article

The architecture and performance of security protocols in the ensemble group communication system: Using diamonds to guard the castle

ACM Transactions on Information and System Security (TISSEC), Volume 4, Issue 3

Pages 289 - 319

https://doi.org/10.1145/501978.501982

Published: 01 August 2001 Publication History

Abstract

Ensemble is a Group Communication System built at Cornell and the Hebrew universities. It allows processes to create process groups within which scalable reliable fifo-ordered multicast and point-to-point communication are supported. The system also supports other communication properties, such as causal and total multicast ordering, flow control, and the like. This article describes the security protocols and infrastructure of Ensemble. Applications using Ensemble with the extensions described here benefit from strong security properties. Under the assumption that trusted processes will not be corrupted, all communication is secured from tampering by outsiders. Our work extends previous work performed in the Horus system (Ensemble's predecessor) by adding support for multiple partitions, efficient rekeying, and application-defined security policies. Unlike Horus, which used its own security infrastructure with nonstandard key distribution and timing services, Ensemble's security mechanism is based on off-the shelf authentication systems, such as PGP and Kerberos. We extend previous results on group rekeying, with a novel protocol that makes use of diamondlike data structures. Our Diamond protocol allows the removal of untrusted members within milliseconds. In this work we are considering configurations of hundreds of members, and further assume that member trust policies are symmetric and transitive. These assumptions dictate some of our design decisions.

References

[1]

AMIR, Y., ATENIESE, G., HASSE, D., KIM, Y., NITA-ROTARU, C., SCHLOSSNAGLE, T., SCHULTZ, J., STANTON, J., AND TSUDIK, G. 2000. Secure group communication in asynchronous networks with failures: Integration and experiments. In Proceedings of the International Conference on Distributed Computing Systems, IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[2]

AMIR, Y., DOLEV, D., KRAMER,S.,AND MALKI, D. 1992. Transis: A communication sub-system for high availability. In Proceedings of the FTCS Conference, IEEE Computer Society Press, Los Alamitos, Calif., 76-84. http://www.cs.huji.ac.il/cransis.]]

[3]

BABAOGLU, O., DAVOLI, R., AND MONTRESOR, A. 1997. Partitionalbe group membership: Specification and algorithms. Tech. Rep. TR UBLCS97-1, Department of Computer Science, University of Bologna, January.]]

Digital Library

[4]

BALENSON, D., MCGREW,D.,AND SHERMAN, A. 1999. Key Management for large dynamic groups: One-way function trees and amortized initialization. Tech. Rep., IETF, February. draft-balensongroupkeymgmt-oft-00.txt.]]

[5]

BALLARDIE, A. 1996. Scalable multicast key distribution. Tech. Rep. 1949, IETF, May.]]

Digital Library

[6]

BELLARE,M.AND ROGAWAY, P. 1993. Entity authentication and key distribution. In Proceedings of Crypto 93. IEEE Computer Society Press, Los Alamitos, Calif., 232-249.]]

Digital Library

[7]

BIRMAN,K.AND RENESSE, R. V. 1994. Reliable Distributed Computing with the Isis Toolkit. IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[8]

BIRMAN, K. P. 1999. A review of experiences with reliable multicast. Softw. Pract. Exper. 29,9, 741-774.]]

Digital Library

[9]

BIRMAN,K.P.,HAYDEN, M., OZKASAP, O., XIAO, Z., BUDIU, M., AND MINSKY, Y. 1999. Bimodal multicast. ACM Trans. Comput. Syst. 17, 2, 41-88.]]

Digital Library

[10]

BRUCK, J., CYPHER, R., AND HO, C. T. 1997. Fault-tolerant meshes with small degree. SIAM J. Comput. 26, 6, 1764-1784.]]

Digital Library

[11]

CANETTI, R., GARAY, J., ITKIS, G., MICCIANCIO, D., NAOR, M., AND PINKAS, B. 1999a. Multicast security: Ataxonomy and some efficient constructions. In INFOCOM, vol. 2, IEEE Computer Society Press, Los Alamitos, Calif., 708-716.]]

