Overlay AuthoCast: Distributed Sender Authentication in Overlay Multicast
Multicast services raise significant operational and security challenges not only when deployed on the Internet layer, but also in overlay networks. Large P2P groups as emerging from IPTV applications may be abused by unwanted traffic or denial of service attacks through amplified flooding. This paper introduces a distributed, autonomously verifiable scheme for multicast sender authentication, which does not depend on pre-established trust relationships. Based on cryptographic identifiers and passport packets, any overlay peer is enabled to verify the origin of data prior to forwarding and to repel its misuse. Dynamic ingress filtering and individually established gradual trust allow for a lightweight protection of the distribution system in structured overlays.