Managing and Securing the Global Multicast Infrastructure

Prashant Rajvaidya, Krishna N. Ramachandran and Kevin C. Almeroth
Department of Computer Science 
University of California
Santa Barbara, CA 93106-5110 
{prash, krishna, almeroth}@cs.ucsb.edu

A lack of mechanisms to monitor and manage multicast networks has
adversely affected progress in several areas critical for successful
deployment. One such area involves discovering and solving multicast
security vulnerabilities. Although a number of vulnerabilities exist,
the most troubling are a set of easily exploited Denial-of-Service
(DoS) attacks. The main reason for this concern is that the
one-to-many nature of multicast can significantly magnify the effects
of these attacks. Among the possible multicast DoS attacks, those that
target the the Multicast Source Discovery Protocol (MSDP) can be most
damaging. MSDP vulnerabilities are unusually easy to exploit and can
lead to infrastructure-wide damage. In this paper, our goal is to
develop a security framework that protects against DoS attacks through
detection and then "deflection". In developing our framework, we first
examine the vulnerability of multicast protocols, to DoS attacks. We
use data collected with our global monitoring infrastructure, Mantra,
to analyze the nature and effects of attacks that have already
occurred.  We then create additional, more virulent strains. Finally,
we propose a family of solutions to detect and deflect the effects of
each attack. Our techniques are evaluated by simulating their
effectiveness against both real and simulated workloads.