High Performance, Robust and Secure Group Communication

About us
Technology Transfer
Secure Spread

Quarterly Technical Report, October 2002


During this period, we continued our efforts on the dual track: improving on our layered architecture system, Secure Spread, and developing/designing the integrated architecture. The results of this work are: a new release of Secure Spread (upgraded to support the newest Cliques library that broke backwards compatibility). We continue the experiments on the layered architecture with focus on evaluating the cost of establishing a new key when group membership changes because of merges or partitions. We have results for all five group key management protocol supported by Secure Spread.

We continued our work on the integrated architecture. We implemented the main building blocks that allwed us to have preliminary results that offer an insight into the scalability of the new system. A detailed description on our design and preliminary results can be found in Technical Report CNDS-2002-3, available below.

In addition, we collaborated with the RedTeam and the experimentation efforts. This included:
  • participation in weekly phone-conference with all parts involved in the effort (BBN, SRI, AFRL),
  • providing support to the WhiteTeam, both by email and phone
  • providing additional code (mainly demos and testing programs, not included in the Secure Spread distribution), releasing a new version of both Spread and Secure Spread,
  • participating in the meeting at BBN Columbia with (JHU, BBN and SRI)
  • providing Spread, Secure Spread descriptions, and previous work and bibliography for the Experimental Plan Document.


Scaling Secure Group Communication Systems: Beyond Peer-to-Peer.
ps, ps.gz, pdf. Technical Report CNDS-2002-3, October 2002.

Yair Amir, Cristina Nita-Rotaru, Jonathan Stanton, and Gene Tsudik.

This paper develops several integrated security architecture scenarios for client-server group communication systems. In an integrated architecture, security services are implemented in servers, in contrast to a layered architecture where the same services are implemented in clients. We discuss benefits and drawbacks of each proposed architecture and present experimental results that demonstrate the superior scalability of an integrated architecture.

On the Performance of Group Key Agreement Protocols
ps, ps.gz, pdf. Published in the Proceedings of the 22nd IEEE International Conference of Distributed Computing Systems, short paper, 2-5 July, Vienna, Austria. A longer version is available as Technical Report CNDS-2001-5, November 2001.

Yair Amir, Kim Yongdae, Cristina Nita-Rotaru, and Gene Tsudik.

Group key agreement is a fundamental building block for secure peer group communication systems. Several group key agreement protocols were proposed in the last decade, all of them assuming the existence of an underlying group communication infrastructure.

This paper presents a performance evaluation of five notable key agreement protocols for peer groups, integrated with a reliable group communication system (Spread). They are: Centralized Group Key Distribution (CKD), Burmester-Desmedt (BD), Steer et al. (STR), Group Diffie-Hellman (GDH) and Tree-Based Group Diffie-Hellman (TGDH). The paper includes an in-depth comparison and analysis of conceptual results and is the first to report practical results in real-life local and wide area networks. Our analysis of these protocols' experimental results offers insights into their scalability and practicality.


  • We have released Secure Spread version 2.1.0 in September 2002.
  • We have released Spread version 3.17 in September 2002.

    Technology Transfer:

    There are several popular programs that use Spread, including Apache-SSL, Apache distributed logging, the native replication in the Postgres database, etc. Related with the funding agencies of this program, we are aware of the following projects using the system:
    • The Efficient and Scalable Infrastructure Support for Dynamic Coalitions project, a collaboration between University of California at Irvine, Brown University and Johns Hopkins University, uses Spread as communication infrastruture.
    • A group in University of Idaho that uses Secure Spread in research.
    • A group at SRI is working on specifing the GDH key agreement protocol from Secure Spread using the CAPSL/MuCAPSL language.
    • A group from AF Rome Lab is conducting an evaluation of Secure Spread.
    • A group at the University of Maryland, College Park uses Spread as part of the Integrated Security Services for Dynamic Coalition Management project

    So far, we registered about 300 downloads for Secure Spread from our web site and about 4200 for Spread.

    Plans for Next Quarter:

    • Finalize the investigation of the group key agreement in more complex cases, such as merges and partition.
    • Continue the work on the integrated architecture. Current plans focus on having the VS and the Three-Step Client-Server solutions ready.
    • Update the integrated access control and authentication framework based on community feedback.
    • Continue research into high performance wide area group communication.

    Questions or comments to:
    webmaster (at) dsn.jhu.edu
    TEL: (410) 516-5562
    FAX: (410) 516-6134
    Distributed Systems and Networks Lab
    Computer Science Department
    Johns Hopkins University
    3400 N. Charles Street Baltimore, MD 21218-2686