High Performance, Robust and Secure Group Communication

About us
Technology Transfer
Secure Spread

Quarterly Technical Report, January 2003


This period we focused on two directions: The first was working with the red team and the experimentation conducted by BBN and SRI. The second was the integrated architecture.

With regards to the experimentation and red team effort, we participated in the weekly teleconferences and provided fixes to the code base of the layered architecture. We also provided feedback on the experimentation documents. Separately, we participated in some discussions with the red team directly.

Our main research effort concentrated on the integrated architecture. We investigated a high-performance security architecture for Spread, under two well-known group semantics: Virtual Synchrony and Extended Virtual Synchrony Both models support network partitions and merges. Our approach entails using contributory group key management in a light-weight/heavy-weight group architecture such that the cost of key management is amortized over many groups, while each group has its own unique key.
We have designed three variants of an integrated architecture that trade off encryption cost for complexity and group communication model support. We evaluated their performance and security guarantees and compared them to the layered approach, demonstrating the increased scalability.

We have completed our evaluation effort of the layered architecture and its performance in the face of network partitions and merges.

We conducted a presentation and demonstration of Secure Spread, both layered architecture and a preliminary version of the integrated architecture at Colorado Springs for Strategic Command.

We also conducted a presentation and demonstration for the Boeing OASIS Dem/Val team as they evaluated Secure Spread for their project.


Scaling Secure Group Communication Systems: Beyond Peer-to-Peer.
ps, ps.gz, pdf. To appear in DISCEX'3 Washington DC, April 2003.

Yair Amir, Cristina Nita-Rotaru, Jonathan Stanton, and Gene Tsudik.

This paper develops several integrated security architecture scenarios for client-server group communication systems. In an integrated architecture, security services are implemented in servers, in contrast to a layered architecture where the same services are implemented in clients. We discuss benefits and drawbacks of each proposed architecture and present experimental results that demonstrate the superior scalability of an integrated architecture.


So far, we registered about 400 downloads for Secure Spread from our web site and about 5000 for Spread.

Plans for Next Quarter:

  • Continue support of the experimentation and red team effort.
  • Continue the work on the integrated architecture: Current plans focus on the client-server part of the Three-Step Client-Server solution, improving throughput performance, and continuing the integration of key management solutions.
  • Update the integrated access control and authentication framework based on community feedback.
  • Continue research into high performance wide area group communication.

Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
Distributed Systems and Networks Lab
Computer Science Department
Johns Hopkins University
3400 N. Charles Street Baltimore, MD 21218-2686