Encrypting multicast/broadcast traffic

Met44

Is there currently a way to encrypt broadcast and/or multicast traffic, on any platform? I have come across many research papers and IRTF/IETF drafts talking about using Multicast IKE, and other older ones that don't mention protocols. However, these all seem in the theoretical realm, and I haven't come across any practical application of these ideas.

Is anyone aware of a functional implementation of multicast or broadcast encryption, or a project working on it? Thanks.

lildeezul

In the cisco relm, IPsec can be used to provide a framework of authentication, integretity, and confidentialy of data across site. and when using IPsec before IOS 12.4x multicast traffic could not transverse the secure channel. ( no routing protocols or other routed protocols, only IP)

in my ISCW studies, i am learning that GRE can be used to encapsulate these multicast traffic of routing protcols or ect, along with non ip routed protcols (ipx/appletalk) and further encaspulate the GRE traffic, (which encapsulates the multicast/ip) into an IPsec channel.. Its called GRE/IPsec or GRE over IPsec.

i dont know if this is what your looking for, but hopefully it helps.

Ahriakin

Yup IPSec does not allow Broadcast directly, though many of the more common broadcast/multicast protocols we associate with WAN links (like OPSPF etc.) can be set to unicast instead. Still as Lildeezul mentioned GRE inside IPSec (where you encapsulate in GRE first and then encrypt all GRE traffic at the endpoints) is probably a better way to to go if you have multiple protocols/applications that will utilize it.

Met44

Thanks for the replies. For anyone else out there who may need to do this, I've been able to encrypt the broadcast traffic using the Ipsec Tools package available in Linux. Specifically, using the setkey command contained in it.