High Performance, Robust and Secure Group Communication

News
About us
People
Research
Grants
Publications
Download
Technology Transfer
Spread
Secure Spread
Spines
Backhand
Frugal
Share
Archipelago


Technical Report, July 2000

Objective:

A practical group communication system should provide secure multicast services for peer groups over local and wide area networks. To support the environment described in the Dynamic Coalition program, such a system should scale to tens of coalition parties, with hundreds of servers, supporting thousands of users. This service is crucial for building distributed applications that work in dynamic environments and communicate over unsecured networks (e.g. the Internet). It is also important for enabling other infrastructures for these environments, such as replicated certification, highly available policy management, and high performance access control.

A common claim today is that a wide-area, secure group communication system with strict reliability semantics and strict security requirements, cannot perform well enough to be practical. Based on our past and current work, we claim that with careful protocol design, a system that is limited to the size of the above peer groups can perform well without relaxing any of the security or reliability guarantees. Our objective is to build it.

Approach:

Our technical approach builds on past work with the SPREAD group communication system (http://www.spread.org) and the CLIQUES key agreement protocol suite (http://www.isi.edu/~gts/CLIQUES). Our approach includes the following innovative aspects:
  • Current key agreement protocols are not designed to tolerate failures and changes in the membership during their execution. Our protocols, in contrast, are completely resilient to any sequence of such events. We believe this is the first robust implementation of distributed key agreement protocols that provide perfect forward secrecy, group membership authentication, non-repudiation, and resilience to known-key attacks.

  • The performance of a group key generation protocol is very dependent on the network structure, the relative power of machines, and the algorithm used. We do not think that there can be one key agreement protocol that outperforms all other protocols in all of the possible environments. Instead, we develop several different algorithms, each optimized (performance-wise) for a different setting.

  • Our architecture is modular, allowing different security protocols to be plugged in. The architecture switches protocols during execution in agreement with other members, so that the most suitable protocol for the current situation is invoked. The selection can be based on the current state of the network, available system resources, the number of members in the group, a user defined policy, etc.

  • The current state of the art in secure group communication implements security as a layer, separate from the reliability, ordering, and membership services. Although this structure has much merit, there is a high performance cost attached. We will build two versions of our system that share most of the code and infrastructure. The Layered Architecture version will have the security services provided on top of the reliability, ordering and membership services. The Integrated Architecture version will tailor the security protocols into the core reliability, ordering and membership services, drastically cutting the latency and bandwidth cost associated with group membership changes.

  • In a Dynamic Coalition environment, it is likely that each coalition party will retain its autonomy, which includes full control over its part of the infrastructure. This is in contrast to current group communication architectures that assume one administrative domain. Our system will allow multiple autonomous control domains, while still preserving the tightly coupled group communication semantics.

  • We will investigate a new trust model and "trust ranking" algorithms, combining mutual respect values of group members into a consistent global trust vector. This vector is continuously updated in a distributed fashion as a result of ongoing interactions between members. The trust vector aims to affect the allocation of resources in the group (who can multicast, how much), the selection of security protocols used, the admission/eviction of members, and other privileges.

Recent Accomplishments:

New start. However, we already have some progress:

We are within reach of releasing a version with basic capabilities (which we term Version 0) of a deployable system with the current state of SPREAD and QLIQUES based on past work. This release is important in order to allow other collaborators in the Distributed Coalition program and elsewhere to immediately have a stable secure group system to build upon.

We are investigating a new tree-based distributed key agreement that aims to reduce the exponentiation computation from linear to logarithmic complexity without compromising most of the security guarantees.

Current Plan:

Our plan for FY 2001 includes the following:
  • The design of a modular architecture: An extensible secure group communication architecture that allows external security modules to be used through a well defined API.

  • The design of an Integrated architecture: A new, optimized fault-tolerant membership and messaging protocols that natively include key agreement and core security services in them, amortizing the latency cost associated with placing them on top of each other.

  • The research of new group trust models and an API: Development of the algorithms that compute the overall trust of a group based on individual members' respect for other members. Design of an API that exports the individual and group trust status.

  • The release of Layered Version 1 (modular architecture and robust key agreement) - the first release based on the new architecture and protocols developed in this project. The new capabilities will allow faster and easier integration of different security protocols. The complete system will be tolerant of multiple asynchronous failures and recoveries.

Technology Transfer:

New start.


Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
Distributed Systems and Networks Lab
Computer Science Department
Johns Hopkins University
3400 N. Charles Street Baltimore, MD 21218-2686