Encrypting multicast/broadcast traffic

Met44Met44 Member Posts: 194
Is there currently a way to encrypt broadcast and/or multicast traffic, on any platform? I have come across many research papers and IRTF/IETF drafts talking about using Multicast IKE, and other older ones that don't mention protocols. However, these all seem in the theoretical realm, and I haven't come across any practical application of these ideas.

Is anyone aware of a functional implementation of multicast or broadcast encryption, or a project working on it? Thanks.

Comments

  • lildeezullildeezul Member Posts: 404
    In the cisco relm, IPsec can be used to provide a framework of authentication, integretity, and confidentialy of data across site. and when using IPsec before IOS 12.4x multicast traffic could not transverse the secure channel. ( no routing protocols or other routed protocols, only IP)

    in my ISCW studies, i am learning that GRE can be used to encapsulate these multicast traffic of routing protcols or ect, along with non ip routed protcols (ipx/appletalk) and further encaspulate the GRE traffic, (which encapsulates the multicast/ip) into an IPsec channel.. Its called GRE/IPsec or GRE over IPsec.

    i dont know if this is what your looking for, but hopefully it helps.
    NHSCA National All-American Wrestler 135lb
  • AhriakinAhriakin Member Posts: 1,799 ■■■■■■■■□□
    Yup IPSec does not allow Broadcast directly, though many of the more common broadcast/multicast protocols we associate with WAN links (like OPSPF etc.) can be set to unicast instead. Still as Lildeezul mentioned GRE inside IPSec (where you encapsulate in GRE first and then encrypt all GRE traffic at the endpoints) is probably a better way to to go if you have multiple protocols/applications that will utilize it.
    We responded to the Year 2000 issue with "Y2K" solutions...isn't this the kind of thinking that got us into trouble in the first place?
  • Met44Met44 Member Posts: 194
    Thanks for the replies. For anyone else out there who may need to do this, I've been able to encrypt the broadcast traffic using the Ipsec Tools package available in Linux. Specifically, using the setkey command contained in it.
Sign In or Register to comment.