PROPOSAL TO ARPA FOR PROJECT EXTENSION TO D079

Mechanisms for Supporting and Utilising Multicast Multimedia

Principal Investigators Jon A. Crowcorft and Peter T. Kirstein

Department of Computer Science, University College London, April 10, 1998

Section I Administrative

Original BAA Number: BAA 94-07-09

Technical Topic Area: Multicast Services

Title: Mechanisms for Supporting and Utilising Internet Multicast Multimedia

Technical Point of Contact: J.A Crowcroft, P T Kirstein

Email: jon@cs.ucl.ac.uk, kirstein,@cs.ucl.ac.uk

Fax: +44 171 387 1397

Mailing Address: Department of Computer Science,

University College London

Gower St, London WC1E 6BT, England

Administrative Point of Contact: Peter T. Kirstein

Email: kirstein@cs.ucl.ac.uk

Fax: +44 171 387 1397

Mailing Address: Department of Computer Science,

University College London

Gower St, London WC1E 6BT, England

Type of Business: Educational.

Initial Period 15 Jan 1996. - 14 Jul 1998

Initial Amount $571,856

Proposed Extension 14 Jul 1998 - 30 Sept 2000

Proposed Amount $199985

Signatures:

Principal Investigators:

Peter T. Kirstein Date

Jon A. Crowcroft Date

Head of Department

(Computer Science)

Steve R. Wilbur Date

College Authority

(Assistant Director Research Grants):

Mike Griffiths Date

 

Section II Summary of Proposal

  1. Purpose of Research

A1 The Original Research

Multicast has emerged as one of the key enabling technologies for supporting next generation networking applications such as video conferencing. In the past years, there have been considerable research activities in the Internet community on multicast routing protocols and multicast-based applications, and significant progress has been made in developing and utilising this technology. Nevertheless, there are still many important issues remain unsolved. We believe that the following mechanisms have to be developed before a wider community can make full use of multicast conferencing on a regular basis.

The purpose of the proposed research project is to develop novel mechanisms for supporting and utilising Internet multicast. In particular, we will carry out research and development in the three areas identified above.

A2 Purpose of First Extension

The aims of the original proposal remain valid; they have been largely achieved. There have been a number of recent changes in the software available from the CAIRN project both in IPv6-capable implementations and in the incorporation of the appropriate forwarding code. The former uses the IPv6 code from INRIA; the latter the ALT-Q forwarding code from Sony. Thes combination of these facilities will make a much more convenient for the achievement of deployable resource reservation. However, The combined CAIRN release is only now being put together; we do not expect it to be stable for another month. While we are starting to work with this code in parallel with the ISI release, we expect that this will require work for another month. For this reason, we would like a short, no cost two-month extension that would permit us to deploy our revised software over the CAIRN network. During this extension, we would put up the preferred mechanism for QoS on the UCL-Washington path as a default one; we would hope to persuade NASA to forego the hardwired split by means of separate ATM VCs on the link. This activity requires also that there be a permanent connection between CAIRN and the current version of the NASA NSI - which is only now coming into effect.

The second activity during this extension would be to deploy the asymmetric version of Private Announcements (secured SAP). The exact form of this has been held up until now in the IETF, pending argument on whether asymmetric encryption would be specified in the experimental Standard. This has now been resolved, and the UCL implementation is. However, we probably need to have the full summer to deploy it. This will require an early version of a Secure DNS, to hold the User Certificates. This activity is again only now being put together in the CAIRN community.

A3 Purpose of Second Extension

We would then like a small extension for a further two years to complete work that has already been started during the current project. This work includes the following:

The above components would all be made to operate, by the end of the extension period, over IPv6. The above are logical extensions of the work undertaken in the first 30 months of the current project. The security extensions would use many of the ideas of our past work, but would be re-engineered in the light of progress with both IPv6 and IPSEC. Thus where possible, we will use not application-level security - as hitherto, but IPSEC level security. This will require resolution of a number of outstanding problems with multicast IPSEC.

 

B. Statement of Work

In this section, we outline the work we intend to carry out in this project. Each task will be elaborated in the Technical Rationale section.

