This Article 
 Bibliographic References 
 Add to: 
Secure Spread: An Integrated Architecture for Secure Group Communication
July-September 2005 (vol. 2 no. 3)
pp. 248-261
Yair Amir, IEEE Computer Society
Jonathan Stanton, IEEE Computer Society
Group communication systems are high-availability distributed systems providing reliable and ordered message delivery, as well as a membership service, to group-oriented applications. Many such systems are built using a distributed client-server architecture where a relatively small set of servers provide service to numerous clients. In this work, we show how group communication systems can be enhanced with security services without sacrificing robustness and performance. More specifically, we propose several integrated security architectures for distributed client-server group communication systems. In an integrated architecture, security services are implemented in servers, in contrast to a layered architecture, where the same services are implemented in clients. We discuss performance and accompanying trust issues of each proposed architecture and present experimental results that demonstrate the superior scalability of an integrated architecture.

[1] Y. Amir, C. Nita-Rotaru, J. Stanton, and G. Tsudik, “Scaling Secure Group Communication Systems: Beyond Peer-to-Peer,” Proc. DARPA Information Survivability Conf. and Exposition (DISCEX '03), Apr. 2003.
[2] T. Chandra, V. Hadzilacos, S. Toueg, and B. Charron-Bost, “On the Impossibility of Group Membership,” Proc. 15th ACM Symp. Principles of Distributed Computing (PODC), pp. 322-330, May 1996.
[3] K.P. Birman and T. Joseph, “Exploiting Virtual Synchrony in Distributed Systems,” Proc. 11th Ann. Symp. Operating Systems Principles, pp. 123-138, Nov. 1987.
[4] L.E. Moser, Y. Amir, P.M. Melliar-Smith, and D.A. Agarwal, “Extended Virtual Synchrony,” Proc. IEEE 14th Int'l Conf. Distributed Computing Systems, pp. 56-65, June 1994.
[5] J. Schultz, “Partitionable Virtual Synchrony Using Extended Virtual Synchrony,” master's thesis, Dept. of Computer Science, Johns Hopkins Univ., Jan. 2001, www.cnds.jhu.edupublications/.
[6] K.P. Birman and R.V. Renesse, Reliable Distributed Computing with the Isis Toolkit. IEEE CS Press, Mar. 1994.
[7] K. Birman, “The Process Group Approach to Reliable Distributed Computing,” Comm. ACM, vol. 36, no. 12, pp. 36-53, Dec. 1993.
[8] A. Montresor, R. Davoli, and Ö. Babaoglu, “Enhancing Jini with Group Communication,” Proc. ICDCS Workshop Applied Reliable Group Comm., Apr. 2001.
[9] O.M. Group, “Fault-Tolerant CORBA: Joint Revised Submission,” OBG Document orbos/99-12-08, Dec. 1999.
[10] R.V. Renesse, K. Birman, and S. Maffeis, “Horus: A Flexible Group Communication System,” Comm. ACM, vol. 39, pp. 76-83, Apr. 1996.
[11] M. Hayden, “The Ensemble System,” PhD dissertation, Dept. of Computer Science, Cornell Univ., 1998.
[12] Y. Amir and J. Stanton, “The Spread Wide Area Group Communication System,” Technical Report 98-4, Center of Networking and Distributed Systems, Johns Hopkins Univ., 1998.
[13] The Keyed-Hash Message Authentication Code (HMAC), Nat'l Inst. for Standards and Technology (NIST), no. FIPS 198, http://csrc.nist. gov/publications/fipsindex.html , 2002.
[14] Advanced Encryption Standard (AES), Nat'l Inst. for Standards and Technology (NIST), no. FIPS 197, aes/, 2001.
[15] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996.
[16] M. Steiner, G. Tsudik, and M. Waidner, “Key Agreement in Dynamic Peer Groups,” IEEE Trans. Parallel and Distributed Systems, vol. 11, no. 8, Aug. 2000.
[17] A. Fekete, N. Lynch, and A. Shvartsman, “Specifying and Using a Partitionable Group Communication Service,” Proc. 16th Ann. ACM Symp. Principles of Distributed Computing, pp. 53-62, Aug. 1997.
[18] Y. Amir, D. Dolev, S. Kramer, and D. Malki, “Transis: A Communication Sub-System for High Availability,” Proc. 22nd Int'l Symp. Fault-Tolerant Computing Systems, pp. 76-84, 1992.
[19] Y. Amir, L.E. Moser, P.M. Melliar-Smith, D. Agarwal, and P. Ciarfella, “The Totem Single-Ring Ordering and Membership Protocol,” ACM Trans. Computer Systems, vol. 13, no. 4, pp. 311-342, Nov. 1995.
[20] B. Whetten, T. Montgomery, and S. Kaplan, “A High Performance Totally Ordered Multicast Protocol,” Proc. Int'l Workshop Theory and Practice in Distributed Systems, Sept. 1994.
[21] T. Anker, G.V. Chockler, D. Dolev, and I. Keidar, “Scalable Group Membership Services for Novel Applications,” Proc. Workshop Networks in Distributed Computing, 1998.
