Information Technology Reference
In-Depth Information
3 Anycast Scenario and Model
Anycast addressing has become a part of the IPv6 new generation internet pro-
tocol ([2]). In anycast communication, a common IP address (
anycast address)
is used to define a group of servers that provide the same service. A client sender
desiring to communicate with only one of the servers sends datagrams with the
IP anycast address. The datagram is routed using an anycast-enabled router to
the best server of the group. The best server is elected based on a criterion such
as minimum number of hops, more available bandwidth, least load on the server,
and others. Anycasting considerably simplifies the task of finding an appropriate
server. Users, instead of manually consulting a list of servers and choosing the
best one, can be connected to the best server automatically. The client does not
care which of the servers is assigned to him for the communication. In fact, vari-
ous servers may participate in the different parts of one communication session.
Thus, the model for anycast communication consists of a group of
anycast
servers
A
1
,A
2
,...,A
n
,
and a
client
C.
We assume that the communication
from the servers to the client is based on the authentication of the servers by a
suitable signature scheme. We introduce an authentication scheme based on an
additional agent called a
group coordinator
G
. The group coordinator is the
main player in the setting and is used to prevent malicious hosts from pretending
that they are the anycast group members. The group coordinator is considered
to have the signature rights for the whole anycast group. She delegates her rights
to all servers in the group.
The communication in the model consists of two phases:
1.
Initialization
. The communication of each server with the group coordinator.
A signature delegation algorithm is used in this communication. Each server
starts playing the role of the coordinator's proxy.
2.
The actual serving
. The anycast server uses the delegated signature, together
with the proof of his delegation.
It is worth mentioning that the concept of anycasting is in a way related to
multicasting. While multicasting involves building and maintaining a distribu-
tion tree from a single server to multiple clients, anycasting involves the concept
of redirecting the client to multiple content servers.
4 The Scheme
In our anycast scheme, the group coordinator
G
will play the role of the signer,
which delegates his signature rights to all the members of the anycast group.
His public key
y
will be the public key of the whole group of anycast servers.
For this delegation, we propose using the nonrepudiable proxy signature scheme
from [9] based on the scheme from [6].
Assume a group of
anycast servers
A
1
,A
2
,...,A
n
,a
client
C
, and a
group
coordinator
1) and let
g ∈
Z
p
=
GF
(
p
). Let
M
be the set of messages (not necessary of uniform length)
and
G
. Let
p, q
be large primes such that
q
divides (
p −
H
:
M
→
Z
p
be a hash function. At the initialization stage, the scheme
