High Performance, Robust and Secure Group Communication

News
About us
People
Research
Grants
Publications
Download
Technology Transfer
Spread
Secure Spread
Spines
Backhand
Frugal
Share
Archipelago


Quarterly Technical Report, April 2002

Progress:

During this period, we achieved one of the main milestones for the project by releasing Secure Spread 2.0. This system includes implementation of five different key agreement protocols and allows evaluation of all of them under the same system. We have completed evaluation of the system over local and wide area networks. Details can be found in the paper below.

We continued our work on the Secure Spread integrated architecture. Previously, we designed three different solutions of providing confidentiality of the data, supporting two group communication semantics: Virtual Synchrony and Extended Virtual Synchrony. Briefly these solutions were:

  • Virtual Synchrony solution: provides the client with a Virtual Synchrony model, similar to the current layered Secure Spread implementation. The advantage of this method with respect to the layered Secure Spread is that it will scale better, particularly in simple group changes such as joins and leaves.
  • Extended Virtual Synchrony solution: provides the client with the more efficient group communication Extended Virtual Synchrony model. This solution protects both the client-daemon channel and the daemon-daemon communication channels, at the cost of six encryption/decryption operations.
  • Optimized Extended Virtual Synchrony solution: similar to the Extended Virtual Synchrony solution, but in most cases encrypt and decipher the message only once. Only in messages that are sent just before a daemon connectivity change there will be a need for the messages to be deciphered and re-encrypted by the daemons. This solution provides a considerable performance boost, but is fairly complex to implement.

We completed the implementation of the Virtual Synchrony solution and implemented the building blocks for the Extended Virtual Synchrony solution. The Extended Virtual Synchrony code was merged with the main development tree and is currently going under testing and evaluation. In addition, we designed a flexible architecture that will allow us to provide all the solutions in a configurable way.

Papers:

On the Performance of Group Key Agreement Protocols
ps, ps.gz, pdf. Technical Report CNDS-2001-5, November 2001. A condensed form will appear in the Proceedings of the 22nd IEEE International Conference of Distributed Computing Systems, short paper, 2-5 July, Vienna, Austria.

Yair Amir, Kim Yongdae, Cristina Nita-Rotaru, and Gene Tsudik.

Group key agreement is a fundamental building block for secure peer group communication systems. Several group key agreement protocols were proposed in the last decade, all of them assuming the existence of an underlying group communication infrastructure.

This paper presents a performance evaluation of five notable key agreement protocols for peer groups, integrated with a reliable group communication system (Spread). They are: Centralized Group Key Distribution (CKD), Burmester-Desmedt (BD), Steer et al. (STR), Group Diffie-Hellman (GDH) and Tree-Based Group Diffie-Hellman (TGDH). The paper includes an in-depth comparison and analysis of conceptual results and is the first to report practical results in real-life local and wide area networks. Our analysis of these protocols' experimental results offers insights into their scalability and practicality.

Software:

We have released Secure Spread version 2.0 in February 2002.
We have released Spread version 3.16.2 in April 2002.

Technology Transfer:

There are several popular programs that use Spread, including Apache-SSL, Apache distributed logging, the native replication in the Postgres database, etc. Related with the funding agencies of this program, we are aware of the following projects using the system:
  • The Efficient and Scalable Infrastructure Support for Dynamic Coalitions project, a collaboration between University of California at Irvine, Brown University and Johns Hopkins University, uses Spread as communication infrastruture.
  • A group in University of Idaho that uses Secure Spread in research.
  • A group at SRI is working on specifing the GDH key agreement protocol from Secure Spread using the CAPSL/MuCAPSL language.
  • A group from AF Rome Lab is conducting an evaluation of Secure Spread.
  • A group at the University of Maryland, College Park uses Spread as part of the Integrated Security Services for Dynamic Coalition Management project

We also participated at the Secure Group Communication Workshop organized by the NAI Labs, on March 13 2002, Glenwood, Maryland.

So far, we registered over 150 downloads for Secure Spread from our web site and about 3500 for Spread.

Plans for Next Quarter:

  • Continue our work on the integrated architecture. Current plans focus on testing and evaluating the Extended Virtual Synchrony and finalizing Optimized Extended Virtual Synchrony solution.
  • Update the integrated access control and authentication framework based on community feedback.
  • Continue to explore the different trade-offs of the different key agreement protocols on wide area networks. We plan to perform more scenarios using the EMULAB network.
  • Continue research into high performance wide area group communication.


Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
Distributed Systems and Networks Lab
Computer Science Department
Johns Hopkins University
3400 N. Charles Street Baltimore, MD 21218-2686