A Secure Multicast Protocol with Copyright Protection Hao-hua Chu Department of Computer Science, University of Illinois at Urbana-Champaign 1304 West Springfield Avenue Urbana, IL 61801, U.S.A. Lintian Qiao Department of Computer Science, University of Illinois at Urbana-Champaign 1304 West Springfield Avenue Urbana, IL 61801, U.S.A. Klara Nahrstedt ∗ Department of Computer Science, University of Illinois at Urbana-Champaign 1304 West Springfield Avenue Urbana, IL 61801, U.S.A. ABSTRACT We present a simple, efficient, and secure multicast protocol with copyright protection in an open and insecure network environment. There is a wide variety of multimedia ap- plications that can benefit from using our secure multicast protocol, e.g., the commercial pay-per-view video multicast, or highly secure military intelligence video conference. Our secure multicast protocol is designed to achieve the follow- ing goals. (1) It can run in any open network environment. It does not rely on any security mechanism on intermediate network switches or routers. (2) It can be built on top of any existing multicast architecture. (3) Our key distribution protocol is both secure and robust in the presence of long delay or membership message. (4) It can support dynamic group membership, e.g., JOIN/LEAVE/EXPEL operations, in a network bandwidth efficient manner. (5) It can provide copyright protection for the information provider. (6) It can help to identify insiders in the multicast session who are leaking information to the outside world. We have imple- mented a prototype system which validates our secure mul- ticast protocol and evaluated it against various performance matrices. The experimental results are very encouraging, but also show where new engineering approaches need to be deployed to conform fully to the design goals. Keywords Multicast security, copyright protection, key distribution, watermark ∗ This research is supported by National Science Founda- tion Career Grant NSF-CCR-96-23867, Research Board of University of Illinois at Urbana-Champaign and Air Force Grant, Number F30602-97-2-0121. Any opinions, findings, and conclusions or recommendations expressed in this ma- terial are those of the authors and do not necessarily reflect the views of the National Science Foundation. For further author information, e-mail huawang,klara@uiuc.edu 1. INTRODUCTION We present a simple, efficient, and secure multicast protocol with copyright protection in an open and insecure network environment. There is a wide range of multimedia applica- tions that can benefit from using our secure multicast pro- tocol, e.g., the commercial pay-per-view video multicast, or highly secure military intelligence video conference. Our se- cure multicast protocol is designed to achieve the following goals: • Security in Open Network Environment We assume that group members, who can be either or both senders and receivers, are in an open network environment. This means that the multicast streams may travel through intermediate switches or routers which may or may not have any security mechanism. Therefore, our secure multicast protocol must not de- pend on any of the intermediate network components for security support. • Multicast Architecture Independence Our secure multicast protocol can be implemented on top of any existing multicast protocols: M-OSPF [54], DVMRP [54], CBT [6], or PIM [23]. We achieve this by encrypting or decrypting data on the endpoint hosts before sending it to or after receiving it from the un- derlying multicast protocol. • Robust Dynamic Membership Support Lost packets and long network delay are prevalent in any open network environment, e.g. the Internet, where the traffic congestion level and bandwidth avail- ability for members in the same multicast group can vary significantly. As a result, the key distribution protocol must deal gracefully with lossy or long delay unreliable multicast channels. • Real-time Encryption In order to provide secure data transmission, it is nec- essary to design encryption algorithms for multimedia data because of their special characteristics, such as their coding structure, large amount of data, and real- time constraints. In particular, we are interested in the secure algorithms for MPEG video streams. The MPEG video encryption algorithm should aim towards efficient and real-time processing so that they can be- come an integral part of the video delivery process and ACM SIGCOMM Computer Communications Review Volume 32, Number 2: April 2002 42