B1 Work during First Extension

  1. Deploy precedence queuing on the CAIRN link between UCL and ISI, using the IPv6 versions. Demonstrate that it can provide weighted fair queuing between the NASA and the DARPA traffic as the load increases. This work will use the latest version of the CAIRN routers, and be based on the ALT-Q forwarding kernel. As a result, it will be completely compatible with the remaining use of CAIRN. We have obtained interest from NASA also in this activity.
  2. Deploy a secured DNS with User Certificates for interested Conferees in the CAIRN community.
  3. Deploy either PGP or S-MIME to the interested parties, and distribute Group key pairs for private conferencing.
  4. Deploy the private forms of SDR to allow announcements of private conferences - using the Group Keys distributed in (3).

B2 Work during Second Extension

Provide full implementation of the Session Invitation Protocol (SIP) - including its security extensions. This will require some re-work of the media tools, to allow their use of an underlying IPSEC infrastructure. Most of the current IPSEC implementations do not support addressing of multicast groups; this deficiency will have to be addressed. We will incorporate also those encryption algorithms which are recommended in the IETF community.

  1. Deploy a security infrastructure, so that group key pairs are stored in a Secure DNS, with access controlled by group membership; Such a mechanism will be more in tune with the security deployment.
  2. Provide secure multicast WEBCAST facilities to provide authenticated and encrypted pre-distribution of presentation material. This work requires the Originator to set up security associations, to ensure that the appropriate privileges should be granted. Here we expect to use the normal ISAKMP/Oakley exchanges.
  3. Provide access control and confidentiality on the Server to add stored material into conferences. This will require both the use of IPSEC with multicast, and the incorporation of the normal ISAKMP/Oakley exchanges to authorise the storage.
  4. Ensure UCL Universal Trancoding Relay can process encrypted media streams in a trusted gateway - using Standard Internet security procedures. We believe this will require an IPSEC transcoding stage in the Relay. The control of such stages will require the use of IPSEC with multicast, and the incorporation of the normal ISAKMP/Oakley exchanges to authorise the control of the Relay and the decryption/re-encryption stage in the Relay.
  5. This gateway will also be used for connecting in mobile and other devices.
  6. Deploy Secure Conferencing over CAIRN with full security infrastructure, all the above features, and both SIP and SAP. This will use as much as possible of the normal IPSEC based security; application-level security will be used only when we can think of no way of performing the functions at a network level.
  7. Investigate the functionality required to control and aggregate data from a large number of audio devices in a hierarchic organisation. This application is related to the activity in (5), but is significantly different. In (5) the Relays were receiver-controlled. Here they will be controlled in managed way. We are already modifying our relays so that they can be controlled from management stations. This work will be extended, so that they can be controlled by multicast techniques. We believe by appropriate use of TTL and administrative scoping, it will be possible to set up mechanisms which are hierarchic, and yet can be made precise - allowing the control of large numbers of devices. The Relays will then be able to provide appropriate aggregation functions on receiving the information from comparatively dumb sensors.

C. Deliverables

The deliverables from this project will be in the form of technical reports, algorithms and software.

C1 Deliverables in First Extension

  1. Deployment in routine way of IPv6 version of Precedence Queuing software on UCL-ISI link.
  2. A technical report proving viability of (1) for future operations of the link.
  3. Software package, including ancillary management packages, for deploying Secure SAP;
  4. Report on holding certificates in Secure DNS

C2 Deliverables in Second Extension

  1. Software package, including ancillary management packages, for deploying Secure SIP;
  2. A technical report on storing group key pairs in a Secure DNS - and the ancillary management packages.
  3. Software and package technical report on the secured WEBCAST tool
  4. Software package and technical report on the secured multimedia server.
  5. Software package and technical report on the secured UCL transcoding gateway.
  6. Software package and technical report on the use of hierarchic multicast control of relays.
  7. Technical report on the features needed, and lessons learnt, from deploying secure conferencing over CAIRN.

D. Technology Transfer

The research results and software from this project will be transferred DoD, HPCC and commercial communities through IAB Research Groups, IETF WGs, other standards and publication channels, and our collaborations with Bellcore, Sun, Cisco, Xerox and BT/MCI/UUNET.

E. Cost, Schedule and Milestones

Schedule and Milestones

The schedule for the first extension is self-evident, since it is only a 2.5-month extension - with the Deliverables at the end of that period.

