218,624 research outputs found
Authenticated Key Agreement in Dynamic Groups
Multicast security poses interesting challenges in the area of key management. Designing a good protocol for key agreement in dynamic multicast groups involves a thorough understanding of the trade-offs that exist among storage, communication and computation overhead. The contribution of this thesis is a verifiable protocol for authenticated key agreement based on a distributed key generation scheme. The underlying key generation scheme has shown promise in being natural for collaborative group applications. The protocol can then be tailored to particular applications once we understand the communication, storage and computation constraints specific to the application. To handle group membership changes in dynamic groups, an auxiliary key agreement protocol is introduced. The auxiliary protocol re-uses contributions to the key in the previous round, to form the new key. The key shares of the members contributing fresh values in the current round are more susceptible to discovery by colluding group members (not outsiders). The auxiliary protocol does not introduce any other security weakness. A protocol that starts from the scratch on membership change is going to be expensive, slow and unsuitable for most applications.We use the well-known Logical Key Tree (LKH) structure to allow the key management (distribution) part of the protocol to scale to large groups. The key tree structure helps to localize the effect of membership change and as a result, reduces the communication overhead to form the new session key
Securing IoT-based Groups: Efficient, Scalable and Fault-tolerant Key Management Protocol
International audienceGroup key management protocols are crucial in establishing secured communication channels for collaborative IoT-based groups. The Internet of Things (IoT) dimension includes additional challenges. In fact, resource constrained members within dynamic and heterogeneous groups are unable to run existing group key protocols. Furthermore, these protocols need to be scalable and fault tolerant to suit growing and sensitive groups. To face these issues, we enhance our previously proposed protocol called Decentralized Batch-based Group Key protocol (DBGK). Using polynomial computation to secure data exchanges, we considerably improve its scalability, fault tolerance and collusion freeness properties. This gain is achieved thanks to the ability to include additional unconstrained members (controllers) while inducing a very limited cost on the constrained members. Furthermore, we include an energy preserving blockchain-based mechanism to authenticate group members credentials in a distributed manner. To assess our new protocol called DiStributed Batch-based Group Key protocol (DsBGK), we performed a detailed theoretical security analysis to evaluate its behaviour against well studied attacks in the literature. Furthermore, we validated this analysis using a formal validation tool. To evaluate DsBGK performances , we performed extensive simulations. We proceeded by comparing DsBGK in term of energy cost, first, with DBGK, then with other analogous protocols from the literature. The results confirmed the security soundness of DsBGK, in addition to an improved energy efficiency compared to its peers
CATS: linearizability and partition tolerance in scalable and self-organizing key-value stores
Distributed key-value stores provide scalable, fault-tolerant, and self-organizing
storage services, but fall short of guaranteeing linearizable consistency
in partially synchronous, lossy, partitionable, and dynamic networks, when data
is distributed and replicated automatically by the principle of consistent hashing.
This paper introduces consistent quorums as a solution for achieving atomic
consistency. We present the design and implementation of CATS, a distributed
key-value store which uses consistent quorums to guarantee linearizability and partition tolerance in such adverse and dynamic network conditions. CATS is
scalable, elastic, and self-organizing; key properties for modern cloud storage
middleware. Our system shows that consistency can be achieved with practical
performance and modest throughput overhead (5%) for read-intensive workloads
Security for Grid Services
Grid computing is concerned with the sharing and coordinated use of diverse
resources in distributed "virtual organizations." The dynamic and
multi-institutional nature of these environments introduces challenging
security issues that demand new technical approaches. In particular, one must
deal with diverse local mechanisms, support dynamic creation of services, and
enable dynamic creation of trust domains. We describe how these issues are
addressed in two generations of the Globus Toolkit. First, we review the Globus
Toolkit version 2 (GT2) approach; then, we describe new approaches developed to
support the Globus Toolkit version 3 (GT3) implementation of the Open Grid
Services Architecture, an initiative that is recasting Grid concepts within a
service oriented framework based on Web services. GT3's security implementation
uses Web services security mechanisms for credential exchange and other
purposes, and introduces a tight least-privilege model that avoids the need for
any privileged network service.Comment: 10 pages; 4 figure
- …