Abstract — Group communication systems are high-availability distributed systems providing reliable and ordered message delivery as well as a membership service, to group-oriented applications. Many such systems are built using a distributed client-server architecture where a relatively small set of servers provide service to numerous clients. In this work, we show how group communication systems can be enhanced with security services without sacrificing robustness and performance. More specifically, we propose several integrated security architectures for distributed client-server group communication systems. In an integrated architecture, security services are implemented in servers, in contrast to a layered architecture where the same services are implemented in clients. We discuss performance and accompanying trust issues of each proposed architecture and present experimental results that demonstrate the superior scalability of an integrated architecture.

In group communication, users often have different access rights to multiple data streams. Based on the access relation of users and data streams, users can form partially ordered relations, and data streams can form partially ordered relations. In this paper, we propose a key management scheme for hierarchical access control, which considers both partially ordered user relations and partially ordered data stream relations. We also propose an algorithm for constructing a logical key graph, which is suitable even when users and data streams have complex relations. Simulation results show that our scheme can significantly improve the efficiency of key management.

We propose and analyze a scalable and efficient region-based group key management protocol for secure group communications in mobile ad hoc networks. For scalability and dynamic reconfigurability, we take a region-based approach by which group members are broken into region-based subgroups and leaders in subgroups securely communicate with each other to agree on a group key in response to membership change and member mobility events. We show that the secrecy requirement for group communication is satisfied. Further, there exists an optimal regional size that minimizes the total network communication cost as a result of efficiently trading inter-regional vs. intraregional group key management overheads. We give an analytical expression of the cost involved which allows the optimal regional size to be identified, when given a set of parameter values characterizing a group communicating system in mobile ad hoc networks. 1

Wireless sensor networks are comprised of a vast number of ultra-small autonomous computing, communication and sensing devices, with restricted energy and computing capabilities, that co-operate to accomplish a large sensing task. Such networks can be very useful in practice, e.g. in the local monitoring of ambient conditions and reporting them to a control center. In this paper we propose a new lightweight, distributed group key establishment protocol suitable for such energy constrained networks. Our approach basically trade-offs complex message exchanges by performing some amount of additional local computations. The extra computations are simple for the devices to implement and are evenly distributed across the participants of the This paper is electronically published in

Abstract — Logical Key Hierarchy (LKH) is a promising solution to handle group key distribution in secure group communication. Several recent studies have investigated different approaches to reduce the re-keying cost of LKH. For certain group communication applications, such as the subscription pay TV, a member’s departure time is available when the member joins the group. The proposed scheme aims to improve the re-keying cost for such applications. It uses a combination of an AVL tree and a binary search tree called the leaving tree as the topology of its key tree. Both the AVL tree and the leaving tree are searchable by members ’ departure times. Our analysis shows that the average costs in terms of the number of key updates for the member join and and leave are O(log n) and O(log log n), respectively. Our simulation results show that the proposed scheme achieves better performance than other balanced tree based solutions. I.

Mailing lists are a natural technology for supporting messaging in multi-party, cross-domain collaborative tasks. However, whenever sensitive information is exchanged on such lists, security becomes crucial. We have earlier developed a prototype secure mailing list solution called SELS (Secure Email List Services) based on proxy encryption techniques [20], which enables the transformation of cipher-text from one key to another without revealing the plain-text. Emails exchanged using SELS are ensured confidentiality, integrity, and authentication. This includes ensuring their confidentiality while in transit at the list server; a functionality that is uniquely supported by SELS through proxy re-encryption. In this work we describe our efforts in studying and enhancing the usability of the software system and our experiences in supporting a production environment that currently is used by more than 50 users in 11 organizations. As evidence of its deployability, SELS is compatible with common email clients including Outlook, Thunderbird, Mac Mail, Emacs, and Mutt. As evidence of its usability, the software is being used by several national and international incident response teams.

Group communication is exploding in Internet applications such as video conferences, online chatting programs, games, and gambling. Since most group communication takes place over the Internet that is a wide open network, security plays a major role. For a secure communication, the integrity of messages, member authentication, and confidentiality must be provided among group members. To maintain message integrity, all group members use a Group Key (GK) for encrypting and decrypting messages during group communication. Secure and efficient group key managements have been developed to generate a GK efficiently. Tree-based Group Diffie-Hellman (TGDH) is an efficient group key agreement protocol to generate the GK. TGDH and other group key generation protocols assume that all members have an equal computing power. However, one of the characteristics of a distributed computing environment is heterogeneity; the member can be at a workstation, a laptop, or even a mobile computer. TGDH and other group key generation protocols assume all members have an equal computing power. However, one of the characteristics of distributed computing is heterogeneity. Therefore, this research considers member’s diversity and proposes enhanced group key generation protocol with filtering out low performance members in group key generating processes to improve the efficiency of GK processes.

Abstract. Modern multi-user communication systems, including popular instant messaging tools, social network platforms, and cooperative-work applications, offer flexible forms of communication and exchange of data. At any time point concurrent communication sessions involving different subsets of users can be invoked. The traditional tool for achieving security in a multi-party communication environment are group key exchange (GKE) protocols that provide participants with a secure group key for their subsequent communication. Yet, in communication scenarios where various user subsets may be involved in different sessions the deployment of classical GKE protocols has clear performance and scalability limitations as each new session should be preceded by a separate execution of the protocol. The motivation of this work is to study the possibility of designing more flexible GKE protocols allowing not only the computation of a group key for some initial set of users but also efficient derivation of independent secret keys for all potential subsets. In particular we improve and generalize the recently introduced GKE protocols enabling on-demand derivation of peer-to-peer keys (so called GKE+P protocols). We show how a group of users can agree on a secret group key while obtaining some additional information that they can use on-demand to efficiently compute independent secret keys for any possible subgroup. Our security analysis relies on the Gap Diffie-Hellman assumption and uses random oracles. 1

Abstract — In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The proposed intrusion response model and the tree-based protocol, it is based on, are analyzed concerning key secrecy while the intrusion detection engine is evaluated for MANET under different traffic conditions and mobility patterns. The results show a high detection rate for packet dropping attacks.

Abstract not found