As a result of the increased popularity of grouporiented applications and protocols, group communication occurs in many different settings: from network multicasting to application layer tele- and video-conferencing. Regardless of the application environment, security services are necessary to provide communication privacy and integrity. This paper considers the problem of key agreementindynamic peer groups. (Key agreement, especially in a group setting, is the steeping stone for all other security services.) Dynamic peer groups require not only initial key agreement (IKA) but also auxiliary key agreement (AKA) operations such as member addition, member deletion and group fusion. We discuss all group key agreement operations and present a concrete protocol suite, CLIQUES, which offers complete key agreement services. CLIQUES is based on multi-party extensions of the well-known Diffie-Hellman key exchange method. The protocols are efficient and provably secure against passiveadversari...

This paper considers the problem of key agreement in a group setting with highlydynamic group member population. A protocol suite, called CLIQUES, is developed by extending the well-known Diffie-Hellman key agreement method to support dynamic group operations. Constituent protocol are secure, efficient and applicable to any protocol layer, communication paradigm and network topology.

Many modern computing environments involve dynamic peer groups. Distributed simulation, multi-user games, conferencing and replicated servers are just a few examples. Given the openness of today's networks, communication among group members must be secure and, at the same time, efficient. This paper studies the problem of authenticated key agreement in dynamic peer groups with the emphasis on efficient and provably secure key authentication, key confirmation and integrity. It begins by considering 2-party authenticated key agreement and extends the results to Group Diffie-Hellman key agreement. In the process, some new security properties (unique to groups) are discussed. 1 Introduction This paper is concerned with security services in the context of dynamic peer groups (DPGs). Such groups are common in many network protocol layers and in many areas of modern computing and the solution to their security needs, in particular key management, are still open research challenges [19]. Exa...

We present a new secure authenticated group key exchange algorithm for large groups. The protocol

Survivability and secure communications are essential in a mobile computing environment. In a secure network, all the hosts must be authenticated before communicating, and failure of the agents that authenticate the hosts may completely detach the hosts from the rest of the network. In this paper, we describe two techniques to eliminate such a single point of failure. Both of these approaches make use of backup servers, but they di er in the way they are organized and deployed. We evaluate our proposed architectures with a prototype system that we built. We also identify various security threats and performance issues in group (multicast) communications in mobile computing environments. We propose a scheme for efficient key distribution and management using key graphs to

The lack of security mechanisms for IP multicast has impeded the large scale commercial deployment of applications such aspay-per-view information dissemination services and real-time videoconferencing. In this report, we describe the design and implementation of a scalable mechanism for secure multicast. It relies on a trusted, centralized security manager to authenticate participants and distribute keys. To ensure that participants are unable to access session data sent before they join or after they leave the group, the security manager rekeys the participants of the session in response to group membership changes using a scheme based on [21]. To avoid an excess of rekeying tra c that would be caused by frequent membership changes, we introduce an epoch-based rekeying protocol, wherein rekeying takes place at most once per a xed duration of time called an epoch. We use the SRM [18] reliable multicast protocol to disseminate rekeying messages. To minimize disruption of the session at participants caused by loss of rekey messages (and their consequent inability to decrypt session data), the usage of new keys is delayed by an additional epoch. This technique maximizes the probability of the reliable multicast mechanism delivering the rekey message to all participants. The key distribution protocol and the corresponding objects have been implemented in the MASH [4] toolkit as reusable modules. Performance studies reveal the bottleneck in our system to be the bandwidth consumed by rekeying tra c. Based on our observations, we propose an extension to our scheme that would go a long way towards achieving true global scalability for secure multicast groups. 1