High Performance, Robust and Secure Group Communication

Yearly Technical Report, July 2001

Objective:

A common claim today is that a wide-area, secure group communication system with strict reliability semantics and strict security requirements, cannot perform well enough to be practical. Based on our past and current work, we claim that with careful protocol design, a system that is limited to the size of the above peer groups can perform well without relaxing any of the security or reliability guarantees. The objective of this project is to build it.

Accomplishments:

Layered architecture

We started by implementing Secure Spread 0.0.3, providing a key agreement protocol based on the CLIQUES Group Diffie-Helman (GDH) algorithm. The protocol did not support cascaded failures. This first version was released at November 2000.

We then worked on providing a fault-tolerant protocol. We designed the first robust contributory key agreement protocol based on CLIQUES GDH and proved its correctness. This robust protocol formed the core of Secure Spread 1.0.0, a version we released at March 2001. A technical report presenting two robust algorithms and their corectness is available below. This work was presented at the 2001 IEEE International Conference on Distributed Computing Systems held in Phoenix, Arizona during April.

We have also finalized the design of a new robust Tree-based Group Diffie-Helman algorithm. The primitives that allow building the protocol were implemented within the CLIQUES TGDH library. A paper describing this work was presented at the 2000 ACM Conference on Computer and Communications Security (CCS-8) held in Philadelphia, Pennsylvania during November.

A new group key agreement method (STR), based on a protocol originally proposed by Steer et al. at Crypto88, was specified and implemented as part of the CLIQUES STR library. This work was presented at IFIP-SEC 2001 in June.

We created a unified framework in Secure Spread that enabled us to evaluate and compare the different key agreement algorithms side by side, namely, Centralized Key Distribution (CKD), CLIQUES Group Diffie Helman (GDH), Tree-based Group Diffie Helman (TGDH), Burmester-Desmedt (BD), and STR.

We worked on designing and integrating with Secure Spread four more key agreement protocols (in addition to GDH):

1. CKD: we implemented the 'vanilla' cases for evaluation purposes.
2. BD : we designed and implemented a robust protocol based on the BD algorithm.
3. TGDH: we finished the design of a robust protocol based on TGDH and we implemented the 'vanilla' cases for performance evaluation purposes.
4. STR: we finished the design of a robust protocol based on STR and we implemented the 'vanilla' cases for performance evaluation purposes.

Integrated architecture

We integrated a global flow control algorithm for multi-sender multi-group multicast in wide area overlay networks. This is a very important step toward practical high performance wide area group communication.

We defined the necessary services for practical secure group communication in particular and for overlay networks in general. We looked beyond the key agreement protocols into authentication and access control mechanisms.

We completed the initial design of a framework for access control in group communication systems. This framework specifies a modular architecture allowing multiple access control and authentication protocols to be used and the location of checks in the group communication system to enforce the policies.

The access control and authentication framework adds two new features to the Spread group communication system. First, it provides a modular API that allows anyone to write a custom authentication and access control policy code module which will be loaded into the Spread daemon. This module (or modules) will control how clients are authenticated when they connect to the daemon and what restrictions should be enforced on the clients' actions (such as joining groups or sending messages). Second, it inserts appropriate checks into Spread to enforce whatever access control policy the user has enabled.

We implemented the framework in the Spread Group Communication System version 3.16. A technical report describing the architecture along with some examples of authentication methods that are supported by the framework is available. This work will be presented in the Third International Workshop on Networked Group Communications at London, UK in November.

Current Plan:

• Explore and analyze the difficulties in dynamic control and reconfiguration of group communication systems. Begin the design of efficient and correct protocols for this environment.
• Work with several other Dynamic Coalition groups to evaluate which software components would be suitable to integrate with Secure Spread.
• The initial implementation of an Integrated architecture: The implementation will include fault-tolerant protocols that implement shared keys, optimized per-group keys, and use the keys to provide core security services. The focus of this work will be a prototype upon which performance and correctness evaluation can be done, including a comparison with the layered architecture.
• The research of new group trust models and an API: Development of the algorithms that compute the overall trust of a group based on individual members' respect for other members. Design of an API that exports the individual and group trust status.
• The release of a new Secure Spread library, the second release based on the new architecture and protocols developed in this project.

Papers:

Software:

We released Spread 3.13 in August 2000. The main new features of this version included:

• Scalability improvements in the number of groups in the system. The lightweight group management is now using probablistic algorithms that reduce group lookups to complexity of o(log(n)) down from o(n). This allows us to support tens of thousands of groups without noticeable performance penalty. Our system is still limited to about 1000 groups due to state transfer implementation limitation.
• Performance improvements for small messages (by a factor of 4 or so).
• A new configuration format that allows improved run time configuration.

We released Secure Spread Beta 0 in November 2000. This is a preliminary version which includes a fairly stable API and a correct implementation of the CLIQUES GDH key agreement protocol. Secure Spread beta 0 supports simple group events and failure scenarios. No cascading failures are supported. This version is available for other researchers to use. It works with Spread 3.12, 3.13 and 3.14.

We released Secure Spread Version 1.0 in March 2001. This version included a complete robust CLIQUES GDH protocol and a stable API for establishing secure groups and sending and receiving encrypted messages. This version is available and works with Spread 3.12, 3.13, 3.14, and 3.16.0.

We have released Spread 3.14 (October 31, 2000), 3.15.0 (December 20, 2000), 3.15.1 (February 26, 2001), and 3.15.2 (March 20, 2001) during this period. These releases address stability issues discovered by the growing community of Spread users.

A release of Spread, 3.16.0 (June 25, 2001), that includes a preliminary version of an integrated authentication and access control enforcement framework.

Technology Transfer:

We know of one Dynamic Coaltions project that already uses our software: This is the Efficient and Scalable Infrastructure Support project done at Johns Hopkins and Brown, which aims to provide scalable certification service. We are exploring potential collaboration with other projects in the program.

During the period Spread was integrated into the beta version of OpenLinux. It was released in the next OpenLinux version in June.

A Spread Workshop was held over three days at Johns Hopkins University in June 2001. This meeting included people from academia and industry and involved presentations, demos, and a collaborative discussion of future features, current needs and problems, and solutions.