Fault tolerance in networks of bounded degree
SIAM Journal on Computing
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Secure agreement protocols: reliable and atomic group multicast in rampart
CCS '94 Proceedings of the 2nd ACM Conference on Computer and communications security
A security architecture for fault-tolerant systems
ACM Transactions on Computer Systems (TOCS) - Special issue on computer architecture
Totem: a fault-tolerant multicast group communication system
Communications of the ACM
Horus: a flexible group communication system
Communications of the ACM
Iolus: a framework for scalable secure multicasting
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Fault-Tolerant Meshes with Small Degree
SIAM Journal on Computing
Secure group communications using key graphs
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
ACM Transactions on Computer Systems (TOCS)
A review of experiences with reliable multicast
Software—Practice & Experience
Simple and fault-tolerant key agreement for dynamic collaborative groups
Proceedings of the 7th ACM conference on Computer and communications security
Reliable Distributed Computing with the ISIS Toolkit
Reliable Distributed Computing with the ISIS Toolkit
Authorization and Attribute Certificates for Widely Distributed Access Control
WETICE '98 Proceedings of the 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
A High Performance Totally Ordered Multicast Protocol
Selected Papers from the International Workshop on Theory and Practice in Distributed Systems
Proceedings of the Third International Workshop on Fast Software Encryption
FTCS '98 Proceedings of the The Twenty-Eighth Annual International Symposium on Fault-Tolerant Computing
The SecureRing Protocols for Securing Group Communication
HICSS '98 Proceedings of the Thirty-First Annual Hawaii International Conference on System Sciences - Volume 3
Fast Replicated State Machines Over Partitionable Networks
SRDS '97 Proceedings of the 16th Symposium on Reliable Distributed Systems
CLIQUES: A New Approach to Group Key Agreement
ICDCS '98 Proceedings of the The 18th International Conference on Distributed Computing Systems
Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments
ICDCS '00 Proceedings of the The 20th International Conference on Distributed Computing Systems ( ICDCS 2000)
The State Machine Approach: A Tutorial
The State Machine Approach: A Tutorial
Building Adaptive Systems Using Ensemble
Building Adaptive Systems Using Ensemble
A Study of Group Rekeying
Kronos: A Scalable Group Re-Keying Approach for Secure Multicast
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Scalable Framework for Secure Multicast
A Scalable Framework for Secure Multicast
Partitionable Group Membership: Specification and Algorithms
Partitionable Group Membership: Specification and Algorithms
The ensemble system
Antigone: a flexible framework for secure group communication
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Efficient communication-storage tradeoffs for multicast encryption
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Enclaves: enabling secure collaboration over the Internet
IEEE Journal on Selected Areas in Communications
Secure Group Communication Using Robust Contributory Key Agreement
IEEE Transactions on Parallel and Distributed Systems
On the performance of group key agreement protocols
ACM Transactions on Information and System Security (TISSEC)
Fastpath Optimizations for Cluster Recovery in Shared-Disk Systems
Proceedings of the 2004 ACM/IEEE conference on Supercomputing
Secure Spread: An Integrated Architecture for Secure Group Communication
IEEE Transactions on Dependable and Secure Computing
Key bundles and parcels: secure communication in many groups
Computer Networks: The International Journal of Computer and Telecommunications Networking
Worm-IT - A wormhole-based intrusion-tolerant group communication system
Journal of Systems and Software
Provably secure authenticated group Diffie-Hellman key exchange
ACM Transactions on Information and System Security (TISSEC)
Efficient Hybrid Password-Based Authenticated Group Key Exchange
APWeb/WAIM '09 Proceedings of the Joint International Conferences on Advances in Data and Web Management
Faster and More Complete Extended Static Checking for the Java Modeling Language
Journal of Automated Reasoning
Scalable group key management with partially trusted controllers
ICN'05 Proceedings of the 4th international conference on Networking - Volume Part II
| Hi-index | 0.00 |
Ensemble is a Group Communication System built at Cornell and the Hebrew universities. It allows processes to create process groups within which scalable reliable fifo-ordered multicast and point-to-point communication are supported. The system also supports other communication properties, such as causal and total multicast ordering, flow control, and the like. This article describes the security protocols and infrastructure of Ensemble. Applications using Ensemble with the extensions described here benefit from strong security properties. Under the assumption that trusted processes will not be corrupted, all communication is secured from tampering by outsiders. Our work extends previous work performed in the Horus system (Ensemble's predecessor) by adding support for multiple partitions, efficient rekeying, and application-defined security policies. Unlike Horus, which used its own security infrastructure with nonstandard key distribution and timing services, Ensemble's security mechanism is based on off-the shelf authentication systems, such as PGP and Kerberos. We extend previous results on group rekeying, with a novel protocol that makes use of diamondlike data structures. Our Diamond protocol allows the removal of untrusted members within milliseconds. In this work we are considering configurations of hundreds of members, and further assume that member trust policies are symmetric and transitive. These assumptions dictate some of our design decisions.