Multicast encryption

This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these messages) This article needs to be updated. Please help update this article to reflect recent events or newly available information. (April 2025) The topic of this article may not meet Wikipedia's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "Multicast encryption" – news · newspapers · books · scholar · JSTOR (April 2025) (Learn how and when to remove this message) Some of this article's listed sources may not be reliable. Please help improve this article by looking for better, more reliable sources. Unreliable citations may be challenged and removed. (April 2025) (Learn how and when to remove this message) (Learn how and when to remove this message)

Multicast encryption is the use of encryption to ensure that only the chosen recipient(s) has access to multicast data.^[1]

Multicast is what enables a node on a network to address one unit of data to a specific group of receivers.^[1] In interactive multicast at the data link or network layer, such as IP multicast, Ethernet multicast or MBMS service over cellular network, receivers may join and leave the group using an interaction channel. Only one copy of the data is sent from the source, and while copies are created and sent to the desired recipients by network infrastructure nodes.^[1] In for example IP multicast, a multicast group is identified by a class D IP address. A host enters or exits a group using IGMP (Internet Group Management Protocol).^[2] A message sent via multicast is sent to all nodes on the network, but only the intended nodes accept the multicast frames.^[3] Multicasting is useful in situations such as video conferencing and online gaming.^[1] Multicast was used originally in LANs, with Ethernet as the best example.^[3] A problem with multicast communication is that it is difficult to guarantee that only designated receivers receive the data. This is largely because multicast groups are dynamic; users come and go at any time.^[1]

One encryption protocol gives each member of a group a key that changes upon the entrance or exit of a member of the group.^[1] Another proposes a primary key subsidized by additional keys belonging to legitimate group members.^[1] The UFTP (encrypted UDP based FTP over multicast) protocol uses three phases: announce/register, file transfer, and completion/confirmation. The latest version 5.0 was released on 4/22/2020.^[4]

Another protocol uses symmetric key encryption where data is decoded by intended receivers using a traffic encryption key (TEK). The TEK is changed any time a member joins or leaves the group. This is not feasible for large groups. Users must be continuously connected to obtain the new keys. Yet another protocol involves asymmetric keys. Here, a private key is shared and those shares are given out asymmetrically. The initial member is given a number of shares, one of which is passed to each group member. Members with a valid share of the key can view the message.^[2]

The International Organization for Standardization (ISO) states that confidentiality, integrity, authentication, access control, and non-repudiation should all be considered when creating a secure system.^[3]

• Confidentiality: No unauthorized party can access appropriate messages.
• Integrity: Messages cannot be changed during transit without being discovered.
• Authentication: The message needs to be sent by the person/machine who claims to have sent it.
• Access control: Only those users enabled can access the data.
• Non-repudiation: The receiver can prove that the sender actually sent the message.^[3]

To be secure, members who are just being added to the group must be restricted from viewing past data. Also, members removed from a group may not access future data.^[5]

• Broadcast encryption