Secure, Multicast-Multimedia to Mobile Users Peter Sholander, Thomas Tarman, Robert Hutchinson Sandia National Laboratories Albuquerque, NM 87185 Email: {peshola, tdtarma, rlhutch}@sandia.gov Voice: 505-{284-4101, 844-4975, 844-4131} Fax: 505-844-9641 Secure, Multicast-Multimedia to Mobile Users Introduction: The current Internet design provides primarily "best effort" data communications services on a point-to-point basis. This model is appropriate for non real-time (and near real-time) data applications. However, services such as Internet telephony, video-conferencing and distributed, interactive collaborations may require a new model for several reasons. First, users now want a general-purpose Internet that integrates voice, video and data services. However, since those three traffic types have both disparate traffic characteristics and disparate Quality-of-Service (QoS) needs, this integration is difficult. Second, users are increasingly mobile. They now expect access to their communications services from any location. They also expect their communications sessions to follow them as they move. Third, as users become more dependent on their data communications, the Internet will carry increasingly sensitive information. Finally, distributed interactive collaborations often require multicast connectivity. These four trends present difficult technical challenges, particularly for QoS guarantees, traffic modeling, network routing and the efficient encryption of multicast sessions. This white paper discusses these technical challenges, for secure, multicast-multimedia to mobile users, in more detail. Security: There are several interesting security issues for secure, multicast-multimedia to mobile users. First, current cryptographic protocols were developed for unicast connections. Hence, they do not support secure add/drop. When a user leaves a secure multicast group, some of the other remaining users must also change their encryption key. For large, high data-rate multicast sessions, this key-changeover time, and any accompanying resynchronization issues, can limit performance. Hence, a true multicast-enabled encryption scheme could add/drop individual users without requiring a key update for any other member of the multicast group. A second issue is a scalable and efficient key management infrastructure. Public-key systems currently have the following problems -- establishing the chain of trust, inefficient certificate processing and certificate revocation. Secret-key systems also have challenges. How does one efficiently distribute shared secrets to both humans and non-human computer entities? A third issue is agile encryption. A user might have three simultaneous connections -- to a local server, to a user in a foreign country and to a classified DoD computer. For legal, political and technical reasons, those three connections may require different encryption algorithms. Hence, users want one encryption device that provides the appropriate encryption algorithm for each of their multicast, multimedia connections. Mobile users complicate this -- since their encryption device must also meet US export laws. A final issue is authentication. Public cellular uses secret-key authentication protocols. However, secret-key algorithms do not scale to large distributed networks that lack centralized control mechanisms (i.e., the current Internet). The alternative is public-key algorithms, which are slow and power-hungry. Hence, public-key cryptography needs two improvements. A new algorithm should be optimized for power-limited wireless users and also be able to support low handoff latency. These cryptographic problems are quite hard, though. Traffic Engineering: A second issue is traffic engineering for secure, multicast-multimedia to mobile users. There are numerous problems. The first is traffic models. Telephone traffic, in fixed networks, has well-understood statistical characteristics that have led to the well-known Erlang traffic models. However, voice traffic models for cellular networks, are still an active research area. Mobile, multimedia users complicate matters further. Multimedia traffic models are not well-understood. They may require fractal models. Wireless, multimedia probably implies smaller cell-sizes than cellular, and hence far fewer users per wireless-cell. Small sample sizes always complicate statistical modeling. A second issue is whether the current source protocols and coding schemes are optimal for multicast multimedia to mobile users. Mobile, wireless users have a network connection whose bit-rate and error-characteristics may be time-variant.. Consider a single, mobile user. After each call handoff the new wireless cell may not support the same QoS as the previous cell. In cellular voice networks, this yields the notion of Forced Termination Probability (FTP). If a user, with an active connection, moves to a cell where all of the cellular channels are in use then that user's call is terminated. Cellular systems are engineered for a given non-zero FTP. An alternative to forced call termination is to dynamically adjust the user's QoS. Hierarchical coding is one technique that permits this, although there are issues of simplicity versus cost. Should the server drop the extra layers (requires QoS renegotiation during an existing connection) or should the base station (wastes trunk bandwidth)? Multicast complicates this further. For example, what is the optimal multi-party, multicast flow control algorithm when each party's channel supports a different QoS? Where, when and how should flow control be invoked? To which receiver does the source respond? A third issue is resource management and "reactive" versus "proactive" call handoff schemes. In traditional reactive schemes, the network/user invokes call control functions during each handoff. Proactive schemes attempt to predict the user's movement. QoS parameters are then pre-allocated in neighboring cells. This reduces the FTP (or QoS degradation probability). There are two costs though -- namely idle network resources in the adjacent cells and added control complexity. However, mobile, multimedia users may require some form of proactive resource management. Researchers have studied some of these traffic engineering issues already. However, further research is needed. Routing Protocols: A final issue is routing protocols. Current routing protocols are optimized for fixed endsystems and fixed routing elements. For example, cellular systems and Mobile IP overlay a location management function that is optimized for mobile endsystems. However, routing protocols have two classes of users -- namely items that are tracked by the routing protocol (i.e., end-systems) and items that participate in the routing protocol (i.e., routers and switches). The location management protocols in Mobile IP and cellular systems do not deal well with mobile routers or switches. The introduction of address hierarchies (such as in ATM's Private Network-Network Interface) or ad-hoc networking complicates matters further. Future routing protocols should handle these cases better.