ISO/IEC 16512-2:2016

INTERNATIONAL ISO/IEC
STANDARD 16512-2
Third edition
2016-04-01
Information technology — Relayed
multicast protocol: Specification for
simplex group applications
Technologies de l'information — Protocole de multidiffusion relayé:
Spécification relative aux applications de groupe simplex

Reference number
©
ISO/IEC 2016
©  ISO/IEC 2016
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any
means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission.
Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2016 – All rights reserved

Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
The procedures used to develop this document and those intended for its further maintenance are described
in the ISO/IEC Directives, Part 1. In particular the different approval criteria needed for the different types of
document should be noted. This document was drafted in accordance with the editorial rules of the
ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights. Details of any
patent rights identified during the development of the document will be in the Introduction and/or on the ISO
list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation on the meaning of ISO specific terms and expressions related to conformity assessment,
as well as information about ISO's adherence to the WTO principles in the Technical Barriers to Trade (TBT),
see the following URL: Foreword — Supplementary information.
This third edition cancels and replaces the second edition (ISO/IEC 16512-2:2011), which has been
technically revised.
ISO/IEC 16512-2 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, in
collaboration with ITU-T. The identical text is published as ITU-T X.603.1 (03/2012).
ISO/IEC 16512 consists of the following parts, under the general title Information technology — Relayed
multicast protocol:
 Part 1: Framework
 Part 2: Specification for simplex group applications
© ISO/IEC 2016 – All rights reserved ii-1

CONTENTS
Page
1 Scope . 1
2 References . 1
2.1 Identical Recommendations | International Standards . 1
2.2 Additional references . 1
3 Definitions . 2
3.1 Terms defined elsewhere . 2
3.2 Terms defined in this Recommendation . 2
4 Abbreviations and acronyms . 3
5 Conventions . 4
6 Overview . 5
6.1 Overview of basic RMCP-2 . 5
6.2 Overview of secure RMCP-2 . 9
6.3 Types of RMCP-2 messages . 12
7 Protocol operation for basic RMCP-2 . 13
7.1 Session manager's operation . 13
7.2 Multicast agent's operation . 16
8 Protocol operation for secure RMCP-2 . 31
8.1 Session manager's operation . 31
8.2 Multicast agent's operation . 35
9 RMCP-2 message format . 40
9.1 Common format of RMCP-2 message . 41
9.2 Control data format . 41
9.3 RMCP-2 messages . 42
9.4 RMCP-2 controls . 64
10 Parameters . 84
10.1 Identifications used in RMCP-2 . 85
10.2 Code values used in RMCP-2 . 85
10.3 Code values for sub-control types . 87
10.4 Code values used in control . 89
10.5 Code values related to the security policy for a secure RMCP-2 . 90
10.6 Timer related parameters . 91
10.7 Data profile used in RMCP-2 . 93
Annex A – Membership authentication mechanism . 95
A.1 Overview . 95
A.2 Authentication procedure . 95
Annex B – Method for sharing session information among multiple SM domains . 97
B.1 Overview . 97
B.2 Session information sharing between SMs. 97
B.3 Supporting session subscription in RMCP-2 between multiple SMs . 98
B.4 Supporting a session leave in RMCP-2 between multiple SMs . 99
B.5 Other operations of the RMA in RMCP-2 between multiple SMs . 100
B.6 RMCP-2 messages for sharing session information between SMs . 100
Annex C – Tree configuration rules. 102
C.1 Bootstrapping rule . 102
C.2 HMA selection rule . 102
C.3 CMA acceptance rule . 103
C.4 Parent decision rule . 103
C.5 Tree improvement rule . 104
C.6 PMA's expulsion rule . 104
Annex D – Real-time data delivery scheme . 105
Rec. ITU-T X.603.1 (08/2012) iii

