Managing Trust in Cyberspace. , Boca Raton, Florida, USA: CRC Press, Taylor and Francis Group
Group communication is important for applications requiring high availability and collaboration among group members. Secure communication in group applications based on the peer-to-peer communication paradigm, is done using a shared secret key, the session key, computed from the contributions of the participants of the group. Group key agreement (GKA) protocols allow members of a group to compute this key without explicitly transmitting it. A P2P application is inherently dynamic, allowing participants to join or leave the group while the application is running. A complete verifiability of all actions and transactions at run time is computationally infeasible within time constraints. Therefore there is a requirement for a trust model for p2p communications, based on which individual members can take decisions about joining and leaving a group and groups can take decisions about allowing individuals to join or leave groups. This chapter describes a proposal for a trust model for p2p applications, and a framework for computing the trustworthiness of a group as a metric called the group trust score. The group trust score represents the probability with which the transactions and messages in the p2p application would remain secret, and can be used by prospective members to decide whether to join a group. The group trust score is based on the concept of forward secrecy of GKA protocols.
Perfect forward secrecy is one of the security requirements of GKA protocols. Perfect forward secrecy considers the secrecy of the session key, when all contributions from the members are compromised. However many GKA protocols provide only partial forward secrecy. The secrecy of the session key, when some of the contributions are compromised, is addressed by partial forward secrecy. Among the protocols that satisfy partial forward secrecy, those with higher probability of loss of session key, given that the contributions have been compromised with some probability, will be weaker than those with a lower probability of loss of session key under the same assumptions. This chapter presents a novel formal framework which enables the comparison of GKA protocols providing partial forward secrecy. The framework defines a metric, the degree of partial forward secrecy, to compare protocols, and an algorithm to compute the metric. The proposed framework is illustrated by comparing a set of GKA protocols. The set includes six GKA protocols which use the Diffie-Hellman key exchange scheme (DH). Perfect forward secrecy is considered to be an attribute of GKA protocols based on DH. However, under strong corruptions, these protocols fail to satisfy perfect forward secrecy. But they satisfy varying degrees of partial forward secrecy, owing to their design. The analysis of the results of comparison of the collection of DH based GKA protocols using the proposed framework points out the strongest protocol with respect to partial forward secrecy. The analysis of three protocols using different cryptographic primitives is also presented demonstrating the applicability of the framework for protocols with different cryptographic primitives.
The framework for assessing the degree of partial forward secrecy of protocols is extended to evaluate the group trust score of protocols, and the trust strength, or stability of the group trust score in the event of low trust members joining the group. As different applications have different dynamic behavior and requirements on the trust strength, three different group applications, a cloud based subscribed journal, an interactive whiteboard and a boardroom meeting are chosen for discussion. The requirements on the group trust and trust strength for these applications is described and the GKA protocols in the test set are analyzed for their suitability to the applications. The analysis shows that the suitability of different GKA protocols to applications is independent of the cryptographic paradigm used in the protocol.
The analysis provides some useful insights for application designers. The choice of a GKA protocol for an application should not be based on the underlying cryptographic primitive, or purely the computational complexity of the key. The suitability of GKA protocols for p2p applications depends on the degree of partial forward secrecy, the trust metrics for the group, the trust values of the individual participants and the dynamic behavior of the application. A systematic analysis of the trust strength using the framework described in this chapter would help the application designers to make better choices of GKA protocols. A research problem that emerges as a very important one from the analysis presented in the chapter is that of developing underlay awareness in groups, and methods for evaluating the trust to be placed on individuals using underlay awareness. The formulation of statistical approaches for evaluating the trust metrics of groups, with different GKA protocols, for use by the application designer, is another important research topic that evolved from the analysis.