Original BAA Number: BAA 94-07-09

Technical Topic Area: Multicast Services

Title: Mechanisms for Supporting and Utilising Internet Multicast Multimedia

Contracting Office: AFOSR/PKC, Bolling AFB, 110 Duncan Ave, DC 20332-8080

Grant Number: F49620-96-0037

Technical Point of Contact: J.A Crowcroft, P T Kirstein

Email: jon@cs.ucl.ac.uk, kirstein@cs.ucl.ac.uk

Fax: +44 171 387 1397

Mailing Address: Department of Computer Science,

University College London

Gower St, London WC1E 6BT, England

Administrative Point of Contact: Peter T. Kirstein

Email: kirstein@cs.ucl.ac.uk

Fax: +44 171 387 1397

Mailing Address: Department of Computer Science,

University College London

Gower St, London WC1E 6BT, England

Type of Business: Educational.

Principal Investigators:

Peter T. Kirstein Date

Steve R. Wilbur Date

Mike Griffiths Date

Multicast has emerged as one of the key enabling technologies for supporting next generation networking applications such as video conferencing. In the past years, there have been considerable research activities in the Internet community on multicast routing protocols and multicast-based applications, and significant progress has been made in developing and utilising this technology. Nevertheless, many important issues remain unsolved. We believe that the following mechanisms have to be developed before a wider community can make full use of multicast conferencing on a regular basis.

• Mechanisms for supporting multicast routing protocols such as core placement strategies for CBT and PIM, Quality of Service path selection in multicast tree formation, and unicast support for reverse path calculation.
• Mechanisms for utilising multicast capability in applications such as feedback control in a multicast environment, management of applications in a multicast group, and reliable multicast transport.
• Mechanisms for integrating resource management with multicast forwarding, such as interface between forwarding engine and caching issues.

The purpose of the proposed research project is to develop novel mechanisms for supporting and utilising Internet multicast. In particular, we will carry out research and development in the three areas identified above.

The aims of the original proposal remain valid; they have been largely achieved. During this activity, we have developed an asymmetric version of Private Announcements (secured SAP). This work has applied security at the application level. During the current project, this version of SAP, and the relevant encrypted tools, will be deployed. This will require an early version of a Secure DNS, to hold the User Certificates. This activity is only now being put together in the CAIRN community.

We would like a further extension for one year to complete work that has already been started during the current project. This work includes the following:

• Provide full implementation and deployment over CAIRN of the Session Invitation Protocol (SIP), with its security aspects and the resulting security infrastructure;
• Ensure that all the UCL multimedia conferencing components, including the Servers and relays, can be controlled in a secured way.

The above components would all be made to operate, by the end of the extension period, over IPv6. The above are logical extensions of the work undertaken in the first 30 months of the current project. The security extensions would use many of the ideas of our past work, but would be re-engineered in the light of progress with both IPv6 and IPSEC. Thus where possible, we will use not application-level security - as hitherto, but IPSEC level security. This will require resolution of a number of outstanding problems with multicast IPSEC.

In this section, we outline the work we intend to carry out in this project. Each task will be elaborated in Section G.

1. Provide full implementation of the Session Invitation Protocol (SIP) - including its security extensions. This will require some re-work of the media tools, to allow their use of an underlying IPSEC infrastructure. Most of the current IPSEC implementations do not support addressing of multicast groups; this deficiency will have to be addressed. We will incorporate also those encryption algorithms, which are recommended in the IETF community.
2. Deploy a security infrastructure, so that group key pairs are stored in a Secure DNS, with access controlled by group membership; such a mechanism will be more in tune with the security deployment.
3. Provide secure multicast WEBCAST facilities to provide authenticated and encrypted pre-distribution of presentation material. This work requires the Originator to set up security associations, to ensure that the appropriate privileges should be granted. Here we expect to use the normal ISAKMP/Oakley exchanges.
4. Provide access control and confidentiality on the Server to add stored material into conferences. This will require both the use of IPSEC with multicast, and the incorporation of the normal ISAKMP/Oakley exchanges to authorise the storage.
5. Ensure the UCL Universal Trancoding Relay can process encrypted media streams in a trusted gateway - using Standard Internet security procedures. We believe this will require an IPSEC transcoding stage in the Relay. The control of such stages will require the use of IPSEC with multicast, and the incorporation of the normal ISAKMP/Oakley exchanges to authorise the control of the Relay and the decryption/re-encryption stage in the Relay. This gateway will also be used for connecting in mobile and other devices.
6. Deploy Secure Conferencing over CAIRN with full security infrastructure, all the above features, and both SIP and SAP. This will use as much as possible of the normal IPSEC based security; application-level security will be used only when we can think of no way of performing the functions at a network level.