Page
D.1 Overview . 105
D.2 Data delivery scheme using IP-IP tunnel mechanism . 105
D.3 Data delivery scheme using a non-encapsulation scheme . 106
Annex E – Reliable data delivery scheme . 108
E.1 Overview . 108
E.2 Issues for a reliable data delivery scheme . 108
E.3 Operation . 109
E.4 Service data unit (SDU) format . 111
E.5 Data profile. 111
Annex F – RMCP-2 API . 113
F.1 Overview . 113
F.2 RMCP-2 API functions . 114
Annex G – RMCP-2 service scenario . 117
Annex H – Bibliography . 119

iv Rec. ITU-T X.603.1 (08/2012)

Introduction
This Recommendation | International Standard specifies the relayed multicast protocol part 2 (RMCP-2), which is an
application-layer relayed multicast protocol for simplex group applications. RMCP-2 can construct an optimized and
robust one-to-many relayed multicast delivery path over IP-based networks. Along the relayed multicast delivery path,
several types of data delivery channels can be constructed according to the requirements of the application services.

Rec. ITU-T X.603.1 (08/2012) v

INTERNATIONAL STANDARD
ITU-T RECOMMENDATION
Information technology – Relayed multicast protocol:
Specification for simplex group applications
1 Scope
This Recommendation | International Standard specifies the relayed multicast protocol part 2 (RMCP-2), an
application-layer protocol that constructs a multicast tree for data delivery from one sender to multiple receivers over an
IP-based network, where IP multicast is not fully deployed. RMCP-2 defines relayed multicast data transport
capabilities over IP-based networks for simplex group applications.
This Recommendation | International Standard specifies the following:
a) descriptions of the entities, control and data delivery models of RMCP-2;
b) description of the functions and procedures of multicast agents (MAs) to construct a one-to-many relayed
data path and to relay data for simplex communication;
c) description of the security features of the basic RMCP-2; and
d) definitions of messages and parameters of the basic RMCP-2 and secure RMCP-2.
Annex A defines a membership authentication procedure for use with the secure RMCP-2. Annex B provides a method
for sharing information among session managers (SMs) when multiple SMs are used. Annexes C-G provide informative
material related to RMCP-2. Annex H contains an informative bibliography.
2 References
The following Recommendations and International Standards contain provisions which, through reference in this text,
constitute provisions of this Recommendation | International Standard. At the time of publication, the editions indicated
were valid. All Recommendations and Standards are subject to revision, and parties to agreements based on this
Recommendation | International Standard are encouraged to investigate the possibility of applying the most recent
edition of the Recommendations and Standards listed below. Members of IEC and ISO maintain registers of currently
valid International Standards. The Telecommunication Standardization Bureau of the ITU maintains a list of currently
valid ITU-T Recommendations.
2.1 Identical Recommendations | International Standards
– Recommendation ITU-T X.603 (2012) | ISO/IEC 16512-1:2012, Information technology – Relayed
multicast protocol: Framework.
2.2 Additional references
– ISO/IEC 9797-2:2011, Information technology – Security techniques – Message Authentication Codes
(MACs) – Part 2: Mechanisms using a dedicated hash-function.
– ISO/IEC 9798-3:1998, Information technology – Security techniques – Entity authentication –
Part 3: Mechanisms using digital signature techniques.
– ISO/IEC 18033-2:2006, Information technology – Security techniques – Encryption algorithms – Part 2:
Asymmetric ciphers.
– ISO/IEC 18033-3:2010, Information technology – Security techniques – Encryption algorithms – Part 3:
Block ciphers.
– ISO/IEC 18033-4:2011, Information technology – Security techniques – Encryption algorithms – Part 4:
Stream ciphers.
– IETF RFC 768 (1980), User Datagram Protocol.
– IETF RFC 793 (1981), Transmission Control Protocol.
– IETF RFC 2003 (1996), IP Encapsulation within IP.
– IETF RFC 3830 (2004), MIKEY: Multimedia Internet KEYing.
– IETF RFC 4279 (2005), Pre-Shared Key Ciphersuites for Transport Layer Security (TLS).
– IETF RFC 4535 (2006), GSAKMP: Group Secure Association Key Management Protocol.
Rec. ITU-T X.603.1 (08/2012) 1

