- Authors:
- Ohad Rodeh,
- Kenneth Birman,
- Danny Dolev
Ensemble is a Group Communication System built at Cornell and the Hebrew universities. It allows processes to create process groups within which scalable reliable fifo-ordered multicast and point-to-point communication are supported. The system also supports other communication properties, such as causal and total multicast ordering, flow control, etc. This paper describes the security protocols and infrastructure of Ensemble. Applications using Ensemble with the extensions described here benefit from strong security properties. Under the assumption that trusted processes will not be corrupted, all communication is secured from tampering by outsiders. Our work extends previous work performed in the Horus system (Ensemble''s predecessor) by adding support for multiple partitions, efficient rekeying, and application defined security policies. Unlike Horus, which used its own security infrastructure with non-standard key distribution and timing services, Ensemble''s security mechanism is based on off-the shelf authentication systems, such as PGP and Kerberos. We extend previous results on group rekeying, with a novel protocol that makes use of diamond-like data structures. Our Diamond protocol allows the removal of untrusted members within milliseconds.
Cited By
Rütti O, Wojciechowski P and Schiper A Service interface Proceedings of the 2006 ACM symposium on Applied computing, (691-696)- Narayan G and Gopinath K iSAN Proceedings of the 11th international conference on High Performance Computing, (262-273)
- Hiltunen M, Schlichting R and Ugarte C (2003). Building Survivable Services Using Redundancy and Adaptation, IEEE Transactions on Computers, 52:2, (181-194), Online publication date: 1-Feb-2003.
- Pascoe J, Loader R and Sunderam V (2019). Collaborative Group Membership, The Journal of Supercomputing, 22:1, (55-68), Online publication date: 1-May-2002.
- Hiltunen M, Schlichting R and Ugarte C Enhancing Survivability of Security Services Using Redundanc Proceedings of the 2001 International Conference on Dependable Systems and Networks (formerly: FTCS), (173-182)
Recommendations
The architecture and performance of security protocols in the ensemble group communication system: Using diamonds to guard the castle
Ensemble is a Group Communication System built at Cornell and the Hebrew universities. It allows processes to create process groups within which scalable reliable fifo-ordered multicast and point-to-point communication are supported. The system also ...
Security weaknesses of a signature scheme and authenticated key agreement protocols
At ACISP 2012, a novel deterministic identity-based (aggregate) signature scheme was proposed that does not rely on bilinear pairing. The scheme was formally proven to be existentially unforgeable under an adaptive chosen message and identity attack. ...
Efficient group Diffie-Hellman key agreement protocols
Display Omitted Authenticated group Diffie-Hellman (GDH) key agreement protocols are proposed.GDH key agreement protocols are based on the secret sharing.Our proposed solution is efficient, robust and secure. In a group Diffie-Hellman (GDH) key ...