[12]

CANETTI, R., MALKIN,T.,AND NISSIM, K. 1999b. Efficient communication-storage tradeoffs for multicast encryption. In Theory and Application of Cryptographic Techniques, Springer-Verlag, Berlin, 459-474.]]

[13]

CHIAKPO, E. 1996. RS/6000 SP High Availability Infrastructure. IBM, International Technical Support Organization, Poughkeepsie, New York.]]

[14]

COX,M.J.,ENGELSCHALL,R.S.,HENSON, S., LAURIE, B., YOUNG,E.A.,AND HUDSON, T. J. 2000. Open SSL. http://www.openssl.org.]]

[15]

DIFFIE,W.AND HELLMAN, M. 1976. New directions in cryptography. IEEE Trans. Inf. Theor. IT-22, 644-654.]]

Digital Library

[16]

DOLEV, D., MALKI,D.,AND STRONG, R. 1995. A framework for partitionable membership service. Tech. Rep. 95-4, Institute of Computer Science, The Hebrew University of Jerusalem, March.]]

[17]

DWORK, C., PELEG, D., PIPPINGER,N.,AND UPFAL, E. 1988. Fault tolerance in networks of bounded degree. SIAM J. Comput. 17, 975-988.]]

Digital Library

[18]

FRIEDMAN,R.AND VAYSBURD, A. 1997. Fast replicated state machines over partitionable net-works. In Proceedings of the IEEE 16th International Symposium on Reliable Distributed Systems.]]

Digital Library

[19]

GOFT,G.AND LOTEM, E. Y. 1999. The AS/400 cluster engine: A case study. In Proceedings of the International Workshop on Group Communication (IWGC '99), IEEE Computer Society Press, Los Alamitos, Calif.]]

[20]

GONG, L. 1997. Enclaves: Enabling secure collaboration over the Internet. IEEE J. Select. Areas Commun. 15, 3, 567-575.]]

Digital Library

[21]

HARARY, F. 1962. The maximum connectivity of a graph.]]

[22]

HARDJONO,T.AND TSUDIK, G. 1999. Ip multicast security: Issues and directions.]]

[23]

HARDJONO, T., CANETTI, R., BAUGHER, M., AND DINSMORE, P. 2000. Secure ip multicast: Problem areas, framework, and building blocks. Tech. Rep., IRTF. September. draft-irtf-smug-framework-01. txt.]]

[24]

HARNEY,H.AND MUCKENHIRN, C. 1997a. Group key management protocol architecture. Tech. Rep. RFC 2094, IETF.]]

Digital Library

[25]

HARNEY,H.AND MUCKENHIRN, C. 1997b. Group key management protocol specification. Tech. Rep. RFC 2093, IETF.]]

Digital Library

[26]

HARNEY, H., COLEGROVE, A., AND MCDANIEL, P. 2001. Principles of policy in secure groups. In Proceedings of Network and Distributed Systems Security, Internet society (Reston, VA).]]

[27]

HAYDEN, M. 1998. The ensemble system. PhD Thesis TR98-1662, Cornell University, Computer Science.]]

Digital Library

[28]

HILTUNEN,M.A.AND SCHLICHTING, R. D. 1996. Adaptive distributed and fault-tolerant systems. Int. J. Comput. Syst. Sci. Eng. 11, 5, 125-133.]]

[29]

HILTUNEN, M. A., JAIPRAKASH, S., SCHLICHTING,R.D.,AND UGARTE, C. A. 2000. Fine-grain configurability for secure communication. Tech. Rep. TR00-05, Department of Computer Science, University of Arizona, June.]]

[30]

JENKINS, R. J. 1996. Isaac. In Fast Software Encryption, Third International Workshop. Lecture Notes in Computer Science, vol. 1039., D. Gollman, Ed., Springer-Verlag, Berlin, 41-49.]]

Digital Library

[31]

JOHNSTON, W., MUDUMBAI,S.,AND THOMPSON, M. 1998. Authorization and attribute certificates for widely distributed access control. In Proceedings of the IEEE seventh International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[32]

KARN,P.AND SIMPSON, W. 1995. The Photuris session key management protocol. Tech. Rep. 2522, IETF.]]