The activities in the second extension are critically dependent on the timing of implementations from other collaborators. For example, the Secured SIP depends on delivery of the unsecured versions from ISI and Columbia. The WEBCAST, Server and Relay components depend almost entirely on UCL - unless further discussion with Steve McCanne at UCB determines that we drop one of our components, and concentrate on working with his. This aspect of the work is collaborative between the groups, and the decisions will be based mainly on pragmatic grounds. The main aim is that a complete set of all the components will be complete in some form at the end of the first year. The second year will be spent in upgrades and bug fixes in the light of experience in deployment over CAIRN.

Costs

It is not really feasible to associate costs with each task in each year. We will list the total costs here and will discuss with the Project Officer as the research progresses. The overall cost will be $1999985 over the 27 months of the project. Details of the costs are given in Section I and Annex II. Assuming a start date of July 17, 1998 for the no-cost extension, the cost breakdown in the different financial years is given below:

 

 

FY

1998

1999

2000

Total

 

Cost in $

0

98336

101649

1999985

 

F. Proprietary Claims

All results from the project will be freely available for ARPA purposes.

G. Technical Rationale and Approaches

In this section, we provide the necessary background to the work we propose to carry out, discuss the technical approaches we will use and the relationship with other on-going work.

UCL has access to an experimental high-speed testbed (LEARNET) in the UK, a more limited wide-area testbed in Europe, and a further two links to the US CAIRN. BT funding (to run for 1-5 years) and EU funding (running until late 2000). The main UK testbed has both WDM and ATM components, with significant amounts of SMDS; we also have primary rate ISDN access, have experimental access to a DBS satellite, and are deploying local radio access.

We will use these technologies to build experimental platforms for the work described above. Since we can introduce real traffic patterns from a real evolving community, we will be able to validate each stage of our work very effectively.

UCL has been very active in the area of multicast and multimedia communications. There are currently several projects on multicast routing, multimedia conferencing, and congestion control and resource management. Many of the other related projects at UCL have already fed into the current project. We are designing a new multicast routing algorithm CBT in collaboration with Bell Communication Research (Bellcore). CBT is currently under consideration by the Inter-Domain Multicast Routing Work Group (idmr-wg) of the Internet Engineering Task Force (IETF), where Tony Ballardie from UCL is the co-chair of the idmr-wg. The MECCANO, COIAS, ICE-CAR and PROSPECT projects look into large-scale multimedia video conferencing.

UCL developed a multicast transport protocol to run over the then new IP multicast service. In the EU MERCI project, we have developed a number of tools with partners for end-to-end multicast support for applications. These include congestion control for audio and video conferencing programs; quality and topology monitoring tools for the Mbone; Engineering of RTP mappings for multicasting H.261 compressed video; design of variable loss tolerant audio encoding; design of a next generation shared text editing package based on optimistic consistency end-to-end multicast protocols. We have developed to other components which we will use in this extension - a UCL transcoding gateway and a multimedia recorder and player. Many of these tools and components work with encrypted media streams, and allow for full authentication.

In most of the work below, we will be moving over to the use of IPv6, and the extra facilities this yields as rapidly as possible. So far we have not used IPv6 in the present project. We now discuss each task in some detail.

 

  1. Resource Managed UK-US link

We have already done tests on Precedence queuing and CBT on the UCL-ISI CAIRN link. We expect to complete these tests during the current project. However, for a proper deployment of the technology over both links, we need to go considerably further. First, we must collect both the NASA and the CAIRN traffic - adjusting the routing tables so that the NASA traffic flows over a connection between CAIRN and the NASA scientific network. This requires a number of changes in both CAIRN and the NASA network. Examples are:

  1. Complete and Deploy Currently Available tools for Secure Conferencing
  2. In the present project, we have largely completed the Secure SDR with private announcements. We have not yet issued any certificates to end-users outside UCL, nor deployed the other management and certificate distribution and storage facilities needed to really deploy secure conferencing on any realistic scale. This will require providing an integrated package, which includes S-MIME and or PGP to distribute certificates and either Pass-Phrases or Group key pairs, We expect to complete all these components before the end of the current phase of the project, and then to deploy them during the first extension period.

