Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Networked Group Communication

NGC 2001: Networked Group Communication pp 128–140Cite as

Framework for Authentication and Access Control of Client-Server Group Communication Systems

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2233))

Abstract

Researchers have made much progress in designing secure and scalable protocols to provide specific security services, such as data secrecy, data integrity, entity authentication and access control, to multicast and group applications. However, less emphasis has been put on how to integrate security protocols with modern, highly efficient group communication systems and what issues arise in such secure group communication systems. In this paper, we present a flexible and modular architecture for integrating many different authentication and access control policies and protocols with an existing group communication system, while allowing applications to provide their own protocols and control the policies. This architecture maintains, as much as possible, the scalability and performance characteristics of the unsecure system. We discuss some of the challenges when designing such a framework and show its implementation in the Spread wide-area group communication toolkit.

This work was supported by grant F30602-00-2-0526 from The Defense Advanced Research Projects Agency.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Y. Amir. Replication using Group Communication over a Partitioned Network. PhD thesis, Institute of Computer Science, The Hebrew University of Jerusalem, Jerusalem, Israel, 1995.

    Google Scholar 

  2. Y. Amir, B. Awerbuch, C. Danilov, and J. Stanton. Flow control for many-tomany multicast: A cost-benefit approach. Technical Report CNDS-2001-1, Johns Hopkins University, Center of Networking and Distributed Systems, 2001.

    Google Scholar 

  3. Y. Amir, C. Danilov, and J. Stanton. A low latency, loss tolerant architecture and protocol for wide area group communication. In Proceedings of the International Conference on Dependable Systems and Networks, pages 327–336, June 2000.

    Google Scholar 

  4. Y. Amir, D. Dolev, S. Kramer, and D. Malki. Transis: A communication subsystem for high availability. Digest of Papers, The 22nd International Symposium on Fault-Tolerant Computing Systems, pages 76–84, 1992.

    Google Scholar 

  5. Y. Amir, L. E. Moser, P. M. Melliar-Smith, D. Agarwal, and P. Ciarfella. The totem single-ring ordering and membership protocol. ACM Transactions on Computer Systems, 13(4):311–342, November 1995.

    Article  Google Scholar 

  6. Y. Amir, C. Nita-Rotaru, and J. Stanton. Framework for authentication and access control of client-server group communication systems. Technical Report CNDS 2001-2, Johns Hopkins University, Center of Networking and Distributed Systems, 2001. http://www.cnds.jhu.edu/publications/.

  7. Y. Amir and J. Stanton. The Spread wide area group communication system. Technical Report 98-4, Johns Hopkins University, Center of Networking and Distributed Systems, 1998.

    Google Scholar 

  8. K. P. Birman and T. Joseph. Exploiting virtual synchrony in distributed systems. In 11th Annual Symposium on Operating Systems Principles, pages 123–138, November 1987.

    Google Scholar 

  9. K. P. Birman and R. V. Renesse. Reliable Distributed Computing with the Isis Toolkit. IEEE Computer Society Press, March 1994.

    Google Scholar 

  10. G. Caronni, M. Waldvogel, D. Sun, N. Weiler, and B. Plattner. The VersaKey framework: Versatile group key management. IEEE Journal of Selected Areas in Communication, 17(9), September 1999.

    Google Scholar 

  11. A. Fekete, N. Lynch, and A. Shvartsman. Specifying and using a partitionable group communication service. In Proceedings of the 16th annual ACM Symposium on Principles of Distributed Computing, pages 53–62, Santa Barbara, CA, August 1997.

    Google Scholar 

  12. H. Harney, A. Colegrove, E. Harder, U. Meth, and R. Fleischer. Group secure association key management protocol (GSAKMP). draft-irtf-smug-gsakmp-00.txt, November 2000.

    Google Scholar 

  13. R. Hayton, A. Herbert, and D. Donaldson. FlexiNet — A flexible component oriented middleware system. In Proceedings of SIGOPS’98, http://www.ansa.co.uk/, 1998.

  14. K. P. Kihlstrom, L. E. Moser, and P. M. Melliar-Smith. The SecureRing protocols for securing group communication. In Proceedings of the IEEE 31st Hawaii International Conference on System Sciences, volume 3, pages 317–326, Kona, Hawaii, January 1998.

    Google Scholar 

  15. J. Kohl and B. C. Neuman. The Kerberos Network Authentication Service (Version 5). RFC-1510, September 1993.

    Google Scholar 

  16. P. McDaniel, A. Prakash, and P. Honeyman. Antigone: A flexible framework for secure group communication. In Proceedings of the 8th USENIX Security Symposium, pages 99–114, August 1999.

    Google Scholar 

  17. L. E. Moser, Y. Amir, P. M. Melliar-Smith, and D. A. Agarwal. Extended virtual synchrony. In Proceedings of the IEEE 14th International Conference on Distributed Computing Systems, pages 56–65. IEEE Computer Society Press, Los Alamitos, CA, June 1994.

    Google Scholar 

  18. B. C. Neuman and G. Medvinsky. Requirements for network payment: The netcheque perspective. In In Proceedings of IEEE COMPCON’95, March 1995.

    Google Scholar 

  19. M. Nystrom. The SecurID SASL mechanism. RFC-2808, April 2000.

    Google Scholar 

  20. M. K. Reiter. Secure agreement protocols: Reliable and atomic group multicast in RAMPART. In Proceedings of the 2nd ACM Conference on Computer and Communications Security, pages 68–80. ACM, November 1994.

    Google Scholar 

  21. R. V. Renesse, K. Birman, and S. Maffeis. Horus: A flexible group communication system. Communications of the ACM, 39:76–83, April 1996.

    Google Scholar 

  22. O. Rodeh, K. Birman, and D. Dolev. The architecture and performance of security protocols in the Ensemble Group Communication System. ACM Transactions on Information and System Security, To appear.

    Google Scholar 

  23. V. Samar and R. Schemers. Unified login with Pluggable Authentication Modules (PAM). OSF-RFC 86.0, October 1995.

    Google Scholar 

  24. M. Thompson, W. Johnston, S. Mudumbai, G. Hoo, K. Jackson, and A. Essiari. Certificate-based access control for widely distributed resources. In Proceedings of the Eighth Usenix Security Symposium, pages 215–227, August 1999.

    Google Scholar 

  25. B. Whetten, T. Montgomery, and S. Kaplan. A high performance totally ordered multicast protocol. In Theory and Practice in Distributed Systems, International Workshop, Lecture Notes in Computer Science, page 938, September 1994.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, Johns Hopkins University, 3400 North Charles St., 21218, Baltimore, MD, USA

    Yair Amir, Cristina Nita-Rotaru & Jonathan R. Stanton

Authors
  1. Yair Amir
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cristina Nita-Rotaru
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jonathan R. Stanton
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Laboratory, University of Cambridge, William Gates Building, J.J.Thomson Avenue, CB3 0FD, Cambridge, UK

    Jon Crowcroft

  2. Bell Labs/Lucent Technologies, Room 4F-513,101 Crawfords Corner Road, 07733, Holmdel, NJ, USA

    Markus Hofmann

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Amir, Y., Nita-Rotaru, C., Stanton, J.R. (2001). Framework for Authentication and Access Control of Client-Server Group Communication Systems. In: Crowcroft, J., Hofmann, M. (eds) Networked Group Communication. NGC 2001. Lecture Notes in Computer Science, vol 2233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45546-9_10

Download citation

  • DOI: https://doi.org/10.1007/3-540-45546-9_10

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42824-4

  • Online ISBN: 978-3-540-45546-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation