Yearly Technical Report, July 2003
A practical group communication system should provide secure multicast
services for peer groups over local and wide area networks. To support
the environment described in the Dynamic Coalition program, such a
system should scale to tens of coalition parties, with hundreds of
servers, supporting thousands of users. This service is crucial for
building distributed applications that work in dynamic environments
and communicate over unsecured networks (e.g. the Internet). It is
also important for enabling other infrastructures for these
environments, such as replicated certification, highly available
policy management, and high performance access control.
A common claim today is that a wide-area, secure group communication
system with strict reliability semantics and strict security
requirements, cannot perform well enough to be practical. Based on our
past and current work, we claim that with careful protocol design, a
system that is limited to the size of the above peer groups can
perform well without relaxing any of the security or reliability
guarantees. The objective of this project is to build it.
Our technical approach builds our work with the Spread group
communication system (http://www.spread.org) and the CLIQUES key
agreement protocols suite (http://sconce.ics.uci.edu/cliques/). Our
approach includes the following innovative aspects:
- Constructing group communication protocols that support wide and
local area networks with tens of sites, hundreds of servers, and
thousands of users.
- Current key agreement protocols are not designed to tolerate
failures and changes in the membership during their execution. Our
protocols, in contrast, will be completely resilient to any sequence
of such events. We believe this will be the first robust
implementation of distributed key agreement protocols that provide
perfect forward secrecy, group membership authentication,
non-repudiation, and resilience to known-key attacks.
- The performance of a group key generation protocol is very
dependent on the network structure, the relative power of machines,
and the algorithm used. We do not think that there can be one key
agreement protocol that outperforms all other protocols in all of the
possible environments. Instead, we will develop several different
algorithms, each optimized (performance-wise) for a different setting.
- We design and build a modular architecture that allows different
security protocols to be plugged in. The architecture will switch
protocols during execution in agreement with other members, so that
the most suitable protocol for the current situation is invoked. The
selection will be based on the current state of the network, available
system resources, the number of members in the group, a user defined
- The current state of the art in secure group communication
implements security as a layer, separate from the reliability,
ordering, and membership services. Although this structure has much
merit, there is a high performance cost attached. We will build two
versions of our system that share most of the code and
infrastructure. The Layered Architecture version will have the
security services provided on top of the reliability, ordering and
membership services. The Integrated Architecture version will tailor
the security protocols into the core reliability, ordering and
membership services, drastically cutting the latency and bandwidth
cost associated with group membership changes.
- In a Dynamic Coalition environment, it is likely that each
coalition party will retain its autonomy, which includes full control
over its part of the infrastructure. This is in contrast to current
group communication architectures that assume one administrative
domain. Our system will allow multiple autonomous control domains,
while still preserving the tightly coupled group communication
During this period, we continued our efforts on the dual track:
improving on our layered architecture system, Secure Spread, and
developing/designing the integrated architecture. In addition, a
major effort was the participation in the Red Team Experimentation
Project. Below, we detail on these three directions.
The results of this
work are: a new release of Secure Spread (upgraded to support the
newest Cliques library that broke backwards compatibility). We
continued the experiments on the layered architecture with focus on
evaluating the cost of establishing a new key when group membership
changes because of merges or partitions. We have results for all five
group key management protocol supported by Secure Spread.
These results are available in a technical report below.
Our main research effort concentrated on the integrated architecture.
We investigated a high-performance security architecture for Spread, under two
well-known group semantics: Virtual Synchrony and Extended Virtual Synchrony
Both models support network partitions and merges. Our approach entails
using contributory group key management in a light-weight/heavy-weight
group architecture such that the cost of key management is amortized
over many groups, while each group has its own unique key.
The goal of this architecture is
to amortize the cost of the key agreement protocols over many groups
and to provide very fast joins and leaves, while ensuring the
confidentiality of the data even when long-term keys of the
participant get compromised.
We have designed three variants of an integrated architecture that trade off
encryption cost for complexity and group communication model
support. We evaluated their performance and security guarantees and
compared them to the layered approach, demonstrating the increased
We continued our work on the integrated architecture. We
implemented the main building blocks that allwed us to have
preliminary results that offer an insight into the scalability of the
Our main research effort concentrated on the development of an
integrated architecture for Spread. Our solution describes three
variants, that trade-off group communication model for performance. As
part of the experimentation plan, we provided an internal release of
an integrated architecture variant for BBN Technologies.
We collaborated with the RedTeam and the experimentation efforts.
- participation in weekly phone-conference with all parts involved
in the effort (BBN, SRI, AFRL).Separately, we participated in
several discussions with the red team directly.
- providing support to the WhiteTeam, both by email and phone
- providing additional code (mainly demos and testing programs,
not included in the Secure Spread distribution), releasing a new
version of both Spread and Secure Spread,
- participating in the meeting at BBN Columbia with (JHU, BBN and
- providing Spread, Secure Spread descriptions, and previous work
and bibliography for the Experimental Plan Document.
- We provided fixes to the code base of the layered architecture.
- We also provided feedback on the experimentation
documents. Separately, we participated in some discussions with the
red team directly.
Conference Participation and Demonstrations
We conducted a presentation and demonstration of Secure Spread, both
layered architecture and a preliminary version of the integrated architecture
at Colorado Springs for Strategic Command, in October 2002.
We also conducted a presentation and demonstration for the Boeing OASIS Dem/Val
team as they evaluated Secure Spread for their project, October 2002.
We conducted a presentation and demonstration of Secure Spread, both
layered architecture and a preliminary version of the integrated
architecture, in Hawai for Pacific Command, in April 2003.
We also participated in the DARPA DISCEX 3 Conference. Secure Spread
was featured in the movie promoting all the technologies from the
DARPA programs, and our group was present both in the presentations
section and in the Exposition, in April 2003.
High Performance Secure Group Communication.
Ph.D. Thesis, Johns Hopkins University, July 2003.
- We have released Spread version 3.17.1 in June 2003.
- We have released Spread version 3.17.0 in
Secure Spread releases:
- We have released a version of the Integrated Architecture of Secure Spread (for RedTeam use), in March 2003.
- We have released Secure Spread version 2.1.0 in
- Boeing/Telcordia/NAI/SC - used as the messaging system in OASIS Dem/Val.
- SRI (Farrell) - red team.
- BBN (Theriault/Meighan) - experimentation.
- Rome labs / CACI (Valente/Cole) - evaluation.
- SRI (Millen/Denker) - formal verification.
- Irvine/Brown/Algomagic (Goodrich/Tamassia/Cohen) - message bus.
- UMCP (Gligor) - message bus.
- NCSU / MCNC (Yalta - Smith/Byrd) - secure group comm.
- U Penn (Smith) - integrating Keynote into Spread.
- Over 600 Secure Spread library downloads including major companies and international academics.
During the period Spread was featured in several magazine
articles. The first was published in the Februrary
2003 issue of Sysadmin
Magazine and covered the use of Spread for
distributed web logging. The second article was published in
the April 2003 issue of Linux Magazine and provided
overview of Spread.
Spread is used by hundreds of organizations. Lately it was added to several
Linux distributions as well as FreeBSD.
- There are several popular programs that use Spread, including Apache-SSL, Apache distributed logging, the native replication in the Postgres database and in the Zope product.
Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
Distributed Systems and Networks Lab|
Computer Science Department
Johns Hopkins University
3400 N. Charles Street
Baltimore, MD 21218-2686