  3. The Session Invitation Protocol.
  4. The specification of the Session Invitation Protocol is largely complete. The current version of SDR has many components already implemented; though the security attributes are still only paper specifications. The SIP specifications have a close relationship to the use of Mobile IP; invitations have a similar path. Considerable work will have to be done to implement the security aspects of SIP. At one level there are all the problems of OnionSkin hop-hop encryption, and what can be provided at proxy nodes. At another, the use of IPv6 for the invitations should easy this proxy activity from an addressing viewpoint. We also expect to use SIP to start up both the Servers and Relays mentioned below. This will have other security implications that will be resolved during the second extension.

  5. The Security Infrastructure.
  6. A security infrastructure is already being installed for many electronic commerce and network protection purposes. One component of this is the secured DNS; others are the various secured network components being secured. Over the course of the next year, CAIRN will increasingly be deploying a real security infrastructure. We are defining what of that infrastructure is needed for secure conferencing, and where we will have to supplement the components being deployed for other purposes. So far, for example, smart cards have not been deployed widely over CAIRN; we see them as one way of making secure conferencing mush simpler to deploy.

  7. Secure Webcast
  8. The tools for presentations to large audiences including slide and other server-based material is not yet very well advanced. It is clear that prior distribution of material is an important aspect of this activity. Several mechanisms can help in this. First, one can hold and distribute the material via WWW Servers; second, one can use an agent to distribute the material from the WWW server by reliable multicast. The layered reliable multicast protocol developed by Viciano and Crowcroft should be ideal in this context. For secure conferences, it is also necessary to ensure that the pre-distributed material should not be accessible by unauthorised parties. For the purposes of secured presentations, we will organise the Webcast tool so that only its control structures are able to access the pre-stored material. We will provide authentication, and possibly encryption, procedures in the proxies to ensure these mechanisms.

  9. Secured Server
  10. There are a number of multimedia servers available. Two are the one developed under the MASH project by Steve McCanne, and one the MMCR from UCL. Currently many of these can store encrypted sessions, because they store the complete RTP packets. However, they have considerable problems with storing the results shared workspace tools like wb; this is partly because they do not know what to do with missing packets, and partly because it is necessary to reconstruct the whole dialogue for moving forward or back through a stream. We plan to tackle a number of aspects still missing in the Servers. First we will not store the information in the original RTP format; with some of the self-repairing transmission formats (e.g. those used in RAT), it is desirable to have the tool repair the streams, and then store them in a format suitable for storage rather than transmission. The re-transmission must take into account the transport conditions appopriate to the situation when the replay is occuring, which may be quite different than when it was recorded. Another aspect is that the Recorder must then be a member of the conference trusted with the encryption key. The stored recordings may be encrypted in a longer term mechanism than the transmission encryption. The whole question of secured servers, authenticated access and the difference between transmission and storage formats will be examined.

  11. Secured UCL Transcoding Gateway (UTG)
  12. UCL has a transcoding gateway based on a technology from UCB, but considerably modified. It does multicast-unicast conversion, audio aggregation and video switching. It also has facilities for transcoding and passing through reliable multicast packets for shared work-space. The component still needs a number of modifications. These include dealing with layered coding, having a much more intelligent behaviour with its treatment of missing packets in reliable multicast, ability to deal with several versions of reliable multicast, security considerations for trusted operation (at present it can do very little with encrypted streams; it should be a trusted device with the capability to decrypt and re-encrypt. These improvements will be made to the component. Finally, we must ensure that only authenticated clients with the right access rights can re-configure the UTG.

  13. Secure Conferencing.

Even when all the individual components are operating correctly separately, there is still a considerable amount of work in getting the components to work correctly with a complete security infrastructure. We expect that the separate components will largely be operational by the end of the first year of the second extension. The last year will be spent in integrating all the components together with a security infrastructure, and getting a complete deployment over CAIRN. This work will not be done only in this project; it is strongly related to work being done in the MECCANO and ICE-CAR projects. However, those projects are much more oriented to an X.500 and Directory environment; here we expect to concentrate more on a secure DNS security infrastructure.

H. Key Personnel

The principal academics who will be associated with this work are Profs Peter Kirstein and Jon Crowcroft, who will be spending about 20% of their time on the project. Both have been Principal Investigators for ARPA projects and have been working in the areas of the proposed research for many years. The research workers directly on the project will probably be Mr Panos Gevros and a research student.

