Multicast Security

Discussion of multicast security issues is primarily carried out in the IETF Multicast Security (msec) Working Group. It deals with secure group communication for large groups involving a single trusted entity (authoritative group controller), which establishes and enforces the group's security policy and join/leave procedures to secure groups.

Of course, group key management and distribution involving a mechanism called group security associations (GSAs) is essential to the overall architecture. A GSA represents the multicast equivalent of a unicast security association (SA) that is well known from the IPSec protocol framework.

Another important aspect of multicast security is the delicate issue of (distributed) denial of service ([D]DoS) in multicast environments. For further details, look at the foundation document for multicast security, the IETF draft "The Multicast Security Architecture" ( This document describes an end-to-end security framework independent of aspects such as NAT, multicast routing, admission control protocols, and reliable multicast mechanisms.