Authenticated Key Agreement in Dynamic Groups

Multicast security poses interesting challenges in the area of key management. Designing a good protocol for key agreement in dynamic multicast groups involves a thorough understanding of the trade-offs that exist among storage, communication and computation overhead. The contribution of this thesis is a verifiable protocol for authenticated key agreement based on a distributed key generation scheme. The underlying key generation scheme has shown promise in being natural for collaborative group applications. The protocol can then be tailored to particular applications once we understand the communication, storage and computation constraints specific to the application. To handle group membership changes in dynamic groups, an auxiliary key agreement protocol is introduced. The auxiliary protocol re-uses contributions to the key in the previous round, to form the new key. The key shares of the members contributing fresh values in the current round are more susceptible to discovery by colluding group members (not outsiders). The auxiliary protocol does not introduce any other security weakness. A protocol that starts from the scratch on membership change is going to be expensive, slow and unsuitable for most applications.We use the well-known Logical Key Tree (LKH) structure to allow the key management (distribution) part of the protocol to scale to large groups. The key tree structure helps to localize the effect of membership change and as a result, reduces the communication overhead to form the new session key

Securing IoT-based Groups: Efficient, Scalable and Fault-tolerant Key Management Protocol

International audienceGroup key management protocols are crucial in establishing secured communication channels for collaborative IoT-based groups. The Internet of Things (IoT) dimension includes additional challenges. In fact, resource constrained members within dynamic and heterogeneous groups are unable to run existing group key protocols. Furthermore, these protocols need to be scalable and fault tolerant to suit growing and sensitive groups. To face these issues, we enhance our previously proposed protocol called Decentralized Batch-based Group Key protocol (DBGK). Using polynomial computation to secure data exchanges, we considerably improve its scalability, fault tolerance and collusion freeness properties. This gain is achieved thanks to the ability to include additional unconstrained members (controllers) while inducing a very limited cost on the constrained members. Furthermore, we include an energy preserving blockchain-based mechanism to authenticate group members credentials in a distributed manner. To assess our new protocol called DiStributed Batch-based Group Key protocol (DsBGK), we performed a detailed theoretical security analysis to evaluate its behaviour against well studied attacks in the literature. Furthermore, we validated this analysis using a formal validation tool. To evaluate DsBGK performances , we performed extensive simulations. We proceeded by comparing DsBGK in term of energy cost, first, with DBGK, then with other analogous protocols from the literature. The results confirmed the security soundness of DsBGK, in addition to an improved energy efficiency compared to its peers

CATS: linearizability and partition tolerance in scalable and self-organizing key-value stores

Distributed key-value stores provide scalable, fault-tolerant, and self-organizing storage services, but fall short of guaranteeing linearizable consistency in partially synchronous, lossy, partitionable, and dynamic networks, when data is distributed and replicated automatically by the principle of consistent hashing. This paper introduces consistent quorums as a solution for achieving atomic consistency. We present the design and implementation of CATS, a distributed key-value store which uses consistent quorums to guarantee linearizability and partition tolerance in such adverse and dynamic network conditions. CATS is scalable, elastic, and self-organizing; key properties for modern cloud storage middleware. Our system shows that consistency can be achieved with practical performance and modest throughput overhead (5%) for read-intensive workloads

Security for Grid Services

Grid computing is concerned with the sharing and coordinated use of diverse resources in distributed "virtual organizations." The dynamic and multi-institutional nature of these environments introduces challenging security issues that demand new technical approaches. In particular, one must deal with diverse local mechanisms, support dynamic creation of services, and enable dynamic creation of trust domains. We describe how these issues are addressed in two generations of the Globus Toolkit. First, we review the Globus Toolkit version 2 (GT2) approach; then, we describe new approaches developed to support the Globus Toolkit version 3 (GT3) implementation of the Open Grid Services Architecture, an initiative that is recasting Grid concepts within a service oriented framework based on Web services. GT3's security implementation uses Web services security mechanisms for credential exchange and other purposes, and introduces a tight least-privilege model that avoids the need for any privileged network service.Comment: 10 pages; 4 figure