Peter Kirstein

Peter Kirstein received his undergraduate degree in Maths and EE at Cambridge University. He also has a Ph.D in EE from Stanford U., and a D.Sc from London U in the same subject.

Peter has worked at Stanford U (USA), CERN (Switzerland), and the US General Electric in (Switzerland). He is now Professor and Director of Research in the Department of Computer Science at University College London. Professor Kirstein has been leading research projects in computer communications networks, telematic services, security and multimedia for over 20 years.

Most of his current research projects include collaboration with European and US colleagues. Amongst these activities are developments in multimedia, document access and security applications, and piloting them in the international Research Community.

Peter has a number of projects in the high speed network and multimedia area. He is Director of the CEU-sponsored MECCANO project to pilot multi-way, real-time multimedia services in Europe with links to the US; that project will be supplemented shortly by the ICE-CAR provision of a European security infrastructure. This work arises out of other activities he has been conducting both with ARPA and the CEU RACE program in Network Management and Distributed real-time systems; these activities are now being extended to use the emerging ATM infrastructures in the UK and the rest of Europe.

Peter is a Fellow of the UK Royal Academy of Engineering, the British Computer Society, the Institute of Physics, and the Institution of Electrical Engineering. He is a Senior Member of the Institution of Electrical and Electronic Engineers. He has over 150 publications.

Jon Crowcroft

Jon Crowcroft is a Professor in the Department of Computer Science, University College London, where he is responsible for a number of European and US funded research projects in Multi-media Communications. He has been working in these areas for over 10 years. He graduated in Physics from Trinity College, Cambridge University in 1979, and gained his MSc in computing in 1981, and Ph.D. in 1993. He is a member of the ACM, the British Computer Society and the IEE. He is a member of the Internet Advisory Board, and the general chair of the ACM SIGCOMM. He is also on the editorial teams for the journal of High Speed Networks and IEEE Network. He has over 50 publications.

Current Projects which reflect his interests include DARPA funded project building Multimedia over Multiservice Networks, RACE PROSPECT Project Piloting ATM for Conferencing Systems, and the BT-sponsored Universities Research Initiative in managing services over high speed networks.

I. Cost Breakdown

The following budget is based on exchange rate of 1 £UK to $US 1.65, and stated inflation estimates. Figures are normally given in the currency in which they are incurred, or those relevant for the proposal.

We believe that a 27-month extension would be the most valuable to all concerned. The project will require half a Research Fellow, and a full time research student), some equipment, and considerable travel to the US to interact with related groups there. The Department and other projects provide workstations, local and international communications, will still provide the majority of the equipment, such as servers. We have some equipment provision to ensure that we are able to maintain compatibility with other ARPA-sponsored projects in the US, and have included a travel budget to ensure closer liaison with those groups.

The budget breakdown is based on a 27-month extension starting on July 15, 1998 and ending January 15, 2000. It assumes 3, 12, 12 months in the different fiscal years.

Staffing

Staffing costs are based on one half-time staff member and one full time student over the 27 months of the project extension. In addition the Department commits to having at least one more senior staff member working in this area in addition - not charged to the project.

The staff member is costed with the customary 90% O/H rate charged by the College. He/she is presumed to be at Pt 11 on our RA1 scale, with an increment due October 1, The rest of the salary costs assumes the normal one point increment each year, and a 3.5% cost of living increase. The research student will be a CEU National; thus is costed at the normal present studentship rate of £15,000, and attracts no College overhead. It is assumed that this will increase by 5% pa, including both cost of living and experience allowances. The breakdown of salary costs for London Allowance, National Insurance and Superannuation is shown in Annex II.

Equipment

CAIRN requires specific equipment base for its routers; in addition it will be necessary to upgrade the workstations and servers in line with the deployment in the related ARPA projects, and to equip them with smart cards for optimal security. There is a modest provision for equipment maintenance. We will continue to make available all the current equipment purchased on the project, and will update this as needed beyond that for which we have made provision. It is assumed that the current link to the CAIRN network will stay in place - and will probably be supplemented by another one provided by UUNET for pure IPv6 connectivity.