– IETF RFC 4960 (2007), Stream Control Transmission Protocol.
– IETF RFC 5246 (2008), The Transport Layer Security (TLS) Protocol Version 1.2.
– IETF RFC 6066 (2011), Transport Layer Security (TLS) Extensions: Extension Definitions.
3 Definitions
For the purposes of this Recommendation | International Standard, the following definitions apply.
3.1 Terms defined elsewhere
The following terms are defined in Rec. ITU-T X.603 | ISO/IEC 16512-1:
3.1.1 IP multicast: Realizes a multicast scheme in an IP network with the help of multicast-enabled IP routers.
3.1.2 multicast: A data delivery scheme where the same data unit is transmitted from a single source to multiple
destinations in a single invocation of service.
3.1.3 multicast agent (MA): An intermediate node which relays group application data.
3.1.4 relayed multicast protocol (RMCP): A protocol to realize the relayed multicast scheme using end hosts.
3.1.5 simplex: Wherein only one sender is send-only and all others are receive-only.
3.1.6 session manager (SM): A relayed multicast protocol (RMCP) entity that is responsible for the overall RMCP
operations.
3.2 Terms defined in this Recommendation
This Recommendation | International Standard defines the following terms:
3.2.1 basic RMCP-2: The relayed multicast protocol for simplex group applications, defined in clause 7.
3.2.2 candidate HMA: The MA that is able to assume the role of an HMA, when the original HMA leaves or is
terminated. In the basic RMCP-2, the MA indicates the RMA while it indicates the DMA in a secure RMCP-2.
3.2.3 child multicast agent (CMA): The next downstream MA in the RMCP-2 data delivery path.
3.2.4 closed group: A member multicast (MM) group in which all the RMAs have been allocated a service user
identifier from the content provider before subscribing to the secure RMCP-2 session.
3.2.5 dedicated multicast agent (DMA): An intermediate MA pre-deployed as a trust server by the session
manager (SM) in an RMCP-2 session.
3.2.6 group attribute (GP_ATTRIBUTE): An attribute that defines whether or not the content provider controls
the admission of RMAs to the secure RMCP-2 session.
3.2.7 head multicast agent (HMA): A representative of the MA inside a local network where the multicast is
enabled.
3.2.8 member multicast region (MM region): A management zone defined by the use of one or more group
keys Kg.
3.2.9 member multicast group (MM group):
1) (in unicast network) a group consisting of one DMA and multiple RMAs sharing the same group key Kg.
2) (in multicast network) a group consisting of one HMA, multiple RMAs together with one or more
candidate HMAs sharing the same group key Kg.
3.2.10 multicast agent ID (MAID): A 64-bit value that identifies the MA. MAID consists of the local IP address,
port number and serial number.
3.2.11 open group: An MM group in which none of the RMAs require a service user identifier before subscribing to
the secure RMCP-2 session.
3.2.12 parent multicast agent (PMA): The next upstream MA in the RMCP-2 data delivery path.
3.2.13 pseudo-HB message: An HB message that indicates a fault in the delivery path of the RMCP-2 tree. The
originator of a pseudo-HB message is the MA that discovers this fault.
2 Rec. ITU-T X.603.1 (08/2012)

