|
A DARPA/ITO grant (May 2000 - September 2003) to Johns Hopkins Univesity with a subcontract to University of California, Irvine. A component of the DARPA Dynamic Coalitions effort. This grant is co-funded by the NSA.
Principal Investigator: Yair Amir. Co-PIs: Baruch Awerbuch and Jonathan Stanton. Subcontract PI: Gene Tsudik.
Research Activity
Presentations
- DISCEX III, Washington DC, April 2003
- Darpa meeting in Newport, RI, July 2002
- IEEE ICDCS2002, Vienna Austria, July 2002
- Darpa meeting in San Diego, CA, January 2002
- Networked Group Communication, London, November 2001
- Darpa meeting in Colorado Springs, CO, July 2001
- IEEE ICDCS2001, Phoenix Arizona, April 2001
- Darpa meeting in St. Petersburg, FL, January 2001
- Darpa meeting in Hawaii, July 2000
Reports
|
|
Related Papers -
Scaling Secure Group Communication Systems: Beyond
Peer-to-Peer
In the Proceedings of DISCEX3
Washington DC, April 22-24, 2003. Obsoletes Technical Report CNDS-2002-3, October 2002.
Y. Amir, C. Nita-Rotaru,
J. Stanton and G. Tzudik This paper develops several
integrated security architecture scenarios for client-server
group communication systems. In an integrated architecture,
security services are implemented in servers, in contrast to
a layered architecture where the same services are
implemented in clients. We discuss benefits and drawbacks
of each proposed architecture and present experimental
results that demonstrate the superior scalability of an
integrated architecture.
-
On the Performance of Group Key Agreement Protocols
Published in the Proceedings of the 22nd IEEE International Conference on Distributed
Computing Systems (ICDCS), Vienna, Austria, July 2-5, 2002, short paper. A longer version is available as
CNDS Technical Report 2001-5 . Y. Amir, Y. Kim, C. Nita-Rotaru and G. Tzudik
This paper presents a performance evaluation of five
notable key agreement protocols for peer groups, integrated
with a reliable group communication system (Spread). They
are: Centralized Group Key Distribution (CKD),
Burmester-Desmedt (BD), Steer et al. (STR), Group
Diffie-Hellman (GDH) and Tree-Based Group Diffie-Hellman
(TGDH). The paper includes an in-depth comparison and
analysis of conceptual results and is the first to report
practical results in real-life local and wide area
networks. Our analysis of these protocols' experimental
results offers insights into their scalability and
practicality.
-
Framework for Authentication and Access Control of Client-Server Group Communication Systems
Published in the Proceedings of the Third International
Workshop on Networked Group Communications, London,
United Kingdom, November 7-9, 2001. A longer version is
available as CNDS Technical Report 2001-2 . Y. Amir, C. Nita-Rotaru and J. Stanton
In this paper we present a framework for integrating authentication and
access control mechanisms and policies into a group communication system.
- Communication-Efficient Group Key Agreement
Published in IFIP -SEC 2001, June 2001. Y. Kim, A. Perring and G. Tsudik
Most prior research in group key management focused on
minimizing computational overhead stemming from expensive
cryptographic operations whereas bandwidth and
communication round complexity was of secondary
concern. However, recent advances in computation have
resulted in the network delay in wide area networks (WANs)
being the primary cost factor in the performance of group
key management protocols. In this paper, we reconsider a
group key agreement protocol previously proposed by Steer,
et al. in 1988. We extend it to handle dynamic groups and
network faults such as topology partitions and merges. The
resulting protocol suite is simple, provably secure,
fault-tolerant, and particularly well-suited for
applications in high-delay WANs.
- Exploring Robustness in Group Key Agreement
Published in Proceedings of the 21th IEEE International Conference on Distributed Computing Systems, Phoenix, Arizona, April 16-19,
2001, pp 399-408. A longer version is available as CNDS Technical Report 2000-4 .
Yair Amir, Yongdae Kim, Cristina Nita-Rotaru, John Schultz, Jonathan Stanton and Gene Tsudik.
In this paper we present Secure Spread, a secure version of the Spread Toolkit.