The deliverables from this project will be in the form of technical reports, algorithms and software.

1. Software package, a version of SDR, including ancillary management packages, for deploying Secure SIP using the IPSEC infrastructure where feasible;
2. A technical report on storing group key pairs in a Secure DNS - and the ancillary management packages.
3. Software and package technical report on the secured WEBCAST tool
4. Software package and technical report on the secured multimedia server.
5. Software package and technical report on the secured UCL transcoding gateway.
6. Technical report on the features needed, and lessons learnt, from deploying secure conferencing over CAIRN.

The research results and software from this project will be transferred to the DoD, HPCC and commercial communities through IAB Research Groups, IETF WGs, other standards and publication channels, and our collaborations with Bellcore, Sun, Cisco, Xerox and BT/MCI/UUNET.

The activities in the extension are critically dependent on the timing of implementations from other collaborators. For example, the Secured SIP depends on delivery of the unsecured versions from ISI and Columbia. The WEBCAST, Server and Relay components depend almost entirely on UCL - unless further discussion with Steve McCanne at UCB determines that we drop one of our components, and concentrate on working with his. This aspect of the work is collaborative between the groups, and the decisions will be based mainly on pragmatic grounds. The main aim is that a complete set of all the components will be complete in some form at the end of the first nine months of the extension. The last three months will be spent in upgrades and bug fixes in the light of experience in deployment over CAIRN.

It is not really feasible to associate costs with each task. We will list the total costs here and will discuss with the Project Officer as the research progresses. The overall cost will be $99536 over the 12 months of the project. Details of the costs are given in Section I and Annex II. Assuming a start date of October 1, 1998 for the extension, the cost breakdown in the different financial years is given below:

All results from the project will be freely available for DARPA purposes.

In this section, we provide the necessary background to the work we propose to carry out, discuss the technical approaches we will use and the relationship with other on-going work.

UCL has been very active in the area of multicast and multimedia communications. There are currently several projects on multicast routing, multimedia conferencing, and congestion control and resource management. Many of the other related projects at UCL have already fed into the current project. We are designing a new multicast routing algorithm CBT in collaboration with Bell Communication Research (Bellcore). CBT is currently under consideration by the Inter-Domain Multicast Routing Work Group (idmr-wg) of the Internet Engineering Task Force (IETF), where Tony Ballardie from UCL is the co-chair of the idmr-wg. The MECCANO, COIAS, ICE-CAR and PROSPECT projects look into large-scale multimedia video conferencing.

UCL developed a multicast transport protocol to run over the then new IP multicast service. In the EU MERCI project, we have developed a number of tools with partners for end-to-end multicast support for applications. These include congestion control for audio and video conferencing programs; quality and topology monitoring tools for the Mbone; Engineering of RTP mappings for multicasting H.261 compressed video; design of variable loss tolerant audio encoding; design of a next generation shared text editing package based on optimistic consistency end-to-end multicast protocols. We have developed two other components which we will use in this extension - a UCL transcoding gateway and a multimedia recorder and player. Many of these tools and components work with encrypted media streams, and allow full authentication.

In most of the work below, we will be moving over to the use of IPv6, and the extra facilities this yields as rapidly as possible. This work will include use of IPSEC, for which we have access to implementations from various sources. So far we have not used IPv6 in the present project.

We now discuss each task in some detail.

1. Complete and Deploy Currently Available tools for Secure Conferencing

In the present project, we have largely completed the Secure SDR with private announcements. We have not yet issued any certificates to end-users outside UCL, nor deployed the other management and certificate distribution and storage facilities needed to really deploy secure conferencing on any realistic scale. This will require providing an integrated package, which includes S-MIME and or PGP to distribute certificates and either Pass-Phrases or Group key pairs, We expect to complete all these components before the end of the current phase of the project, and then to deploy them during the first extension period.

The specification of the Session Invitation Protocol is largely complete. The current version of SDR has many SIP components already implemented; though the security attributes are still only paper specifications. The SIP specifications have a close relationship to the use of Mobile IP; invitations have a similar path. Considerable work will have to be done to implement the security aspects of SIP. At one level there are all the problems of OnionSkin hop-hop encryption, and what can be provided at proxy nodes. At another, the use of IPv6 for the invitations should easy this proxy activity from an addressing viewpoint. We also expect to use SIP to start up both the Servers and Relays mentioned below. This will have other security implications that will be resolved during the second extension.

In addition to the implementation of SIP according to the current specifications, we must re-visit the tools required for the media, announcement and invitation in the context of the IPSEC and the key management which are inherent in IPv6. With these considerations, we will re-visit our whole structure of secure conferencing, to decide which aspects should be changed in the light of the increasing availability of IPSEC and ISAKMP/Oakley. We expect that this will require much further re-specification, and re-implementation of SDR.

