An integrated solution for secure group communication in wide-area networks

Many distributed applications require a secure reliable group communication system to provide coordination among the application components. This paper describes a secure group layer (SGL) which bundles a reliable group communication system, a group authorization and access control mechanism, and a group key agreement protocol to provide a comprehensive and practical secure group communication platform. The SGL also encapsulates the standard message security services (i.e., confidentiality, authenticity and integrity). A number of challenging issues encountered in the design of SGL are brought to light and experimental results obtained with a prototype implementation are discussed.

[1]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[2]  Gene Tsudik,et al.  New multiparty authentication services and key agreement protocols , 2000, IEEE Journal on Selected Areas in Communications.

[3]  Louise E. Moser,et al.  Totem: a fault-tolerant multicast group communication system , 1996, CACM.

[4]  Yongdae Kim,et al.  Secure group communication in asynchronous networks with failures: integration and experiments , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[5]  Michael K. Reiter A Secure Group Membership Protocol , 1996, IEEE Trans. Software Eng..

[6]  Louise E. Moser,et al.  Overview of the InterGroup Protocols , 2001, International Conference on Computational Science.

[7]  Atul Prakash,et al.  Antigone: A Flexible Framework for Secure Group Communication , 1999, USENIX Security Symposium.

[8]  Louise E. Moser,et al.  Extended virtual synchrony , 1994, 14th International Conference on Distributed Computing Systems.

[9]  Kenneth P. Birman,et al.  Reliable communication in the presence of failures , 1987, TOCS.

[10]  I. Keidar,et al.  Group Communication Speci cations: A Comprehensive Study , 1999 .

[11]  Hugo Krawczyk,et al.  HMAC: Keyed-Hashing for Message Authentication , 1997, RFC.

[12]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[13]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[14]  Idit Keidar,et al.  Group communication specifications: a comprehensive study , 2001, CSUR.

[15]  William E. Johnston,et al.  Certificate-based Access Control for Widely Distributed Resources , 1999, USENIX Security Symposium.

[16]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[17]  Louise E. Moser,et al.  A reliable ordered delivery protocol for interconnected local area networks , 1995, Proceedings of International Conference on Network Protocols.

[18]  Priya Narasimhan,et al.  Providing support for survivable CORBA applications with the Immune system , 1999, Proceedings. 19th IEEE International Conference on Distributed Computing Systems (Cat. No.99CB37003).

[19]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[20]  Gene Tsudik,et al.  The design of a group key agreement API , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[21]  Louise E. Moser,et al.  The intergroup protocols: scalable group communication for the internet , 2000 .

[22]  M. Bellare,et al.  HMAC: Keyed-Hashing for Message Authentication, RFC 2104 , 2000 .

[23]  Philip R. Zimmermann,et al.  The official PGP user's guide , 1996 .

[24]  Louise E. Moser,et al.  The SecureRing protocols for securing group communication , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.

[25]  Yair Amir,et al.  A low latency, loss tolerant architecture and protocol for wide area group communication , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[26]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[27]  Randall J. Atkinson,et al.  Security Architecture for the Internet Protocol , 1995, RFC.

[28]  Dahlia Malkhi,et al.  Secure reliable multicast protocols in a WAN , 2000, Distributed Computing.

[29]  Danny Dolev,et al.  Ensemble Security , 1998 .