On Thu, May 5, 2011 at 1:55 AM, George Bonser <gbonser@seven.com> wrote:
multicast. How do I encrypt something in a way that anyone can decrypt but nobody can duplicate? If I have a separate stream per user, that is
Have you ever seen a CableCARD? That's pretty much what it does, except not "anyone" can decrypt it -- you need to subscribe to some TV channels. There has been quite a bit of work in "black-boxing" the decryption of broadcast/multicast streams to make it difficult for end-users to pirate the content. That's why you see HDCP logos in the marketing fluff for displays and graphics cards, etc.
Encryption is probably overkill anyway. What is needed is a mechanism simply to say that the content is certified to have come from the source it claims to come from. So ... basically ... better not to use multicast for anything you really might have any security issues with. Fine for broadcasting a video, not so fine for a kernel update.
This is a solved problem. Not only are you able to verify the computed checksum of a downloaded file against the distributor's published checksum, there are plenty of applications that do this for you -- torrent programs check each chunk and throw away malicious/erroneous ones. There are certainly things that need work before I can start up Jeff's Internet Movie Channel and go into competition with HBO, but for the most part, these are solvable if networks decided to do it. The big limitation is there can't be infinite groups -- FIB is only so big and there is no agreeable mechanism for sharing the number that can be made to exist, given current (and foreseeable) routers. Since so many "eyeballs" are sitting on ISPs that also own television networks and other media properties, though, I don't think we will get multicast anytime soon. -- Jeff S Wheeler <jsw@inconcepts.biz> Sr Network Operator / Innovative Network Concepts