3.2.14 receiver multicast agent (RMA): The MA attached to the receiving application in the same system or local
network.
3.2.15 regular HB message: An HB message that is relayed without interruption along the path of the RMCP-2 tree
from the SMA to the receiver of the message. The originator of a regular HB message is the SMA.
3.2.16 relayed multicast: A multicast data delivery scheme that can be used in unicast environments, which is based
on the intermediate nodes to relay multicast data from the media server to media players over a logically configured
network.
3.2.17 relayed multicast region (RM region): A management zone defined by the use of the session key Ks.
3.2.18 RMCP-2: A relayed multicast protocol for simplex group communication applications.
3.2.19 RMCP-2 session: A session which provides a certain RMCP-2 service.
3.2.20 secure RMCP-2 protocol: The relayed multicast protocol supporting the security features for simplex group
applications defined in clause 8.
3.2.21 security policy: The set of criteria for the provision of security services, together with the set of values for
these criteria, resulting from agreement of the security mechanisms defined in clause 8.1.4.
3.2.22 sender multicast agent (SMA): The MA attached to the sender in the same system or local network.
3.2.23 session ID (SID): A 64-bit value that identifies the RMCP-2 session. SID is a combination of the local IP
address of the session manager (SM) and the group address of the session.
3.2.24 TLS_CERT mode: A mode of transport layer security (TLS) defined in IETF RFC 5246 for the
authentication of MAs using a certificate.
3.2.25 TLS_PSK mode: A mode of transport layer security (TLS) defined in IETF RFC 4279 for the authentication
of MAs using a pre-shared key for the TLS key exchange.
4 Abbreviations and acronyms
For the purposes of this Recommendation | International Standard, the following abbreviations apply.
ACL  Access Control List
AUTH  Authentication
CEK  Content Encryption Key
CGSPRBG Cryptographically Secure Pseudo-Random Bit Generator
CMA  Child Multicast Agent
CP  Content Provider
DMA  Dedicated Multicast Agent
FAILCHECK Failure check request message
HANNOUNCE HMA announce message
HB  Heartbeat message
HLEAVE HMA Leave message
HMA  Head Multicast Agent
HRSANS  Head Required Security Answer
HRSREQ  Head Required Security Request
HSOLICIT  HMA Solicit message
IP-IP  IP in IP
KEYDELIVER Key Delivery
LEAVANS Leave Answer message
LEAVREQ Leave Request message
Rec. ITU-T X.603.1 (08/2012) 3

MA  Multicast Agent
MAID  Multicast Agent Identification
MM  Member Multicast
PMA  Parent Multicast Agent
PPROBANS Parent Probe Answer message
PPROBREQ Parent Probe Request message
RELANS  Relay Answer message
RELREQ  Relay Request message
RMA  Receiver Multicast Agent
RMCP  Relayed Multicast Protocol
RTT  Round Trip Time
SDP  Session Description Protocol
SDU  Service Data Unit
SECAGANS Security Agreement Answer
SECAGREQ Security Agreement Request
SECALGREQ Security Algorithms Request
SECLIST  selected Security LIST
SID  (RMCP-2) Session Identification
SINFO  Session Information
SM  Session Manager
SMA  Sender Multicast Agent
SMNOTI  SM Notification
STANS  Status report Answer message
STCOLANS Status report Collect Answer message
STCOLREQ Status report Collect Request message
STREQ  Status report Request message
SUBSANS  Subscription Answer message
SUBSREQ Subscription Request message
TCP  Transmission Control Protocol
TERMANS Termination Answer message
TERMREQ Termination Request message
TLS  Transport Layer Security
UDP  User Datagram Protocol
5 Conventions
Code values for message parameters in clause 9 (RMCP-2 messages) and clause 10 (Parameters) are expressed in
hexadecimal notation, e.g., 0x14 for 20 in decimal notation.
4 Rec. ITU-T X.603.1 (08/2012)

