IP-Multicast is a mechanism that allows a source to transmit packets to an almost unlimited number of recipients over the Internet. This mechanism would seem to be particularly well suited for large scale commercial content distribution, such as, for example, pay-TV, stock quote distribution, or software updates. However, a large scale deployment of any of these applications remains to be seen. One of the major reasons that has hindered the deployment of such applications is the lack of security protocols for multicast communications. Clearly, in many cases, the distribution of content with a commercial value requires the use of mechanisms that restricts access to the content solely to the
legitimate recipients. Moreover, in many scenarios the recipient needs to ascertain the origin of the multicast content he receives and the content provider will also want to provide such a guaranty to protect himself from the potentially devastating effect of being impersonated by a third party. In an open network such as the Internet, well studied and
reliable cryptographic techniques are used to provide this type of security in two party protocols. However, for scalability and sometimes even for security reasons, these techniques cannot easily be extended to the multicast setting.
The goal of this thesis is thus to study and provide basic security services designed specifically for large scale multicast applications. This dissertation is divided in two orthogonal but complementary themes: authentication and confidentiality. For each theme, we start with a detailed analysis of the problem, while highlighting new or neglected aspects of security that are specific to multicast. Then, we review existing solutions, analyzing their advantages and their limitations. Finally, we provide our own original solutions, highlighting the advantages they offer over previous proposals.