Abstract:
Secure group communication services promote the deployment of traditional
and new multi-party applications in networks such as video conferencing or
large scale distance education. Confidentiality and authenticity combined
in an intelligent group communication service with good scalability properties
and efficient employment of the network infrastructure meet the needs of
users and providers. Future generation networks such as mobile ad hoc networks
challenge the research community even more for a commitment both to preserve
the privacy of the users and to secure the network infrastructure of the
provider. While other approaches focus either on the establishment of traditional
security services - i.e. confidentiality, integrity and availability - in
groups or on the anonymisation of point-to-point communication, this thesis
introduces a self-contained approach to guarantee privacy preservation in
closed groups, an infrastructure for secure and anonymous group communication.
The work first introduces an application independent framework for secure
group communication. This framework fills the gap between different single,
isolated proposals and the complete multicast application. The devised engineering
approach is demonstrated in two ways: (1)Three kind of applications, i.e.
a single sender, multiple receiver broadcast scenario, a highly dynamic,
decentralised game, and a small scale, many-to-many workflow application,
rely on the
framework to provide a secure multicast service managing the access,
the technical aspects of the group membership, and the network service. (2)
The newly proposed secure group management scheme called Semsomm can be compared
in a fair and efficient way to other approaches in the literature by simply
plugging the respective implementations into the framework.
In the second part, the design of Semsomm is detailed. The main strategy
of Semsomm is twofolded. First,intermediate nodes of the multicast distribution
tree are used as untrusted relaying nodes in order to overcome the need to
re-key the entire group upon each membership change. Second, the traffic
encryption key is periodically renewed and redistributed to legitimate group
members, thus inhibiting any collusion attack. It is shown that Semsomm scales
to very large groups while preserving perfect forward secrecy of the multicasted
information, i.e. only actual members of the group can understand it, thanks
to its multiple encryption method.
The third contribution of this thesis consists in the design and implementation
of a secure and anonymous group infrastructure, in other words, only users
who fulfil certain conditions are allowed to join the secure anonymous group,
non-members of the group cannot understand the data, and the identity of
a member cannot be disclosed to outsiders of the group. Additionally, the
member may hide its identity to other group members. The designed infrastructure,
the Secure ANonymous GRoup InfrAstructure (SANGRIA), builds on top ofunicast
anonymity and is extended with the needed secure multicast functionality.
It is shown in the context of multimedia applications how this infrastructure
can be used.
Finally, the implementations are evaluated and discussed. Semsomm proves
to achieve the scalability and security goals claimed, esp. the swift execution
of the join and leave operations are confirmed. On the other hand, the evaluation
of the infrastructural costs for group anonymity shows promising results.
The impact of anonymisation depends on the configuration of the anonymising
network that must be traded for the desired resistance against attacks on
anonymity.
Available at Shaker.
A limited version is in preparation.
Top of pageSecure and Anonymous Multicast Framework
Nathalie Weiler, Bernhard Plattner
In Proceedings of IFIP Conference on Communications and Multimedia Security 2001 (CMS'2001).
Not available online due to copyright protection. Sorry!Abstract:
Keywords:
The rapid increase in Internet users triggered a number of new Internet services and applications such as online shopping, video
conferencing, Internet games or distance education. A larger part of those ones requires multicast support for efficient data distribution. A number of secure group communication protocols have been published recently, but the preservation of privacy of the single group member is still an unsolved problem. This paper presents a novel approach to secure and anonymous group communication. First, we propose a solution for anonymity in a local environment based on state-of-the art
approaches such as pseudonym servers and anonymizers combined with encryption techniques on different protocol levels in order to
guarantee an anonymous way of communication between end-users. Then, we introduce the secure and anonymous multicast (SAM) framework and we show how it can be used as a configurable, scalable architecture in combination with local anonymity.
Scalable end-to-end anonymous communication, composable privacy, anonymous multicast.