6 Overview
The RMCP-2 is an application-level protocol for providing efficient simplex group communication services over
IP-network environment which does not have full deployment of IP multicast. This clause gives an overview of the
basic RMCP-2 service, entities, protocol and control/data modules, simplex data delivery model, and message types. In
addition to the overview of basic RMCP-2, this clause provides the overview of secure RMCP-2 as well. The basic
RMCP-2 refers to the relayed multicast protocol for simplex group applications. The secure RMCP-2 refers to the
relayed multicast protocol supporting security features for basic RMCP-2.
6.1 Overview of basic RMCP-2
6.1.1 RMCP-2 service
The RMCP-2 is an application-layer multicast protocol that supports simplex group communication services in IP
networks without full deployment of IP multicast. In the simplex group communication services, user data is delivered
from a single sender to multiple recipients. To support the simplex group communication, the RMCP-2 uses the relayed
multicast mechanism. The RMCP-2 entities configure the data delivery path for simplex group communication. The
RMCP-2 entities relay multicast data to other RMCP-2 entities along the constructed data delivery path. The RMCP-2
can support various application services that require simplex group communication, such as multimedia streaming
services, file distribution services, e-learning, etc.
Figure 1 shows a typical service model of the RMCP-2 for supporting simplex group communication services in both
unicast and multicast network. In RMCP-2, the local network where IP multicast capability is deployed is called a
multicast network. One such example of a multicast network is a campus network with the IP multicast capability
deployed. For multicast networks, the RMCP-2 constructs a multicast transport connection. In RMCP-2, the network
without an IP multicast capability is called a unicast network. For unicast networks, the RMCP-2 constructs a unicast
transport connection between MAs. Thus, it is possible for RMCP-2 to deliver multicast data to applications in both a
unicast network and multicast network.
Sending
application
Simplex relayed
SM
multicast network
SMA
RMA RMA
Receiving Receiving Receiving
...
application application application
X.603.1(12)_F01
Multicast transport Unicast transport
connection for multicast connection for unicast
network network
Figure 1 – RMCP-2 service model
The entities of the RMCP-2 are multicast agents (MAs) and a session manager (SM). The SM manages the group
membership and RMCP-2 session by providing the configuration-related information to the MA to construct a simplex
relayed multicast network, and by monitoring the RMCP-2 session. The MA is an intermediate node that delivers
multicast data.
The following features of the RMCP-2 support the simplex group communication:
a) The RMCP-2 constructs a logical control path for each RMCP-2 session by using one or more MAs.
b) The control path is the basis of the data delivery path, which supports the delivery of multicast data in a
reliable or real-time manner.
c) The control path consists of logical links between MAs.
Rec. ITU-T X.603.1 (08/2012) 5

d) The RMCP-2 has the capability of selecting optimal peers to configure logical links. The selection of
optimal peers may be based on various metrics. Examples of such metrics include hop count, delay,
and/or bandwidth.
e) The RMCP-2 supports group communication using IP multicasting.
f) The RMCP-2 allows MAs to join or leave at any time during the RMCP-2 session.
g) The RMCP-2 manages the MAs of RMCP-2 session by using membership monitoring and expulsion.
h) The RMCP-2 provides an auto-configuration mechanism in constructing the data delivery path for the
simplex group communication.
i) The RMCP-2 supports network fault detection and service recovery.
6.1.2 RMCP-2 entities
This clause provides a description of RMCP-2 entities, these are SM and MA. The RMCP-2 entities follow the same
definition as defined in Rec. ITU-T X.603 | ISO/IEC 16512-1. The SM manages group membership and RMCP-2
sessions. The MA constructs a multicast data delivery path between senders and receivers and relays the multicast data
along the constructed path. The MA is required to support capabilities in both the sending and receiving of multicast
data. The MA can be implemented as an agent running on an end-system, server or set-top box. The method of
implementation of the MA are out of the scope of this Recommendation | International Standard.
RMCP-2 configures the data delivery path for simplex group communication using the following configuration:
a) one SM;
b) one sender multicast agent (SMA) per sender application;
c) one or more receiver multicast agents (RMAs);
d) one or more sending or receiving group applications.
SM supports the following functions:
a) session initiation;
b) session termination;
c) membership management;
d) session management.
An MA, which refers to both SMA and RMA, supports the following functions:
a) session initiation (applied for SMA only);
b) session subscription;
c) session join;
d) session leave;
e) session maintenance;
f) session status report;
g) application data delivery.
6.1.3 Protocol modules of RMCP-2
The entities in the RMCP-2 use two different types of module, i.e., control module and data module. The control
module is used to control the RMCP-2 session. The data module is used to deliver multicast data to the data module of
other MAs or to the applications. The SM controls the RMCP-2 sessions and does not participate in data delivery.
Therefore, the SM has only the control module.
The MA has the control module and data module to construct paths for control and data delivery. Figure 2 shows the
three types of path and interfaces that are used in RMCP-2, listed below.
– The control path between the control modules of the SM and MA and between the control modules of
MAs;
– a data path between the data modules of MAs;
– an internal interface between the control module and data module within the MA.
6 Rec. ITU-T X.603.1 (08/2012)