Digital Library

[33]

KIHLSTROM,K.P.,MOSER,L.E.,AND MELLIAR-SMITH, P. M. 1998. The securing protocols for securing group communication. In Proceedings of the 31st Annual Hawaii International Conference on System Sciences (HICSS), vol. 3, IEEE Computer Society Press, Los Alamitos, Calif., 317-326.]]

Digital Library

[34]

KIM, Y., PERRIG, A., AND TSUDIK, G. 2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the seventh ACM Conference on Computer and Communication Security, ACM Press, New York.]]

Digital Library

[35]

KRAWCZYK, H., BELLARE, M., AND CANETTI, R. 1997. Hmac: Keyed-hashing for message authentication. Tech. Rep. RFC 2104, IETF. February.]]

Digital Library

[36]

LAI, X., MASSEY,J.L.,AND MURPHY, S. 1991. Markov ciphers and differential cryptanalysis. In Advances in Cryptology-EUROCRYPT. Springer, Berlin.]]

[37]

LEROY, X. 2001. The Objective Caml system release 3.01. http://pauillac.inria.fr/ocaml.]]

[38]

MALLOTH,C.AND SCHIPER, A. 1995. View synchronous communication in large scale networks. In Proceedings of the Second Open Workshop of the ESPRIT Project BROADCAST (#6360).]]

[39]

MCDANIEL,P.D.,PRAKASH, A., AND HONEYMAN, P. 1999. Antigone: A flexible framework for secure group communication. In Proceedings of the Eighth USENIX Security Symposium, Usenix Society, Berkeley.]]

Digital Library

[40]

MITTRA, S. 1997. Iolus: A framework for scalable secure multicasting. In SIGCOMM.]]

Digital Library

[41]

MOSER, L. E., MELLIAR-SMITH, P. M., AGARWAL, D. A., BUDHIA,R.K.,AND LINGLEY-PAPADOPOULOS,C.A. 1996. Totem: A fault-tolerant multicast group communication system. Commun. ACM, 39,4, 54-63. Homepage: http://beta.ece.ucsb.edu/totem.html.]]

Digital Library

[42]

MUKKAMALLA,S.AND KATZ, R. H. 1999. A scalable framework for secure multicast. Tech. Rep. CSD-99-1049, Berkeley University, Calif., June.]]

Digital Library

[43]

NEUMAN,B.C.AND TS'O, T. 1994. Kerberos: An authentication service for computer networks. IEEE Commun. 32, 9, 33-38.]]

Digital Library

[44]

POOVENDRAN,R.AND BARAS, J. S. 1999. An information theoretic analysis of rooted-tree based secure multicast key distribution schemes. In CRYPTO, Springer-Verlag, Berlin, 624-638.]]

Digital Library

[45]

REITER, M. K. 1994. Secure agreement protocols: Reliable and atomic group multicast in rampart. In Proceedings of the ACM Conference on Computer and Communication Security, ACM Press, New York, 68-80.]]

Digital Library

[46]

REITER, M. K., BIRMAN,K.P.,AND GONG, L. 1992. Integrating security in a group oriented distributed system. Tech. Rep. TR 92-1269, Department of Conmputer Science, University of Cornell, February.]]

[47]

REITER, M. K., BIRMAN,K.P.,AND RENESSE, R. V. 1994. A security architecture for fault-tolerant systems. ACM Trans. Comput. Syst. 16, 3, 986-1009.]]

Digital Library

[48]

RENESSE,R.V.,BIRMAN,K.P.,HAYDEN, M., VAYSBURD, A., AND KARR, D. 1997. Building adaptive systems using enamble. Tech. Rep. TR 997-1638, Cornell University, July.]]

Digital Library

[49]

RENESSE,R.V.,BIRMAN,K.P.,AND MAFFEIS, S. 1996. Horus, a flexible group communication system. Comun. ACM 39, 4, 76-83.]]

Digital Library

[50]

RIVEST, R. 1992. The md5 message digest algorithm. Tech. Rep. RFC 1321, SRI Network Information Center, April.]]

Digital Library

[51]

RODEH, O., BIRMAN,K.P.,AND DOLEV, D. 2000a. Optimized group rekey for group communication systems. In Symposium Network and Distributed System Security. Internet Society.]]

