Multicast Survivability and Security
With the importance of group (multi-party) communications for command and control situational awareness, there is a critical need to support such communications robustly and securely across a network. Multicasting allows communication between a single sender and multiple receivers on a network. In addition to being the underlying mechanism for group communication, multicasting is one of the fundamental technologies needed to scale the Internet. Multicasting concentrates resources to gain efficiency to manage bandwidth-intensive multimedia feeds and to reduce congestion by eliminating waste. Unfortunately, this very concentration also amplifies the impact of failures such that a random fault or malicious attack will affect a larger number of users.

Multicast communication models have taken many forms, including trees, meshes of circuits, multicast servers, and application-level virtual rings. For connectionless applications with no expectation of quality guarantees, a tree spanning group membership is acceptable. However, in the tactical or strategic military environment, this is not satisfactory for most applications.

Published results show that application-level virtual rings are the most efficient solution in terms of cost and feasibility. They can be established by users forming a group session given the network status they encounter dynamically at the time of group communications. The rings also provide guaranteed survivability to single failures and group partitioning for multiple failures. This is in contrast to connectionless multicast schemes that embed information about group status into the network infrastructure, creating vulnerability to failures and attack as well as implementation complexity. (Note that there are few commercial IP networks that support multicast services). At this time, however, there has been no feasibility analysis of virtual rings on different network topologies. In addition, there is a lack of proof-of-concept simulations and implementations of virtual rings in test bed or production networks as well as a lack of encryption schemes proposed for unique virtual ring application-level sessions.

Virtual rings are not intended for the formation of many and large groups but specifically for few and small groups such as in a military command or other special circumstances that demand survivability. Recent research has highlighted such a need for survivability given that scale-free networks (real networks as opposed to randomly generated networks) may be survivable to random failures but are extremely vulnerable to specific attacks to a small number of connection-concentrated switches/routers.

NCASSR's Multicast Survivability and Security project explores multicast sessions established at the application layer that would be recoverable from failures/attacks at lower layers (traffic or physical layers). This project will further advance the capabilities for group communications and provide capabilities unavailable from commercial products. Team members will simulate the use of application-level virtual rings on different network topologies. They will implement group communications via virtual rings within a test bed environment to measure survivability to injected failures. The researchers will also investigate different encryption schemes for application-level virtual rings including the N2K constructive key management system by InfoAssure, public key infrastructure PKI, and symmetric key management techniques.

Our plans for Year 2 NCASSR funding build on our successes in Year 1 with the following tasks:

* documentation of peer-to-peer VRing demo
* testing of VRing software
* incorporate human factors feedback to improve VRing
* release of VRing software on the Internet
* develop encryption solution(s) to protect VRing against an attacker threat model
 
Project Leads
Bill Yurcik, NCSA
Jun Wang, NCSA

Return to Projects list


The National Center for Advanced Secure Systems Research NCASSR) at the University of Illinois at Urbana-Champaign (UIUC) is a multi-institutional cybersecurity research team. NCASSR focuses basic and applied research necessary to develop next generation information security technologies that address national cybersecurity needs. NCASSR is led by the National Center for Supercomputing Applications (NCSA) and supported by funding from the Office of Naval Research (ONR).


SELS 0.7 released
Secure Email List Services (SELS) is an open source software for creating and developing secure email list services among user communities.
 
Strong community engagement strengthens cybersecurity research and development
NCASSR-supported exploratory research at NCSA and elsewhere has sparked additional external funding and development opportunities as well as successful deployment and adoption by users ranging from the defense sector to state law enforcement to the utilities industry.
 
NCASSR Collaborator Goes To Washington
Carl Gunter, a professor in the University of Illinois Department of Computer Science and a project lead on NCASSR-supported work involving adaptive, secure messaging, recently spoke to an audience of congressional staffers and lobbyists on Capitol Hill regarding ways to address a variety of critical cybersecurity issues in areas such as healthcare and energy distribution.