Distributed applications increasingly rely on messaging systems to provide secure, uninterrupted service within acceptable throughput and latency parameters. This is difficult to guarantee in a complex network environment that is susceptible to a multitude of human or electronic threats, especially as network attacks have become more sophisticated and harder to contain. Security is a critical component of the survivability of such distributed messaging systems that operate in a dynamic network environment and communicate over insecure networks such as the Internet.
This talk presents how security techniques can be integrated into group communication systems, a particular case of distributed messaging systems, while maintaining a reasonable level of performance. Many security services (data secrecy, data integrity, entity authentication, etc.) can be bootstrapped if members of the group share a common secret, which makes key management a critical building block. We propose an architecture for secure group communication, relying on a group key management protocol that is efficient, robust to process crashes and network partitions and merges, and protects confidentiality of the data even when long-term keys of the participants are compromised. We show how different group communication semantics can be supported in the proposed architecture, discuss the accompanying trust issues and present experimental results that offer insights into its scalability and practicality.