2. The Security Infrastructure.

A security infrastructure is already being installed for many electronic commerce and network protection purposes. One component of this is the secured DNS; others are the various secured network components being secured. Over the course of the next year, CAIRN will increasingly be deploying a real security infrastructure. We are defining what of that infrastructure is needed for secure conferencing, and where we will have to supplement the components being deployed for other purposes. So far, for example, smart cards have not been deployed widely over CAIRN; we see them as one way of making secure conferencing much simpler to deploy.

 

We are still not confident that this is the optimal mechanism for multicast key distribution. We will investigate also the key distribution mechanisms that are being developed by TIS for DARPA using the multicast trees themselves.

3. Secure Webcast

The tools for presentations to large audiences including slide and other server-based material is not yet very well advanced. It is clear that prior distribution of material is an important aspect of this activity. Several mechanisms can help in this. First, one can hold and distribute the material via WWW Servers; second, one can use an agent to distribute the material from the WWW server by reliable multicast. The layered reliable multicast protocol developed by Viciano and Crowcroft should be ideal in this context. For secure conferences, it is also necessary to ensure that the pre-distributed material should not be accessible by unauthorised parties. For the purposes of secured presentations, we will organise the Webcast tool so that only its control structures are able to access the pre-stored material. We will provide authentication, and possibly encryption, procedures in the proxies to ensure these mechanisms.

4. Secured Server

There are a number of multimedia servers available. Two are the one developed under the MASH project by Steve McCanne, and one the MMCR from UCL. Currently many of these can store encrypted sessions, because they store the complete RTP packets. However, they have considerable problems with storing the results from shared workspace tools like wb; this is partly because they do not know what to do with missing packets, and partly because it is necessary to reconstruct the whole dialogue for moving forward or back through a stream. We plan to tackle a number of aspects still missing in the Servers. First we will only cache the information in the original packet format. It is not desirable to request retransmission of real-time media streams like audio or video during conferences; the time taken to provide the repairs is too long. However, if there are other such caches, it is quite feasible to request missing RTP packets from them; as a result a single repository can be made as complete as possible. Moreover; with some of the self-repairing transmission formats (e.g. those used in RAT), it is desirable to have the tool repair the streams further. Finally, the data should be stored in a format suitable for storage rather than transmission. The re-transmission must take into account the transport conditions appropriate to the situation when the replay is occurring, which may be quite different than when it was recorded. Another aspect is that the Recorder and the caches must be members of the conference trusted with the encryption key. The stored recordings may be encrypted in a longer-term mechanism than the transmission encryption. The whole question of secured servers, authenticated access and the difference between transmission and storage formats will be examined.

5. Secured UCL Transcoding Gateway (UTG)

UCL has a Universal Transcoding Gateway (UTG); part of its architecture is based on a technology from UCB, but there has been considerable modification in recent years. Both the purpose and the functionality is now very different. The UTG does multicast-unicast conversion, audio aggregation and video switching. It also has facilities for transcoding and passing through reliable multicast packets for shared workspace. The component still needs a number of modifications. These include the following:

• dealing with layered coding,
• treating missing packets in reliable multicast more intelligently,
• dealing with several versions of reliable multicast,
• security considerations for trusted operation (at present it can do very little with encrypted streams; it should be a trusted device with the capability to decrypt and re-encrypt)
• self-organising placement (based on a number of criteria, including proximity to participating receivers
• we must ensure that only authenticated clients with the appropriate access rights can re-configure the UTG.

These improvements will be made to the UTG, and it will be increasingly operated as a service component.

1. Secure Conferencing.

Even when all the individual components are operating correctly separately, there is still a considerable amount of work in getting the components to work correctly with a complete security infrastructure. We expect that the separate components will largely be operational by the end of the first year of the second extension. The last year will be spent in integrating all the components together with a security infrastructure, and getting a complete deployment over CAIRN. This work will not be done only in this project; it is strongly related to work being done in the MECCANO and ICE-CAR projects. However, those projects are much more oriented to an X.500 and Directory environment; here we expect to concentrate more on a secure DNS security infrastructure, and the other security components being developed in the IETF..

The principal academics who will be associated with this work are Profs Peter Kirstein and Jon Crowcroft, who will be spending about 20% of their time on the project. Both have been Principal Investigators for ARPA projects and have been working in the areas of the proposed research for many years. The research workers directly on the project will probably be Mr Panos Gevros and a research student.