Secure Spread is a group communication system that utilizes contributory group k
ey
management developed by the Cliques project and Blowfish symmetric encryption al
gorithm.
Its modular design allows drop-in replacement of encryption and/or key agreement
protocol.
- Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups
Published in ACM CCS'2000, November 2000. Y. Kim, A. Perring and G. Tsudik
Secure communication in peer groups is an increasingly
popular research area having received much attention in
recent years. The fun damental challenge revolves a round
secure and efficient group key management. This work
investigates a novel approach to group key agreement by
blending binary key trees with Diffie-Hellman key
exchange. The resultant protocol suite is very simple,
secure and fault-tolerant.
- The Cost of Adding Security Services to Group Communication Systems
Technical Report CNDS-2000-3. Cristina Nita-Rotaru.
In this paper we present Secure Spread, a secure version of the Spread Toolkit.
Secure Spread is a group communication system that utilizes contributory group k
ey
management developed by the Cliques project and Blowfish symmetric encryption al
gorithm.
Its modular design allows drop-in replacement of encryption and/or key agreement
protocol.
Overview
A practical group communication system should provide secure multicast services for peer groups
over local and wide area networks. To support the environment described in the Dynamic Coalition
program, such a system should scale to tens of coalition parties, with hundreds of servers,
supporting thousands of users. This service is crucial for building distributed applications that
work in dynamic environments and communicate over unsecured networks (e.g. the Internet). It is
also important for enabling other infrastructures for these environments, such as replicated
certification, highly available policy management, and high performance access control.
A common claim is that a wide-area, secure group communication system with strict
reliability semantics and strict security requirements cannot perform well enough to be
practical. Therefore, some research is focused on different ways to relax either the security or
the reliability requirements (or both). Based on our past and current work, we claim that with
careful protocol design, a system that is limited to the size of the above peer groups can perform
well without relaxing any of the security or reliability guarantees. This project enables us to built it.
Key innovations
- Constructing group communication protocols that support wide and local area networks with tens
of sites, hundreds of servers, and thousands of users.
- Current key agreement protocols are not designed to tolerate failures and changes in the
membership during their execution. Our protocols, in contrast, will be completely resilient to any
sequence of such events. We believe this will be the first robust implementation of distributed
key agreement protocols that provide perfect forward secrecy, group membership authentication,
non-repudiation, and resilience to known-key attacks.
? The performance of a group key generation protocol is very dependent on the network structure,
the relative power of machines, and the algorithm used. We do not think that there can be one key
agreement protocol that outperforms all other protocols in all of the possible environments.
Instead, we will develop several different algorithms, each optimized (performance-wise) for a
different setting.
- We will design and build a modular architecture that allows different security protocols to be
plugged in. The architecture will switch protocols during execution in agreement with other
members, so that the most suitable protocol for the current situation is invoked. The selection
will be based on the current state of the network, available system resources, the number of
members in the group, a user defined policy, etc.
- The current state of the art in secure group communication implements security as a layer,
separate from the reliability, ordering, and membership services. Although this structure has much
merit, there is a high performance cost attached. We will build two versions of our system that
share most of the code and infrastructure. The Layered Architecture version will have the security
services provided on top of the reliability, ordering and membership services. The Integrated
Architecture version will tailor the security protocols into the core reliability, ordering and
membership services, drastically cutting the latency and bandwidth cost associated with group
membership changes.
- In a Dynamic Coalition environment, it is likely that each coalition party will retain its
autonomy, which includes full control over its part of the infrastructure. This is in contrast to
current group communication architectures that assume one administrative domain. Our system will
allow multiple autonomous control domains, while still preserving the tightly coupled group
communication semantics.
- Our system will incorporate a new trust model and "trust ranking" algorithms, combining mutual
respect values of group members into a consistent global trust vector. This vector is continuously
updated in a distributed fashion as a result of ongoing interactions between members. The trust
vector affects the allocation of resources in the group (who can multicast, how much), the
selection of security protocols used, the admission/eviction of members, and other privileges.
Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
|
Distributed Systems and Networks Lab
Computer Science Department
Johns Hopkins University
3400 N. Charles Street
Baltimore, MD 21218-2686
|
|