[52]

RODEH, O., BIRMAN,K.P.,AND DOLEV, D. 2000b. Astudy of group rekeying. Tech. Rep. TR2000-1791, Cornell University Computer Science, March.]]

Digital Library

[53]

SCHNEIDER, F. 1986. The state machine approach: A tutorial. Tech. Rep. TR86-800, Cornell University, Department of Computer Science, December.]]

Digital Library

[54]

SETIA, S., KOUSSIH,S.,AND JAJODIA, S. 2000. Kronos: A scalable group re-keying approach for secure multicast. In Proceedings of the 21st Symposium on Research in Security and Privacy, IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[55]

STANTON,J.AND AMIR, Y. 1998. The spread wide area group communication system. Tech. Rep. TR CNDS-98-4, Department of Computer Science.]]

[56]

STEINER, M., TSUDIK,G.,AND WAIDNER, M. 1998. Cliques: A new approach to group key agreement. In Proceedings of the IEEE International Conference on Distributed Computing Systems (ICDCS '98). IEEE Computer Society Press, Los Alamitos, Calif., 380-387.]]

Digital Library

[57]

THAYER,R.AND KAUKONEN, K. 1997. A stream cipher encryption algorithm. Internet draft, IETF, July.]]

[58]

US GOVERNMENT. 1977. Data encryption standard. Tech. Rep. 46, National Bureau of Standards, Federal.]]

[59]

VOGELS, W., DUMITRIU, D., BIRMAN, K., GAMACHE, R., SHORT, R., VERT, J., MASSA, M., BARRERA,J.,AND GRAY, J. 1998. The design and architecture of the Microsoft cluster service-A practical approach to high-availability and scalability. In Proceedings of the 28th Symposium on Fault-Tolerant Computing, IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[60]

WALLNER, D., HARDER, E., AND AGEE, R. 1998. Key management for multicast: Issues and architectures. Internet draft draft-wallner-key-arch-01.txt, IETF, Network Working Group. September. Work in progress.]]

Digital Library

[61]

WHETTEN, B., MONTGOMERY,T.,AND KAPLAN, S. 1995. A high performance totally ordered multicast protocol. In Theory and Practice in Distributed Systems: International Workshop. Lecture Notes in Computer Science, vol. 938, K. P. Birman, F. Mattern, and A. Schipper, Eds., Springer, Berlin, 33-57.]]

Digital Library

[62]

WONG, C. K., GOUDA, M., AND LAM, S. S. 1998. Secure group communication using key graphs. SIGGCOM.]]

Digital Library

[63]

ZIMMERMANN, P. 2000. Pretty good privacy. http://www.pgp.com.]]

Cited By

Joy SChandran P(2019)Towards a Secure Development Environment for Collaborative ApplicationsInternational Journal of e-Collaboration10.4018/IJeC.201901010115:1(1-20)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.4018/IJeC.2019010101
Abirami EPadmavathy T(2017)Proficient key management scheme for multicast groups using group key agreement and broadcast encryption2017 International Conference on Information Communication and Embedded Systems (ICICES)10.1109/ICICES.2017.8070789(1-5)Online publication date: Feb-2017
https://doi.org/10.1109/ICICES.2017.8070789
Hsu CHarn LMu YZhang MZhu X(2017)Computation-efficient key establishment in wireless group communicationsWireless Networks10.1007/s11276-016-1223-123:1(289-297)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1007/s11276-016-1223-1
Show More Cited By

Index Terms

The architecture and performance of security protocols in the ensemble group communication system: Using diamonds to guard the castle

Recommendations

The Architecture and Performance of Security Protocols in the Ensemble Group Communication System
Tree-based group key agreement

Secure and reliable group communication is an active area of research. Its popularity is fueled by the growing importance of group-oriented and collaborative applications. The central research challenge is secure and efficient group key management. ...
Security weakness in an authenticated group key agreement protocol in two rounds

Dutta and Barua recently proposed an efficient authenticated group key agreement protocol for dynamic membership. To reduce computation overhead, the protocol makes use of a simplified authentication mechanism such that only two neighbors of a ...

