High Performance, Robust and Secure Group Communication
Quarterly Technical Report, April 2001
Progress:During the past three months we have continued to work on the Secure Spread System. We released Secure Spread Version 1 in March. Secure Spread Version 1 implements the first robust contributory key agreement that can handle any sequence of network events, including cascading joins, leaves, network partitions and network merges. The robust algorithm is based on the CLIQUES Group Diffie Helman algorithm. The system is available off this site web pages.
We have also finalized the design of a new robust Tree-based Group Diffie Helman algorithm. A paper on the vanila algorithm was presented at ACM CCS 2000, and our design makes it robust and tolerant to any scenario of cascading network events. We have started the implementation of that robust version and its integration into Secure Spread.
A new group key agreement method, based on a protocol originally proposed by Steer et al. at Crypto88, was fully specified and implemented as part of the CLIQUES library. It is not yet part of the Secure Spread system and we did not yet fully address robustness issues. This new string-like tree structure is very efficient communication-wise, on the expense of computation, which may make it a better fit for wide area networks. A paper describing this work will be presented at IFIP-SEC 2001 in June.
We are starting to create a unified framework in Secure Spread that will enable us to evaluate and compare the different key agreement algorithms side by side, namely, Centralized Key Disrtibution, CLIQUES Group Diffie Helman, Tree-based Group Diffie Helman, Burmester-Desmedt, and the Sting-like Tree). We are continuing to define the necessary services for practical secure group comunication in particular and for overlay networks in general. We look beyond the key agreement protocols into authentication and access control.
We completed the initial design of a framework for access control in group
communication systems. This framework specifies a modular architecture allowing multiple access control and authentication protocols to be used and the location of checks in the group communication system to enforce the policies. Work to implement this framework and explore what makes a good group access control policy is ongoing.
Software:We have released Secure Spread Version 1.0 in March. This version includes a complete robust CLIQUES protocol and a stable API for establishing secure groups and sending and receiving encrypted messages. This version is available and works with Spread 3.12, 3.13, and 3.14.
We have released Spread 3.15.0, 3.15.1, and 3.15.2 during this period. These releases address stability issues discovered by the growing community of Spread users.
Technology Transfer:We know of one Dynamic Coaltions project that already uses our software: This is the Efficient and Scalable Infrastructure Support project done at Johns Hopkins and Brown, which aims to provide scalable certification service. We are exploring potentail collaboration with other projects in the program.
During the period Spread was integrated into the beta version of OpenLinux. It is expected to be released in the next OpenLinux version in April.
Plans for Next Quarter: