High Performance, Robust and Secure Group Communication

Technical Report, July 2000

Objective:

A common claim today is that a wide-area, secure group communication system with strict reliability semantics and strict security requirements, cannot perform well enough to be practical. Based on our past and current work, we claim that with careful protocol design, a system that is limited to the size of the above peer groups can perform well without relaxing any of the security or reliability guarantees. Our objective is to build it.

Approach:

• Current key agreement protocols are not designed to tolerate failures and changes in the membership during their execution. Our protocols, in contrast, are completely resilient to any sequence of such events. We believe this is the first robust implementation of distributed key agreement protocols that provide perfect forward secrecy, group membership authentication, non-repudiation, and resilience to known-key attacks.

• The performance of a group key generation protocol is very dependent on the network structure, the relative power of machines, and the algorithm used. We do not think that there can be one key agreement protocol that outperforms all other protocols in all of the possible environments. Instead, we develop several different algorithms, each optimized (performance-wise) for a different setting.

• Our architecture is modular, allowing different security protocols to be plugged in. The architecture switches protocols during execution in agreement with other members, so that the most suitable protocol for the current situation is invoked. The selection can be based on the current state of the network, available system resources, the number of members in the group, a user defined policy, etc.

• The current state of the art in secure group communication implements security as a layer, separate from the reliability, ordering, and membership services. Although this structure has much merit, there is a high performance cost attached. We will build two versions of our system that share most of the code and infrastructure. The Layered Architecture version will have the security services provided on top of the reliability, ordering and membership services. The Integrated Architecture version will tailor the security protocols into the core reliability, ordering and membership services, drastically cutting the latency and bandwidth cost associated with group membership changes.

• In a Dynamic Coalition environment, it is likely that each coalition party will retain its autonomy, which includes full control over its part of the infrastructure. This is in contrast to current group communication architectures that assume one administrative domain. Our system will allow multiple autonomous control domains, while still preserving the tightly coupled group communication semantics.

• We will investigate a new trust model and "trust ranking" algorithms, combining mutual respect values of group members into a consistent global trust vector. This vector is continuously updated in a distributed fashion as a result of ongoing interactions between members. The trust vector aims to affect the allocation of resources in the group (who can multicast, how much), the selection of security protocols used, the admission/eviction of members, and other privileges.

Recent Accomplishments:

We are within reach of releasing a version with basic capabilities (which we term Version 0) of a deployable system with the current state of SPREAD and QLIQUES based on past work. This release is important in order to allow other collaborators in the Distributed Coalition program and elsewhere to immediately have a stable secure group system to build upon.

We are investigating a new tree-based distributed key agreement that aims to reduce the exponentiation computation from linear to logarithmic complexity without compromising most of the security guarantees.

Current Plan:

• The design of a modular architecture: An extensible secure group communication architecture that allows external security modules to be used through a well defined API.

• The design of an Integrated architecture: A new, optimized fault-tolerant membership and messaging protocols that natively include key agreement and core security services in them, amortizing the latency cost associated with placing them on top of each other.

• The research of new group trust models and an API: Development of the algorithms that compute the overall trust of a group based on individual members' respect for other members. Design of an API that exports the individual and group trust status.

• The release of Layered Version 1 (modular architecture and robust key agreement) - the first release based on the new architecture and protocols developed in this project. The new capabilities will allow faster and easier integration of different security protocols. The complete system will be tolerant of multiple asynchronous failures and recoveries.

Technology Transfer: