BKMCGPSC.RVW 20030915 "Multicast and Group Security", Thomas Hardjono/Lakshminath R. Dondeti, 2003, 1-58053-342-6, U$89.00/C$137.95 %A Thomas Hardjono %A Lakshminath R. Dondeti %C 685 Canton St., Norwood, MA 02062 %D 2003 %G 1-58053-342-6 %I Artech House/Horizon %O U$89.00/C$137.95 617-769-9750 artech@artech-house.com %O http://www.amazon.com/exec/obidos/ASIN/1580533426/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1580533426/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1580533426/robsladesin03-20 %P 307 p. %T "Multicast and Group Security" Multicast security may involve a problem of confidentiality in a situation where confidential information is distributed to a number of parties simultaneously, and also where you may wish to authenticate the user, while simultaneously preserving his (or her) privacy. This is a very interesting problem in another area of security, that of emergency preparedness and communication. Technically, the problem has solutions. Practically, it may not: can you completely trust the recipients not to redistribute the confidential information that you sent? The other obvious application lies in the realm of the ultimate promiscuous network: wireless. Chapter one seeks to point out the motivation and need for multicast security, but it does not do a convincing job due to a lack of detail about the multicast process. This deficiency is partially made up in chapter two, but it does mean that much of the text in the second chapter echoes that already presented in the first. Authentication is addressed in chapter three with regard to the need to verify that a given message came from either any member of the group or a specific member, and that an individual cannot deny having sent a communication. Having overexplained the basic cases, when the authors move into the details of specific (and sometimes very complicated) signing operations, they frequently fail to make clear the reasons for the use of these systems. Although there is no formal division in the book, chapter four is the first of three chapters dealing with key management for groups. The difficulties of such a practice have already been raised in the introductory material, and this chapter provides very little more, primarily making analogies with the security associations (SAs) of IPSec (Internet Protocol Security). Chapter five presents various key management architectures and protocols. The details of operation are clear enough, but the intent of the different procedures is not always made clear, so that it is difficult to understand when a new process is said to be an improvement. Key management algorithms, in chapter six, are primarily concerned with reissuance of group keys after a member has left the group. Chapter seven's discussion of group security policy is limited to procedures and standards, and thus generally repeats much that has gone before. Even if privacy of transmission is assumed, security concerns can still posit denial of service situations where false control messages are sent to join, leave, or submit to groups, and so routing, in chapter eight, is vital. Reliable transport, or guaranteed delivery, also needs to be considered separately, as is done in chapter nine. Cases and specific applications are reviewed in chapter ten. Chapter eleven looks at future directions and research. The writing is unnecessarily verbose and repetitive. Background information is provided in support of the concepts covered, but in a disorderly manner. The structure and organization of material could be improved with little effort, and would result not only in text that was easier to read, but also in a simpler logical flow. In addition, the "alphabet soup" of acronyms is particularly thick in this work, and the authors are not careful about defining an abbreviation before they use it: some acronyms are never defined. This book does provide an introduction to multicast security, but you'll have to work for it. copyright Robert M. Slade, 2003 BKMCGPSC.RVW 20030915