Abstract:
Multimedia applications, news distribution and service discovery protocols are examples of group applications that typically involve more than one sender in the distribution process. This paper proposes few-to-many Semsomm, a secure and scalable group key management scheme for such applications. The main strategy of Semsomm is twofold. First, through the use of a multiple encryption scheme, there is no longer the need to trust the intermediate nodes of the multicast distribution tree. They are used as untrusted relaying nodes in order to overcome the need to re-key the entire group upon each membership change. Second, the traffic encryption key is periodically renewed and redistributed to legitimate group members, thus inhibiting any collusion attack. It is shown that Semsomm scales to very large groups while preserving perfect forward secrecy of the multicasted information, i.e. only actual members of the group can understand it.
Keywords: Secure Group Communication, Key Agreement Protocols, Internet and Software Control, Protection, and Security, Security Protocols.
Available as PDF-file.
Abstract:
With the advent of more and more small devices with networking capabilities, the interest in their secure self organisation has grown. These devices - smartlets as we named them - may have multiple transient ownerships and the resulting trust environment can become quite complex. Our paper takes a look at a fictious next generation casino and some necessary hardware as an illustration, and examines which operations (such as cryptographically secure group management) could become relevant in solving the problems observed there.
Available as PDF-file.
Abstract:
Many traditional and new Internet multi-party applications require a scalable,
secure group communication infrastructure. Some of these applications such
as video conferencing involve many-to-many communication while others such
as stock exchange systems engage in one-to-many data distribution. In this
paper, we present a novel solution for the latter area. Our approach, which
we call Semsomm, relies on two main ideas: First, we use intermediate nodes
of the multicast distribution tree as untrusted relaying nodes in order to
overcome the need to re-key the entire group upon each membership change.
Second, the session key is periodically renewed and redistributed to legitimate
group members, thus inhibiting any collusion attack. Semsomm scales to very
large groups while preserving perfect forward secrecy of the multicasted
data information because of its multiple encryption method. Furthermore,
we show how our approach can be extended first to few-to-many and then to
many-to-many scenarios with the appropriate network based infrastructural
enhancements such as active networks.
Keywords: multicast security, active secure group communication, dynamic one-to-many secure multicast.
Available as PDF-file.
Top of pageSecure, Scalable Few-to-Many Group Communication
Nathalie Weiler
Poster Presentation at IFIP Conference on Communications and Multimedia Security 2002 (CMS'2002).Abstract:
Many traditional and new Internet multi-party applications require a scalable, secure group communication infrastructure. Some of these applications such as video conferencing involve many-to-many communication while others such as stock exchange systems engage in one-to-many data distribution. In this paper, we present a novel solution for the latter area. Our approach, which we call Semsomm, relies on two main ideas: First, we use intermediate nodes of the multicast distribution tree as untrusted relaying nodes in order to overcome the need to re-key the entire group upon each membership change. Second, the session key is periodically renewed and redistributed to legitimate group members, thus inhibiting any collusion attack. Semsomm scales to very large groups while preserving perfect forward secrecy of the multicasted data information because of its multiple encryption method. Furthermore, we show how our approach can be extended first to few-to-many and then to many-to-many scenarios with the appropriate network based infrastructural enhancements such as active networks.Keywords: multicast security, active secure group communication, dynamic one-to-many secure multicast.
Not Available online.
Abstract: Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time.
Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that that newly joining members are not able to understand past group traffic, and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity (O(log N) for joins or leaves), thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management.
In this paper we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties, based on the existing prototype implementation.
Keywords: Secure multicasting middleware, tree-based key distribution, multicast key distribution schemes, distributed key management, concurrent key distribution.
Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time.
Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that that newly joining members are not able to understand past group traffic, and that leaving members may not follow future communications.
For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity (O(log N) for joins or leaves) grants scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for completely distributed key management.
In this paper we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties, based on the existing prototype implementation.
Keywords: Secure multicasting middleware, Tree-based key distribution, Multicast key distribution schemes, Distributed key management, Concurrent key distribution.