Reviews

Reviewer: John P. Dougherty

Ensemble is a group communication system (GCS) designed to provide fast and secure interaction to process groups distributed across a network. Ensemble uses a “fortress” approach, and supports multiple partitions, protocols for efficient group rekeying, and the integration of “off-the-shelf” authentication. The paper provides a good overview of the Ensemble system, its evolution from previous work, and a comparison to related research in GCS. The amount of work presented about the Ensemble security protocols is substantial, as is the detail of the underlying model and motivations for design. Empirical results are provided for communication latency and throughput, a distributed key distribution facility, and an algorithm to maintain a balanced diamond, which is a recursively-defined, two-connected structure with logarithmic diameter, used to maintain group membership. Ensemble apparently favors increased speed over increased security, but the underlying assumptions supporting this choice are presented clearly and convincingly. This paper is appropriate for researchers and graduate students in the area of GCS, and does assume a significant background in operating systems and interprocess communication. The reference list is large (over 60 citations), and seems to cover the field adequately. The paper presents the Ensemble GCS security protocols with enough depth to understand them, as well as the important performance consequences involved in their implementation. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 4, Issue 3

August 2001

129 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/501978

Issue’s Table of Contents

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 August 2001

Published in TISSEC Volume 4, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

25
Total Citations
View Citations
1,360
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)1

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Joy SChandran P(2019)Towards a Secure Development Environment for Collaborative ApplicationsInternational Journal of e-Collaboration10.4018/IJeC.201901010115:1(1-20)Online publication date: 1-Jan-2019
https://dl.acm.org/doi/10.4018/IJeC.2019010101
Abirami EPadmavathy T(2017)Proficient key management scheme for multicast groups using group key agreement and broadcast encryption2017 International Conference on Information Communication and Embedded Systems (ICICES)10.1109/ICICES.2017.8070789(1-5)Online publication date: Feb-2017
https://doi.org/10.1109/ICICES.2017.8070789
Hsu CHarn LMu YZhang MZhu X(2017)Computation-efficient key establishment in wireless group communicationsWireless Networks10.1007/s11276-016-1223-123:1(289-297)Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1007/s11276-016-1223-1
Hsu CWu SHarn L(2015)New Results on Ideal Multipartite Secret Sharing and its Applications to Group CommunicationsWireless Personal Communications: An International Journal10.1007/s11277-014-2208-y82:1(283-292)Online publication date: 1-May-2015
https://dl.acm.org/doi/10.1007/s11277-014-2208-y
Dvinsky AFriedman R(2014)Chameleon – a group communication framework for smartphonesSoftware: Practice and Experience10.1002/spe.227745:10(1429-1455)Online publication date: 29-Jul-2014
https://doi.org/10.1002/spe.2277
James PChalin P(2010)Faster and More Complete Extended Static Checking for the Java Modeling LanguageJournal of Automated Reasoning10.1007/s10817-009-9134-944:1-2(145-174)Online publication date: 1-Feb-2010
https://dl.acm.org/doi/10.1007/s10817-009-9134-9
Delp EEskicioglu A(2009)Protection of Multimedia Content in Distribution NetworksMultimedia Security Handbook10.1201/9781420038262.pt1Online publication date: 13-Dec-2009
https://doi.org/10.1201/9781420038262.pt1
Furht BKirovski D(2009)Protection of Multimedia Content in Distribution NetworksMultimedia Watermarking Techniques and Applications10.1201/9781420013467.ch1(1-60)Online publication date: 13-Dec-2009
https://doi.org/10.1201/9781420013467.ch1
Eskicioglu ADelp EFurht BKirovski D(2009)Protection of Multimedia Content in Distribution NetworksMultimedia Encryption and Authentication Techniques and Applications10.1201/9781420013450.ch1(1-60)Online publication date: 13-Dec-2009
https://doi.org/10.1201/9781420013450.ch1
Xu LHuang C(2008)Computation-Efficient Multicast Key DistributionIEEE Transactions on Parallel and Distributed Systems10.1109/TPDS.2007.7075919:5(577-587)Online publication date: 1-May-2008
https://dl.acm.org/doi/10.1109/TPDS.2007.70759
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents