An architecture for user authentication of IP multicast and its implementation

Abstract

IP multicast is now at the experimental stage. In order to deploy IP multicast over the Internet as a commercial service, several issues on IP multicast must be resolved. Such issues include security, accounting, QoS and IP multicast address allocation. Among them, one of the most important issues of IP multicast is security for IP multicast. There are no standards on security functions for IP multicast at this time. We propose an architecture for the user authentication function of IP multicast which prevents an unauthorized user from sending and receiving IP multicast datagrams. We extend IGMPv2 for the user authentication function of IP multicast and use RADIUS as the authentication server. We have implemented a prototype system based on our architecture on FreeBSD. Implementation results are also described.