Towards dynamic sender access control for bi-directional multicast trees

Bi-directional shared tree is an efficient routing scheme for many-to-many multicast applications (e.g. multiparty videoconferencing, interactive distance lecturing and Internet games etc). Given the open-group IP multicast service model, it is important to perform sender access control so as to prevent group members from receiving irrelevant data, and also protect the multicast tree from various Denial-of-Service (DoS) attacks. In comparison to source based and unidirectional shared trees where the data source can be authorized or authenticated at the single root or rendezvous point, in bi-directional routing this is a much more difficult problem since hosts can send data to all group members directly from any point in the tree. In this paper we propose a dynamic sender access control mechanism for bi-directional multicast trees so that irrelevant data is policed and discarded as it reaches any on-tree router. We show through simulation that the overhead of our mechanism is relatively small in terms of required state information in routers so that the proposed approach scales well for large groups