Secure communication for ad-hoc, federated groups

Ad-hoc federated groups are getting increasingly popular as means of addressing collaborative tasks that require information sharing. However, in some application scenarios, the security of the shared information is vital. Managing the communication security of such groups in an efficient way is a difficult task. This paper presents an architecture that enables secure communication for ad-hoc, cross-organisational groups. Our architecture covers group admission control, group key management and secure group communication. The groups in question are expected to be ad-hoc groups where the potential participants have no prior knowledge of each other and thus federation mechanisms need to be used to establish group admission rights. In order to handle group admission we use the SAML and XACML standards, for group key management we use the TGDH protocol. Our approach thus supports decentralised management of the most important tasks in secure group communication using an integrated approach based on established security standards. We have also produced a demo implementation to show the feasibility of our architecture. This research was pursued as part of the TrustDis project funded by the Swedish Governmental Agency for Innovation Systems (Vinnova).

[1]  Gene Tsudik,et al.  Admission control in peer groups , 2003, Second IEEE International Symposium on Network Computing and Applications, 2003. NCA 2003..

[2]  Leon Gommans,et al.  AAA Authorization Framework , 2000, RFC.

[3]  Olivier Chevassut,et al.  An integrated solution for secure group communication in wide-area networks , 2001, Proceedings. Sixth IEEE Symposium on Computers and Communications.

[4]  Bharat K. Bhargava,et al.  Key distribution and update for secure inter-group multicast communication , 2005, SASN '05.

[5]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[6]  Min Wu,et al.  Dynamic join-exit amortization and scheduling for time-efficient group key agreement , 2004, IEEE INFOCOM 2004.

[7]  Aldar C.-F. Chan,et al.  Distributed symmetric key management for mobile ad hoc networks , 2004, IEEE INFOCOM 2004.

[8]  Gene Tsudik,et al.  Tree-based group key agreement , 2004, TSEC.

[9]  Mostafa H. Ammar,et al.  Gothic: a group access control architecture for secure multicast and anycast , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[10]  K. J. Ray Liu,et al.  Minimization of rekeying cost for contributory group communications , 2005, GLOBECOM '05. IEEE Global Telecommunications Conference, 2005..