SM
Control module
Control module Control module
MA MA
Data module Data module
X.603.1(12)_F02
Control path Data path
Internal interface
Figure 2 – Three types of interfaces in RMCP-2
The SM is responsible for controlling and managing the RMCP-2 session. The messages used by the SM should be
delivered in a reliable manner to provide a stable RMCP-2 session. For reliable delivery, the SM uses the TCP defined
in IETF RFC 793 for the transport protocol. Figure 3 shows a protocol stack of an SM.

Control module of SM
TCP
IP (unicast)
Figure 3 – Protocol stack of SM
An MA which refers to both the SMA and the RMA, constructs a relayed multicast delivery path from one sender to
many receivers and forwards data along the constructed path. An MA consists of a control module and a data module.
The MA's control module configures the RMCP-2 control tree from the SMA to the leaf MAs. The control module is
used for RMCP-2 tree control. The MA's control module uses the TCP in the unicast network and UDP defined in
IETF RFC 768 in a multicast network. Figure 4 shows the protocol stack of an MA's control module.

Control module of MA
TCP UDP
IP (unicast) IP (multicast)
Figure 4 – Protocol stack of an MA's control module
The MA's data module relays application data along the constructed data delivery path. The characteristics of the data
delivery channel may vary depending on the application. For example, a real-time data delivery channel is needed for
real-time application services, and a reliable data delivery channel is needed for reliable application services. Thus,
RMCP-2 is independent of the transport protocols for delivering user data to support various types of applications. The
multicast application of an MA can send and receive multicast data from the data module. Figure 5 shows the protocol
stack of the MA's data module.
To ensure that RMCP-2 can adopt any kind of data transport mechanism, two MAs (namely, the parent multicast agent
(PMA) and the child multicast agent (CMA)) construct a data delivery path on the control tree by exchanging the data
profiles.
Rec. ITU-T X.603.1 (08/2012) 7

Data module of MA
L4 transport protocol
IP (unicast, multicast)
Figure 5 – Protocol stack of an MA's data module
The topologies of the two paths for control and data delivery are usually the same, because a data delivery path is
constructed along the RMCP-2 control tree. Along the data delivery path, the application data from the SMA can be
delivered to each leaf MAs. For more information, annexes D and E present two feasible real-time and reliable data
delivery schemes.
6.1.4 RMCP-2 control model
The RMCP-2 configures a one-to-many tree for control connection. The RMCP-2 tree is suitable for multicast data
delivery and is robust to network faults with auto-configuration and self-improvement capability. The RMCP-2 tree is
controlled by the SM. The SM can configure, control and monitor the RMCP-2 tree. The SM has the complete list and
the connection status information of the MAs of the RMCP-2 session. Figure 6 shows the control connection of the
RMCP-2.
SM
Session manager
SM
SMA
Receiver multicast agent
RMA
RMA RMA
SMA Sender multicast agent
Tree control connection
RMA RMA RMA RMA
Session control connection
X.603.1(12)_F06
Figure 6 – Control connection of RMCP-2
The control connection of RMCP-2 consists of an SM, an SMA and RMAs. The following are the control connections
for RMCP-2 service:
– tree control connection between MAs forming an RMCP-2 control tree;
– session control connection between the SM and MAs.
The SM is a dedicated entity that is pre-deployed by the RMCP-2 service provider. This entity provides control and data
delivery paths for applications served by MAs. The MA is a dynamic entity that can join and leave the RMCP-2
session.
6.1.5 Simplex delivery model of RMCP-2
The target services of RMCP-2 are simplex broadcasting services, such as Internet live TV and software dissemination.
In these service models, building an optimal data delivery path from a sender to multiple receivers is important.
RMCP-2 can support a simplex data delivery model by using the MA's control and data modules.
The data delivery path that the RMCP-2 considers is a per-source relayed multicast tree. Along the per-source relayed
multicast path, a unidirectional real-time or reliable data channel can be constructed. Figure 7 shows one of the possible
relayed multicast trees configured by RMCP-2 for simplex real-time or reliable applications.
8 Rec. ITU-T X.603.1 (08/2012)

