one seeks to point out the motivation and need for multicast
security, but it does not do a convincing job due to a lack of detail
about the multicast process. This deficiency is partially made up in
chapter two, but it does mean that much of the text in the second
chapter echoes that already presented in the first. Authentication is
addressed in chapter three with regard to the need to verify that a
given message came from either any member of the group or a specific
member, and that an individual cannot deny having sent a
communication. Having overexplained the basic cases, when the authors
move into the details of specific (and sometimes very complicated)
signing operations, they frequently fail to make clear the reasons for
the use of these systems.
Although there is no formal division in the book, chapter four is the
first of three chapters dealing with key management for groups. The
difficulties of such a practice have already been raised in the
introductory material, and this chapter provides very little more,
primarily making analogies with the security associations (SAs) of
IPSec (Internet Protocol Security). Chapter five presents various key
management architectures and protocols. The details of operation are
clear enough, but the intent of the different procedures is not always
made clear, so that it is difficult to understand when a new process
is said to be an improvement. Key management algorithms, in chapter
six, are primarily concerned with reissuance of group keys after a
member has left the group.
Chapter seven's discussion of group security policy is limited to
procedures and standards, and thus generally repeats much that has
gone before. Even if privacy of transmission is assumed, security
concerns can still posit denial of service situations where false
control messages are sent to join, leave, or submit to groups, and so
routing, in chapter eight, is vital. Reliable transport, or
guaranteed delivery, also needs to be considered separately, as is
done in chapter nine. Cases and specific applications are reviewed in
chapter ten. Chapter eleven looks at future directions and research.
The writing is unnecessarily verbose and repetitive. Background
information is provided in support of the concepts covered, but in a
disorderly manner. The structure and organization of material could
be improved with little effort, and would result not only in text that
was easier to read, but also in a simpler logical flow. In addition,
the "alphabet soup" of acronyms is particularly thick in this work,
and the authors are not careful about defining an abbreviation before
they use it: some acronyms are never defined.
This book does provide an introduction to multicast security, but
you'll have to work for it.
copyright Robert M. Slade, 2003 BKMCGPSC.RVW 20030915
rslade@... slade@... rslade@...
Computer Security Day, November 30 http://www.computersecurityday.com/