Quarterly Technical Report, October 2002
During this period, we continued our efforts on the dual track:
improving on our layered architecture system, Secure Spread, and
developing/designing the integrated architecture. The results of this
work are: a new release of Secure Spread (upgraded to support the
newest Cliques library that broke backwards compatibility). We
continue the experiments on the layered architecture with focus on
evaluating the cost of establishing a new key when group membership
changes because of merges or partitions. We have results for all five
group key management protocol supported by Secure Spread.
continued our work on the integrated architecture. We implemented the
main building blocks that allwed us to have preliminary results that
offer an insight into the scalability of the new system. A detailed
description on our design and preliminary results can be found in
Technical Report CNDS-2002-3, available below.
we collaborated with the RedTeam and the experimentation efforts.
- participation in weekly phone-conference with all parts
involved in the effort (BBN, SRI, AFRL),
- providing support to the WhiteTeam, both by email and phone
- providing additional code (mainly demos
and testing programs, not included in the Secure Spread distribution),
releasing a new version of both Spread and Secure Spread,
- participating in the meeting at BBN Columbia with (JHU, BBN and SRI)
- providing Spread, Secure Spread descriptions, and previous work
and bibliography for the Experimental Plan Document.
On the Performance of Group Key Agreement Protocols
Published in the Proceedings of the 22nd IEEE International Conference of Distributed Computing Systems, short paper, 2-5 July, Vienna, Austria.
A longer version is available as Technical Report CNDS-2001-5, November 2001.
and Gene Tsudik.
Group key agreement is a fundamental building block for secure peer
group communication systems. Several group key agreement protocols
were proposed in the last decade, all of them assuming the existence
of an underlying group communication infrastructure.
This paper presents a performance evaluation of five notable key
agreement protocols for peer groups, integrated with a reliable group
communication system (Spread). They are: Centralized Group Key
Distribution (CKD), Burmester-Desmedt (BD), Steer et al. (STR), Group
Diffie-Hellman (GDH) and Tree-Based Group Diffie-Hellman (TGDH). The
paper includes an in-depth comparison and analysis of conceptual
results and is the first to report practical results in real-life
local and wide area networks. Our analysis of these protocols'
experimental results offers insights into their scalability and
We have released Secure Spread version 2.1.0 in
We have released Spread version 3.17 in
There are several popular programs that use Spread, including
Apache-SSL, Apache distributed logging, the native replication in the
Postgres database, etc. Related with the funding agencies of this
program, we are aware of the following projects using the system:
- The Efficient and Scalable Infrastructure Support for Dynamic
Coalitions project, a collaboration between University of California
at Irvine, Brown University and Johns Hopkins University, uses Spread
as communication infrastruture.
- A group in University of Idaho that uses Secure Spread in
- A group at SRI is working on specifing the GDH key agreement
protocol from Secure Spread using the CAPSL/MuCAPSL language.
- A group from AF Rome Lab is conducting an evaluation of Secure
- A group at the University of Maryland, College Park uses Spread
as part of the Integrated Security Services for Dynamic Coalition
So far, we registered about 300 downloads for Secure Spread from our
web site and about 4200 for Spread.
Plans for Next Quarter:
- Finalize the investigation of the group key agreement in more complex cases, such as merges and partition.
- Continue the work on the integrated architecture. Current plans focus on having the VS and the
Three-Step Client-Server solutions ready.
- Update the integrated access control and authentication framework based on community feedback.
- Continue research into high performance wide area group communication.
Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
Distributed Systems and Networks Lab|
Computer Science Department
Johns Hopkins University
3400 N. Charles Street
Baltimore, MD 21218-2686