Sending
application
SMA
Simplex relayed
multicast network
RMA RMA
Receiving Receiving Receiving
...
application application application
X.603.1(12)_F07
Reliable | Real-time multicast Reliable | Real-time unicast
and unidirectional and unidirectional
transport connection transport connection

Figure 7 – Relayed multicast tree configured by RMCP-2
6.2 Overview of secure RMCP-2
6.2.1 Secure RMCP-2 entities
The secure RMCP-2 supports security functions of the RMCP-2 used for relayed multicast data transport through
unicast communication over the Internet.
The secure RMCP-2 entities correspond to those described in the basic RMCP-2 except that a new type of MA, a
dedicated multicast agent (DMA), has been introduced. A dedicated multicast agent is an intermediate MA
pre-deployed as a trust server by the SM. For secure communication, each session consists of an SM, an SMA, DMAs
and RMAs, together with a single sending application and multiple receiving applications. Their topology, as shown in
Figure 8, corresponds with that in the basic RMCP-2 (see clause 6.1).
Sending
SMA SM
application
DMA
RMA RMA RMA
Receiving Receiving Receiving
application application application
X.603.1(12)_F08
Figure 8 – RMCP-2 service topology with security
Rec. ITU-T X.603.1 (08/2012) 9

6.2.2 Session manager
The SM is responsible for maintaining session security, which includes the management of service membership, the
management of key and ACL for DMA and RMA, and message encryption/decryption together with the SM functions
of basic RMCP-2. Figure 9 shows an abstract protocol stack for the operation of SM functions. The SM has TLS and
multicast session security modules for the provision of security. TLS is used for the initial authentication of DMAs and
RMAs when they join the session. The multicast session security module performs the following security functions after
the completion of TLS authentication:
a) security policy;
b) session admission management;
c) session key management;
d) access control list management;
e) secure group and membership management;
f) message encryption/decryption.

Session manager
Multicast session
TLS
security module
Transport protocol for message delivery
IP (unicast)
Figure 9 – Internal structure of the SM of secure RMCP-2
6.2.3 Dedicated multicast agents
DMAs are in charge of the secure establishment and maintenance of the RMCP-2 tree, support of membership
authentication and data confidentiality. Figure 10 shows the internal structure of the DMAs with modules for
key/message security management and group/member security management. These modules support the following
security functions:
Key/message security management module
a) group key management;
b) message encryption/decryption;
c) content encryption key management.
Group/member security management module
a) secure tree configuration;
b) session key management;
c) secure group and membership management.

Figure 10 – Internal structure of the DMA of secure RMCP-2
10 Rec. ITU-T X.603.1 (08/2012)

6.2.4 Sender and receiver multicast agents
The internal structure of the SMA and RMAs is shown in Figure 11. The structure is the same as for DMAs except that
the group security management module is not included.

Figure 11 – Internal structure of the SMA and RMA of a secure RMCP-2
6.2.5 Protocol modules of secure RMCP-2
The protocol modules for the SM, group/member security management of MAs and key/message security management
of MAs are shown in Figures 12, 13 and 14. They correspond to the protocol stacks in the basic RMCP-2 in clause 6.1.2
(see Figures 3, 4 and 5) but also include the TLS protocol and the multicast session security module.
The secure RMCP-2 supports the general encryption/decryption algorithms of TLS for a variety of common
applications. The SM and MAs (SMA, DMAs and RMAs) share the security information described in the security
policy. The multicast session security module contains common symmetric encryption/decryption algorithms,
authentication mechanisms and multicast security modules related to RMCP-2 security functions.

