Securing multicast communications in satellite networks: a user-centric approach

Multicast communications allow a network source to send data to multiple destinations simultaneously while transmitting only a single copy of the data on the network. For such communications and particularly for one-to-many communications, satellite networks provide some particular benefits such as a geographically extended coverage and an efficient delivery to a very large number of recipients. Applications intended for multicast communications mostly being commercial, they strongly need some security solutions in terms of confidentiality, authentication and availability. In the last ten years, many security solutions were proposed in order to deal with these crucial problems and have been analyzed in terms of scalability. These solutions yet remain to be implemented because they still are severely lacking with respect to real-life requirements such as reliability and customer satisfaction. The goal of this thesis is to study and provide reliable secure solutions that take into account customers? expectations. The thesis is divided in two themes that are relevant for satellite networks: multicast confidentiality and denial of service prevention. In the first part of the thesis, we start with a detailed study of the problem of multicast confidentiality and define the problem of group rekeying. We then analyze existing group rekeying solutions and highlight their neglected aspects in terms of reliability and customer expectations. We further suggest a new approach whereby the service provider partitions recipients with respect to some criteria, defines a set of privileged members and offers them a better service. In the second part of the thesis, we deal with denial of service attacks aiming at preventing legitimate recipients from accessing the service they are authorized to access in normal circumstances. We review existing solutions intended to terrestrial networks and show the limitations of their implementation in satellite networks. We then come up with an original solution that provides to the source the advantage of identifying bogus attacks almost immediately thus limiting the impact of such attacks on legitimate recipients.