Technical Report, July 2000
A practical group communication system should provide secure multicast services for peer
groups over local and wide area networks. To support the environment described in the Dynamic
Coalition program, such a system should scale to tens of coalition parties, with hundreds of
servers, supporting thousands of users. This service is crucial for building distributed
applications that work in dynamic environments and communicate over unsecured networks (e.g.
the Internet). It is also important for enabling other infrastructures for these environments,
such as replicated certification, highly available policy management, and high performance
A common claim today is that a wide-area, secure group communication system with strict
reliability semantics and strict security requirements, cannot perform well enough to be
practical. Based on our past and current work, we claim that with careful protocol design, a
system that is limited to the size of the above peer groups can perform well without relaxing
any of the security or reliability guarantees. Our objective is to build it.
Our technical approach builds on past work with the SPREAD group communication system (http://www.spread.org) and the CLIQUES key agreement protocol suite (http://www.isi.edu/~gts/CLIQUES). Our approach includes the following innovative aspects:
- Current key agreement protocols are not designed to tolerate failures and changes in the
membership during their execution. Our protocols, in contrast, are completely resilient to any
sequence of such events. We believe this is the first robust implementation of distributed key
agreement protocols that provide perfect forward secrecy, group membership authentication,
non-repudiation, and resilience to known-key attacks.
- The performance of a group key generation protocol is very dependent on the network
structure, the relative power of machines, and the algorithm used. We do not think that there
can be one key agreement protocol that outperforms all other protocols in all of the possible
environments. Instead, we develop several different algorithms, each optimized
(performance-wise) for a different setting.
- Our architecture is modular, allowing different security protocols to be plugged in. The
architecture switches protocols during execution in agreement with other members, so that the
most suitable protocol for the current situation is invoked. The selection can be based on the
current state of the network, available system resources, the number of members in the group,
a user defined policy, etc.
- The current state of the art in secure group communication implements security as a layer,
separate from the reliability, ordering, and membership services. Although this structure has
much merit, there is a high performance cost attached. We will build two versions of our
system that share most of the code and infrastructure. The Layered Architecture version will
have the security services provided on top of the reliability, ordering and membership
services. The Integrated Architecture version will tailor the security protocols into the core
reliability, ordering and membership services, drastically cutting the latency and bandwidth
cost associated with group membership changes.
- In a Dynamic Coalition environment, it is likely that each coalition party will retain its
autonomy, which includes full control over its part of the infrastructure. This is in contrast
to current group communication architectures that assume one administrative domain. Our system
will allow multiple autonomous control domains, while still preserving the tightly coupled
group communication semantics.
- We will investigate a new trust model and "trust ranking" algorithms, combining mutual
respect values of group members into a consistent global trust vector. This vector is
continuously updated in a distributed fashion as a result of ongoing interactions between
members. The trust vector aims to affect the allocation of resources in the group (who can
multicast, how much), the selection of security protocols used, the admission/eviction of
members, and other privileges.
New start. However, we already have some progress:
We are within reach of releasing a version with basic capabilities (which we term Version 0)
of a deployable system with the current state of SPREAD and QLIQUES based on past work. This
release is important in order to allow other collaborators in the Distributed Coalition
program and elsewhere to immediately have a stable secure group system to build upon.
We are investigating a new tree-based distributed key agreement that aims to reduce the
exponentiation computation from linear to logarithmic complexity without compromising most of
the security guarantees.
Our plan for FY 2001 includes the following:
- The design of a modular architecture: An extensible secure group communication architecture that allows external security modules to be used through a well defined API.
- The design of an Integrated architecture: A new, optimized fault-tolerant membership and
messaging protocols that natively include key agreement and core security services in them,
amortizing the latency cost associated with placing them on top of each other.
- The research of new group trust models and an API: Development of the algorithms that
compute the overall trust of a group based on individual members' respect for other members.
Design of an API that exports the individual and group trust status.
- The release of Layered Version 1 (modular architecture and robust key agreement) - the first release based on the new architecture and protocols developed in this project. The new
capabilities will allow faster and easier integration of different security protocols. The
complete system will be tolerant of multiple asynchronous failures and recoveries.
Questions or comments to:
webmaster (at) dsn.jhu.edu
TEL: (410) 516-5562
FAX: (410) 516-6134
Distributed Systems and Networks Lab|
Computer Science Department
Johns Hopkins University
3400 N. Charles Street
Baltimore, MD 21218-2686