Travel

The project will have close links with IETF activities and other ARPA-related projects in the US; it will also continue to work with the International Collaboration Board, chaired by Prof. Kirstein. We have budgeted 3 trips to IETF meetings, 2 to ICB meetings, 1 to ARPA workshops, and one trip to the ARPA PI meeting each year. Based on an average cost of £1300 ($2145) per trip, this would come to $15015. Since a few of these trips will be in Europe at a lower cost, we have taken a budgetary figure of $15,000 pa for travel. We will continue to use multimedia conferencing facilities in collaborating with researchers in the US and working group discussion in the IETF.

Recurrent Costs

Recurrent Costs are assumed at the historic College rate of £3130 pa, with the research student assumed to operate at 50% costs. These costs include £2000 pa for network access.

Summary

The costs of the proposed project (in $US) over a twenty-seven month period are given below:

 

CATEGORY\FY

1998

1999

2000

TOTAL

Staff

0

20613

21335

41948

O/H

0

18552

19201

37754

Student

0

26400

27720

54120

Travel

0

15000

15000

30000

Recurrent

0

5165

5345

10510

Equipment

0

6006

6216

12222

Maintenance

0

6600

6831

13431

TOTAL

0

98336

101649

199985

 

 

 

 

J. Bibliography

Ballardie et al.:"Core Based Trees," Proc. ACM SIGCOMM 93, San Francisco, September 1993..

Braden et al: "Recommendations on Queue Management and Congestion Avoidance in the Internet", RFC 2309, 1997.

K Carlberg and J Crowcroft: "Building Shared Trees using a Oneto-Many joining mechanism", pp 5-11. ACM Computer Communications Review, Vol 27, No. 1, Jan 1997

Carpenter, et al: "IPv4 Address Behaviour Today", RFC 2101 February 1997.

Diot et al.: Multipoint "Communication: A Survey of Protocols, Functions and Mechanisms", December 1996, to appear in IEEE JSAC

Hailes S, Jon Crowcroft and Ian Wakeman, "Communications Abstractions for Compressed Continuous Media," In progress.

Kirstein, P.T. et al: "Accessing Mbone Sessions over Point-to-Point Connectins", Submitteed to Proc. Multimedia Systems, 1998.

Kirstein, P.T.: "Security Activities of the MERCI Project", Datnschutz and Datensicherheit, Verlag Veiweg, Wiesbaden 21, 408, 1997.

I.Kouvelas et al.:"Self Organising Transcoders", submitted to NOSSDAV, http://www.cs.ucl.ac.uk/staff/I.Kouvelas/publications/sot.ps.gz

Lewis D and J Crowcroft "Prepare Multimedia Testbed," Proc. of RACE Broadband Island Conference, Athens, September 1993.

Oechslin andJ Crowcroft: "Weighted Proportional Fairness and Pricing for TCP", submitted to ACM CCR

Perkins, C. et al: A "A survey of Packet-Loss Recovery Techniques for Streaming Audio", Submitted to Conf. On Multimedia Systems, 1998.

L.Vicisano et al:"Layered Congestion Avoidance for Reliable Multicast", IEEE Infocom, San Francisco, April 1998, (see ftp://cs.ucl.ac.uk/darpa/infocom98.ps)

 

ANNEX I. Detailed Spreadsheet of expenditures in UK£ and US$

 

US $\FY

1998

1999

2000

TOTAL

Staff

0

20613

21335

41948

O/H

0

18552

19201

37754

Student

0

26400

27720

54120

Travel

0

15000

15000

30000

Recurrent

0

5165

5345

10510

Equipment

0

6006

6216

12222

Maintenance

0

6600

6831

13431

TOTAL

0

98336

101649

199985

UK £

1998

1999

2000

TOTAL

Staff

0

12493

12930

25423

O/H

0

11244

11637

22881

Student

0

16000

16800

32800

Travel

0

9091

9091

18182

Recurrent

0

3130

3240

6370

Equipment

0

3640

3767

7407

Maintenance

0

4000

4140

8140

TOTAL

0

59598

61605

121203

CoL increase

Staff

Student

)/H

XRATE

Months

3.50%

5%

90%

$/UK£

1.65

6

Salaries Pt

Basic

Lon All

Superann

Nat Ins

Total

10

18985

2134

3918

1573

1993

11

19848

2134

4078

1638

2082

12

20677

2134

4231

1699

2170

13

21519

2134

4388

1762

2244

14

22374

2134

4546

1828

2336