Session manager
Multicast session
TLS
security module
TCP/IP (unicast)
Figure 12 – Protocol module of the SM of a secure RMCP-2
The SM messages and the group/member security management messages of MAs are transmitted reliably through the
TCP.
Group/member security management module
Multicast session
TLS
security module
TCP/IP (unicast or multicast)
Figure 13 – The group/member security management module of an MA of a secure RMCP-2
Key/message security management messages may be transferred using any transport protocol. The transport protocol
may be selected according to the nature of the transferred data types. TLS provides secure communication for TCP over
unicast communication. The multicast security encryption/decryption and authentication modules protect the multicast
packets. These modules contain common symmetric encryption algorithms, hash algorithms, and multicast security
modules defined in this Recommendation | International Standard to protect multicast packets.

Rec. ITU-T X.603.1 (08/2012) 11

Key/message security management module
Multicast session
TLS
security module
TCP, UDP, SCTP, IPIP, etc.
IP (unicast or multicast)
Figure 14 – The key/message security management module of an MA of a secure RMCP-2
6.2.6 Structure of regional security management
For scalable security management, the secure RMCP-2 supports security functions in two independent regions: a
relayed multicast (RM) region and a member multicast (MM) region; see Figure 15.
The RM region is a management zone of the session key (Ks). It consists of the SM, the SMA and DMAs in a unicast
network.
RMA
Sending
MM-group 1
application
SMA DMA
(unicast area)
RMA
RM region
RMA
MM-group 2
Candi-
HMA DMA
(unicast area)
date
HMA
RMA
RMA RMA
MM-group 3
MM region
(multicast area)
X.603.1(12)_F15
Figure 15 – Security management regions
The MM region is a management zone defined by the use of group keys (Kg). The MM region consists of DMAs and
RMAs. They can be connected over a multicast network or a unicast network. The MM region consists of one or more
MM groups each using its own Kg group key.
MM groups in a multicast network consist of an HMA, one or more candidate HMAs and multiple RMAs that receive
the same multicast messages. Candidate HMAs are DMAs that are not connected to the data delivery tree, but have the
capability to assume the role of an HMA if required. MM groups in a unicast network consist of one DMA and multiple
RMAs. In both cases, the RMAs are logically connected direct to their parent DMA on the data delivery tree.
Any change in an MM group is localized within the scope of its own MM group.
6.3 Types of RMCP-2 messages
Table 1 lists the RMCP-2 messages with its meaning and the operation that is used.
Table 1 – RMCP-2 messages
Messages Meaning Operation
SUBSREQ Subscription request
Session subscription
SUBSANS Subscription answer
PPROBREQ Parent probe request
Neighbour discovery
PPROBANS Parent probe answer
12 Rec. ITU-T X.603.1 (08/2012)

Table 1 – RMCP-2 messages
Messages Meaning Operation
HSOLICIT HMA solicit
HANNOUNCE HMA announce Management in multicast network
HLEAVE HMA leave
RELREQ Relay request
Data channel control
RELANS Relay answer
STREQ Status report request
STANS Status report answer
Session monitoring
STCOLREQ Status collect request
STCOLANS Status collect answer
LEAVREQ Leave request
Session leave/Session tree reconstruction
LEAVANS Leave answer
HB Heartbeat Session tree maintenance
TERMREQ Termination request
Session termination
TERMANS Termination answer
FAILCHECK Failure check request Node failure check
SINFO Session information
Interworking between SMs which is
defined in Annex B
SMNOTI SM notification
SECAGREQ Security agreement request
SECAGANS Security agreement answer
Establishment of multicast
security policy
SECLIST Selected security list
SECALGREQ Security algorithms request
KEYDELIVER Key delivery Key distribution
HRSREQ Head required security request
Group member authentication
group key distribution ACL management
HRSANS Head required security answer
7 Protocol operation for basic RMCP-2
This clause describes the RMCP-2 functions and their operations
...