[22] I. Keidar, J. Sussman, K. Marzullo, and D. Dolev, “A Client-Server Oriented Algorithm for Virtually Synchronous Group Membership in WANs,” Proc. 20th Int'l Conf. Distributed Computing Systems (ICDCS 2000), p. 356, 2000.
[23] K.P. Kihlstrom, L.E. Moser, and P.M. Melliar-Smith, “The SecureRing Protocols for Securing Group Communication,” Proc. IEEE 31st Hawaii Int'l Conf. System Sciences, vol. 3, pp. 317-326, Jan. 1998.
[24] O. Rodeh, K. Birman, and D. Dolev, “Using AVL Trees for Fault Tolerant Group Key Management,” Int'l J. Information Security, vol. 1, no. 2, Feb. 2002.
[25] O. Rodeh, K. Birman, M. Hayden, Z. Xiao, and D. Dolev, “The Architecture and Performance of Security Protocols in the Ensemble Group Communication System,” ACM Trans. Information and System Security, vol. 4, no. 3, pp. 289-319, Aug. 2001.
[26] M.K. Reiter, “Secure Agreement Protocols: Reliable and Atomic Group Multicast in Rampart,” Proc. Second ACM Conf. Computer and Comm. Security, pp. 68-80, Nov. 1994.
[27] P. Zimmermann, The Official PGP User's Guide. MIT Press, 1995.
[28] K.P. Birman, M. Hayden, O. Ozkasap, Z. Xiao, M. Budiu, and Y. Minsky, “Bimodal Multicast,” ACM Trans. Computer Systems, vol. 17, no. 2 May 1999.
[29] M.A. Hiltunen and R.D. Schlichting, “Adaptive Distributed and Fault-Tolerant Systems,” Int'l J. Computer Systems Science and Eng., vol. 11, no. 5, pp. 125-133, Sept. 1996.
[30] M.A. Hiltunen, R.D. Schlichting, and C. Ugarte, “Enhancing Survivability of Security Services Using Redundancy,” Proc. Int'l Conf. Dependable Systems and Networks, June 2001.
[31] L. Gong, “Enclaves: Enabling Secure Collaboration over the Internet,” IEEE J. Selected Areas in Comm., vol. 15, no. 3, pp. 567-575, Apr. 1997.
[32] P. McDaniel, A. Prakash, and P. Honeyman, “Antigone: A Flexible Framework for Secure Group Communication,” Proc. Eighth USENIX Security Symp., pp. 99-114, Aug. 1999.
[33] S. Floyd, V. Jacobson, C. Liu, S. McCanne, and L. Zhang, “A Reliable Multicast Framework for Light-Weight Sessions and Application Level Framing,” IEEE/ACM Trans. Networking, vol. 5, no. 6, pp. 784-803, Dec. 1997.
[34] Y. Amir, “Replication Using Group Communication over a Partitioned Network,” PhD dissertation, Inst. of Computer Science, The Hebrew Univ. of Jerusalem, Israel, 1995.
[35] G.V. Chockler, I. Keidar, and R. Vitenberg, “Group Communication Specifications: A Comprehensive Study,” ACM Computing Surveys, no. 4, pp. 427-469, Dec. 2001.
[36] Y. Kim, A. Perrig, and G. Tsudik, “Tree-Based Group Key Agreement,” ACM Trans. Information and System Security, vol. 7, no. 1, 2004.
[37] Y. Amir, Y. Kim, C. Nita-Rotaru, J. Stanton, and G. Tsudik, “Secure Group Communication Using Robust Contributory Key Agreement,” IEEE Trans. Parallel and Distributed Systems, vol. 15, no. 5, pp. 468-480, May 2004.
[38] Spread Project Team, “Spread,” http:/, 2004.
[39] Cliques Project Team, “Cliques,” cliques/, 2004.
[40] M. Burmester and Y. Desmedt, “A Secure and Efficient Conference Key Distribution System,” Proc. Conf. Advances in Cryptology (EUROCRYPT '94), May 1994.
[41] Y. Kim, A. Perrig, and G. Tsudik, “Group Key Agreement Efficient in Communication,” IEEE Trans. Computers, vol. 33, no. 7, 2004.
[42] W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE Trans. Information Theory, vol. 22, pp. 644-654, Nov. 1976.
[43] The TLS Protocol Version 1.0, T. Dierks and C. Allen, eds.,, 1999.
[44] “Recommendation for Block Cipher Modes of Operation— Methods and Techniques,” Nat'l Inst. for Standards and Technology (NIST), 2001.
[45] OpenSSL Project team, “Openssl,” http:/www., May 1999.
[46] Y. Amir, Y. Kim, C. Nita-Rotaru, and G. Tsudik, “On the Performance of Group Key Agreement Protocols,” ACM Trans. Information Systems Security, vol. 7, no. 3, Aug. 2004.

Index Terms:
Index Terms- Group key management, secure communication, peer groups, group communication.
Yair Amir, Cristina Nita-Rotaru, Jonathan Stanton, Gene Tsudik, "Secure Spread: An Integrated Architecture for Secure Group Communication," IEEE Transactions on Dependable and Secure Computing, vol. 2, no. 3, pp. 248-261, July-Sept. 2005, doi:10.1109/TDSC.2005.39
Usage of this product signifies your acceptance of the Terms of Use.