Robust congestion control for IP multicast
MetadataShow full item record
IP multicast is a network service for scalable distribution of data to multiple receivers. Traditional protocols for multicast congestion control rely on trust: each party is assumed to follow guidelines for fair bandwidth sharing. However, with the growth and commercialization of the Internet, the assumption of universal trust is no longer tenable. In this dissertation, we consider a relaxed model where receivers are untrustworthy and can misbehave to acquire an unfairly high bandwidth at the expense of competing traffic. Our experiments with existing multicast protocols show that each of the evaluated protocols is vulnerable to receiver misbehavior. To take the first step towards robust multicast designs for distrusted environments, we focus on the class of feedback-free protocols where receivers provide no feedback to the sender and control congestion by regulating their subscription levels in the multi-group session. Unfortunately, the mechanism of group subscription offers a misbehaving receiver an opportunity to inflate its subscription level. Such inflated subscription attacks pose a major threat to fairness of bandwidth allocation. This dissertation is the first to solve the problem of inflated subscription. The presented designs rely on an insight that the ability of a receiver to access a multicast group should be tied with the congestion status of the receiver. First, we address individual attacks where a receiver inflates its subscription with no assistance from other receivers. Our solution guards access to multicast groups with dynamic keys and consists of two independent components: DELTA (Distribution of ELigibility To Access) – a novel method for in-band distribution of group keys to receivers that are eligible to access the groups according to the congestion control protocol, and SIGMA (Secure Internet Group Management Architecture) – a generic architecture for key-based group access at edge routers. DELTA and SIGMA require only minimal generic changes in the edge routers, do not alter the core of the network, and introduce no auxiliary servers. Then, we extend the design to protect multicast congestion control against inflated subscription of colluding receivers. To illustrate that integration with DELTA and SIGMA makes multicast protocols robust to inflated subscription and preserves other congestion control properties, we derive and evaluate robust adaptations of RLM and FLID-DL protocols.