Security Services for Dynamic Peer Groups

Overview

Group communication occurs in many different settings: from low-level network multicasting to conferencing and other groupware applications. Regardless of the environment, security services are necessary to provide communication privacy and integrity. These are not possible without secure and efficient key distribution, authentication and other security mechanisms.

While peer-to-peer security is a well-developed field, secure group communication remains relatively unexplored. The prime motivation of this research is the lack of a general-purpose group security solution that satisfies the requirements of modern group communication. Given the openness of today's networks, communication among group members must be secure and, at the same time, efficient.

Secure group communication is not a simple extension of secure two-party communication. Two-party communication can be viewed as a discrete phenomenon: it starts, lasts for a while and ends. Instead, group communication starts, the group mutates (members leave and join) and there might not be well-defined end. Whereas many of the previous protocols start from scratch in case of group's changes or make assumption on the structure of the group (e.g there is a distinguished fixed group controller) we have found very efficient and flexible alternatives to update the group membership making no assumption of its structure and dynamic behaviour.

Key Agreement

A contributory key agreement protocol is a key establishment technique whereby a shared secret key is derived by two (or more) parties as a function of fresh information equally contributed by each of these. A protocol of such type is said to provide group implicit key authentication if each party of the group is assured that no other party outside the group itself may compute a particular secret key. These features allow a group to share efficiently a key such that the resulting scheme is resistant to active attacks (i.e. where an attacker is able to modify, delay or inject messages). The primary motivation for obtaining a group key is the ability to communicate securely and efficiently once a key is established. If all group members share a key, they can communicate using symmetric encryption. This is more efficient than schemes not requiring key establishment .

To satisfy the requirements of high-level security group communication (for example, military applications), we need a key agreement protocol providing::

Perfect Forward Secrecy (PFS), i.e. compromising of a long-term key(s) cannot result in the compromise of past session keys. That is, the idea is that previous traffic is locked securely in the past. It is difficult to achieve PFS in centralized key distribution (where a central point chooses and distributes the group key), this is just one reason why we focus on contributory schemes.
Resistance to known-key attacks, i.e. compromising of past session keys does not allow an active adversary to compromise future session keys or impersonate one of the protocol parties.
A formal proof of security, i.e. ideally it should be possible to base all protocol security properties (including PFS and resistance to known-key attacks) on a single, well-studied, hard problem (hence, excluding any ad-hoc solutions as well as conventional encryption).

Other Services

There are many other interesting group services to consider. In particular:

Authentication to outsiders
Intra-group authentication
Non-repudiation of group membership
Private communication within group
Private communication between outsiders and groups

We noted that all these group services can be achieved using a shared group key. For example, we can use a secret group key to derive a corresponding group public key which can be subsequently embedded in a group certificate. This would allow any group member to use digital signatures to authenticate itself (as group member) to both insiders and outsiders. The same group public key can be used by outsiders (including other groups) to establish shared keys with the entire group. Similarly, outsiders can use the group public key to communicate in secret with the entire group.

Finally, we are studying a high-level service for dynamic groups: Group Signatures. A group signature scheme allows any member of a potentially large group to sign on behalf of the group. Group signatures are anonymous and unlinkable. Only a designated group manager can co-relate signatures and/or reveal the identity of the actual signer. At the same time, no one (including the group manager) can misattribute a valid signature. Group signatures have many practical applications such as e-commerce. Despite some important and elegant prior results, existing group signature schemes remain either inefficient or uncertain in terms of security.

We are collaborating with Prof. Gene Tsudik at University of Southern California within the DARPA funded project: CLIQUES.
A long-term goal of this joint project is developing a general-purpose toolkit for key agreement and related security services.

Publications

You may find some publications on-line. Note that some of the following publications have been done while the authors were with the USC Information Science Institute.

M. Steiner, G. Tsudik and M. Waidner, Diffie-Hellman Key Distribution Extended to Groups. 1996 ACM Conference on Computer and Communications Security, March 1996.
M. Steiner, G. Tsudik and M. Waidner, CLIQUES: A New Approach to Group Key Agreement. IEEE International Conference on Distributed Computing Systems (ICDCS'98) , May 1998.
G. Ateniese, M. Steiner and G. Tsudik, Authenticated Group Key Agreement and Related Issues. In 5th ACM Conference on Computer and Communications Security , November 1998.
Claus Becker and Uta Wille, Communication complexity of group key distribution. In 5th ACM Conference on Computer and Communications Security , November 1998.
G. Ateniese and G. Tsudik Group Signatures a' la carte. In Tenth Annual ACM-SIAM Symposium on Discrete Algorithms (SODA'99), Baltimore, Maryland, January 1999.
G. Ateniese and G. Tsudik Some Open Issues and New Directions in Group Signatures. In Financial Cryptography 1999 (FC'99).
G. Ateniese, M. Steiner and G. Tsudik, New Multi-party Authentication Services and Key Agreement Protocols. IEEE Journal on Selected Areas in Communications, 18(4):593-610, April 2000.
M. Steiner, G. Tsudik and M. Waidner, Key Agreement in Dynamic Peer Groups. IEEE Transactions on Parallel and Distributed Systems, 11(8):769-780, August 2000.

Last modified : Friday, 16 March 2007 09:39 UTC