slide1 l.
Skip this Video
Loading SlideShow in 5 Seconds..
CLIQUES : Security for Dynamic Peer Groups PowerPoint Presentation
Download Presentation
CLIQUES : Security for Dynamic Peer Groups

Loading in 2 Seconds...

play fullscreen
1 / 6

CLIQUES : Security for Dynamic Peer Groups - PowerPoint PPT Presentation

  • Uploaded on

CLIQUES : Security for Dynamic Peer Groups. Formation. Member add. Member leave. Group fusion. Group fission. Problem: how to obtain security in peer groups with dynamic membership and decentralized control?. Targeted environment. Relatively small groups Dynamic membership

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'CLIQUES : Security for Dynamic Peer Groups' - roza

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

CLIQUES:Security for Dynamic Peer Groups


Member add

Member leave

Group fusion

Group fission


Problem: how to obtain security in peer groups with dynamic membership and decentralized control?

Targeted environment

  • Relatively small groups
  • Dynamic membership
  • No hierarchy
  • Many-to-Many

Services provided

  • Decentralized authenticated group key agreement with provable security based on group Diffie-Helman: each member contributes equally to group key
  • Membership changes: single member, many members and sub-groups
  • Membership authentication: based on knowledge of key-share
  • Authenticated join/leave: requires long-term DH credentials

Other pieces of the puzzle

  • Certification infrastructure
  • Reliable group communication subsystem
  • Membership Authorization / Access control

Home page: or off


  • Initial Key Agreement
  • Auxiliary Key Agreement (membership changes)
  • Authenticated Key Agreement
  • JAVA implementation
  • C implementation (prototype) integrated with JHU’s SPREAD package
  • CLQ_API: coding completed end of 02/99.
  • Currently testing and integrating with SPREAD
  • Plan to obtain performance results very soon
  • Integration with TOTEM on-going (LBL)
  • Integration with AKENTI: near future
clq api prerequisites
CLQ_API prerequisites
  • Underlying group communication subsystem must provide reliable synchronized event notification for:
  • group joins
  • group leaves
  • partitions
  • node failures or disconnects
  • merges (heals)
clq api

/* called by a new group member who received a

* NEW_MEMBER message from the current controller.


int clq_join (CLQ_CONTEXT **ctx, CLQ_NAME *member_name,

CLQ_NAME *group_name, CLQ_TOKEN *input,

CLQ_TOKEN **output);

/* called by the current controller to hand over group

* context to a new member (who will become the next controller).


int clq_pass_ctx (CLQ_CONTEXT *ctx, CLQ_NAME *member_name,

CLQ_TOKEN **output);

/* called by every member upon reception of a

* KEY_UPDATE_MESSAGE from the current group controller


int clq_update_ctx (CLQ_CONTEXT *ctx, CLQ_TOKEN *input);

clq api contd
CLQ_API (contd)

/* clq_leave is called by every group member right after a member

* leaves or a partition occurs; removes all valid members in

* member_list from the group_member_list.


int clq_leave (CLQ_CONTEXT *ctx, CLQ_NAME *member_list[],

CLQ_TOKEN **output);

/* called by the controller only, when group_secret needs to be updated.


int clq_refresh_key (CLQ_CONTEXT **ctx, CLQ_TOKEN **output) {

return OK;