Peter Kirstein received his undergraduate degree in Maths and EE at Cambridge University. He also has a Ph.D in EE from Stanford U., and a D.Sc from London U in the same subject.

Peter has worked at Stanford U (USA), CERN (Switzerland), and the US General Electric in (Switzerland). He is now Professor and Director of Research in the Department of Computer Science at University College London. Professor Kirstein has been leading research projects in computer communications networks, telematic services, security and multimedia for over 20 years.

Most of his current research projects include collaboration with European and US colleagues. Amongst these activities are developments in multimedia, document access and security applications, and piloting them in the international Research Community.

Peter has a number of projects in the high-speed network and multimedia area. He is Director of the CEU-sponsored MECCANO project to pilot multi-way, real-time multimedia services in Europe with links to the US; that project will be supplemented shortly by the ICE-CAR provision of a European security infrastructure. This work arises out of other activities he has been conducting both with ARPA and the CEU RACE program in Network Management and Distributed real-time systems; these activities are now being extended to use the emerging ATM infrastructures in the UK and the rest of Europe.

Peter is a Fellow of the UK Royal Academy of Engineering, the British Computer Society, the Institute of Physics, and the Institution of Electrical Engineering. He is a Senior Member of the Institution of Electrical and Electronic Engineers. He has over 150 publications.

Jon Crowcroft is a Professor in the Department of Computer Science, University College London, where he is responsible for a number of European and US funded research projects in Multi-media Communications. He has been working in these areas for over 10 years. He graduated in Physics from Trinity College, Cambridge University in 1979, and gained his MSc in computing in 1981, and Ph.D. in 1993. He is a member of the ACM, the British Computer Society and the IEE. He is a member of the Internet Advisory Board, and the general chair of the ACM SIGCOMM. He is also on the editorial teams for the journal of High Speed Networks and IEEE Network. He has over 50 publications.

Current Projects which reflect his interests include DARPA funded project building Multimedia over Multiservice Networks, RACE PROSPECT Project Piloting ATM for Conferencing Systems, and the BT-sponsored Universities Research Initiative in managing services over high speed networks.

The following budget is based on exchange rate of 1 £UK to $US 1.65, and stated inflation estimates. Figures are normally given in the currency in which they are incurred, or those relevant for the proposal.

We believe that a further 12-month extension would be the most valuable to all concerned. The project will require half a Research Fellow, and a full time research student), some equipment, and considerable travel to the US to interact with related groups there. The Department and other projects provide workstations, local and international communications, and will still provide the majority of the equipment, such as servers. We have some equipment provision to ensure that we are able to maintain compatibility with other ARPA-sponsored projects in the US, and have included a travel budget to ensure closer liaison with those groups.

The budget breakdown is based on a 12-month extension starting on October 1, 1998 and ending September 30, 1999.

Staffing costs are based on one half-time staff member and one full time student over the 12 months of the project extension. In addition the Department commits to having at least one more senior staff member working in this area in addition - not charged to the project.

The staff member is costed with the customary 90% O/H rate charged by the College. He/she is presumed to be at Pt 11 on our RA1 scale, with an increment due October 1, The rest of the salary costs assumes the normal one point increment each year, and a 3.5% cost of living increase. The research student will be a CEU National; thus is costed at the normal present studentship rate of £15,000, and attracts no College overhead. It is assumed that this will increase by 5% pa, including both costs of living and experience allowances. The breakdown of salary costs for London Allowance, National Insurance and Superannuation is shown in Annex II.

CAIRN requires a specific equipment base for its routers; in addition it will be necessary to upgrade the workstations and servers in line with the deployment in the related ARPA projects, and to equip them with smart cards for optimal security. There is a modest provision for equipment maintenance. We will continue to make available all the current equipment purchased on the project, and will update this as needed beyond that for which we have made provision. It is assumed that the current link to the CAIRN network will stay in place - and will probably be supplemented by another one provided by UUNET for pure IPv6 connectivity.

The project will have close links with IETF activities and other ARPA-related projects in the US; it will also continue to work with the International Collaboration Board, chaired by Prof. Kirstein. We have budgeted three trips to IETF meetings, two to ICB meetings, one to ARPA workshops, and one trip to the ARPA PI meeting each year. Based on an average cost of £1300 ($2145) per trip, this would come to $15015. Since a few of these trips will be in Europe at a lower cost, we have taken a budgetary figure of $15,000 pa for travel. We will continue to use multimedia conferencing facilities in collaborating with researchers in the US and working group discussion in the IETF.

Recurrent Costs are assumed at the historic College rate of £3130 pa, with the research student assumed to operate at 50% costs. These costs include £2000 pa for network access.

The costs of the proposed project (in $US) over a twenty-seven month period are given below: