Dr Priya Chandran

Group communication is important for applications requiring high availability and collaboration among group members. Secure communication in group applications based on the peer-to-peer communication paradigm, is done using a shared secret key, the session key, computed from the contributions of the participants of the group. Group key agreement (GKA) protocols allow members of a group to compute this key without explicitly transmitting it. A P2P application is inherently dynamic, allowing participants to join or leave the group while the application is running. A complete verifiability of all actions and transactions at run time is computationally infeasible within time constraints. Therefore there is a requirement for a trust model for p2p communications, based on which individual members can take decisions about joining and leaving a group and groups can take decisions about allowing individuals to join or leave groups. This chapter describes a proposal for a trust model for p2p applications, and a framework for computing the trustworthiness of a group as a metric called the group trust score. The group trust score represents the probability with which the transactions and messages in the p2p application would remain secret, and can be used by prospective members to decide whether to join a group. The group trust score is based on the concept of forward secrecy of GKA protocols.
Perfect forward secrecy is one of the security requirements of GKA protocols. Perfect forward secrecy considers the secrecy of the session key, when all contributions from the members are compromised. However many GKA protocols provide only partial forward secrecy. The secrecy of the session key, when some of the contributions are compromised, is addressed by partial forward secrecy. Among the protocols that satisfy partial forward secrecy, those with higher probability of loss of session key, given that the contributions have been compromised with some probability, will be weaker than those with a lower probability of loss of session key under the same assumptions. This chapter presents a novel formal framework which enables the comparison of GKA protocols providing partial forward secrecy. The framework defines a metric, the degree of partial forward secrecy, to compare protocols, and an algorithm to compute the metric. The proposed framework is illustrated by comparing a set of GKA protocols. The set includes six GKA protocols which use the Diffie-Hellman key exchange scheme (DH). Perfect forward secrecy is considered to be an attribute of GKA protocols based on DH. However, under strong corruptions, these protocols fail to satisfy perfect forward secrecy. But they satisfy varying degrees of partial forward secrecy, owing to their design. The analysis of the results of comparison of the collection of DH based GKA protocols using the proposed framework points out the strongest protocol with respect to partial forward secrecy. The analysis of three protocols using different cryptographic primitives is also presented demonstrating the applicability of the framework for protocols with different cryptographic primitives.
The framework for assessing the degree of partial forward secrecy of protocols is extended to evaluate the group trust score of protocols, and the trust strength, or stability of the group trust score in the event of low trust members joining the group. As different applications have different dynamic behavior and requirements on the trust strength, three different group applications, a cloud based subscribed journal, an interactive whiteboard and a boardroom meeting are chosen for discussion. The requirements on the group trust and trust strength for these applications is described and the GKA protocols in the test set are analyzed for their suitability to the applications. The analysis shows that the suitability of different GKA protocols to applications is independent of the cryptographic paradigm used in the protocol.
The analysis provides some useful insights for application designers. The choice of a GKA protocol for an application should not be based on the underlying cryptographic primitive, or purely the computational complexity of the key. The suitability of GKA protocols for p2p applications depends on the degree of partial forward secrecy, the trust metrics for the group, the trust values of the individual participants and the dynamic behavior of the application. A systematic analysis of the trust strength using the framework described in this chapter would help the application designers to make better choices of GKA protocols. A research problem that emerges as a very important one from the analysis presented in the chapter is that of developing underlay awareness in groups, and methods for evaluating the trust to be placed on individuals using underlay awareness. The formulation of statistical approaches for evaluating the trust metrics of groups, with different GKA protocols, for use by the application designer, is another important research topic that evolved from the analysis.

Simulation environments provide a comprehensive set of advantages to users, like cost effectiveness and capability to understand the shortcomings of the system under design, without physical implementation. Simulation platforms help the industry and academia, to document and publish their research outputs in a timely and cost efficient manner. The ECSim tool presented here, is meant for academic use in the initial stages of research. The platform provides an environment where the performance of erasure coded storage systems can be tested without much effort. The main highlight of the simulator is that it provides a very simple environment which can run on a standalone system. The environment does not require the user to be a programmer, since it provides an interactive command line interface to the user. The ability to simulate data center, clusters, master nodes, storage nodes with computing power, storage devices, bandwidth usage and disk I/O involved are notable features of ECSim.

"Virtualization is a vital part of computing today. Rollback is an important feature to be supported by virtualization. However, hackers leverage rollback and pose serious security threats to systems running in a virtualized environment. The aim of this paper is to identify such security threats and propose a comprehensive solution. In this paper, we propose Extended-HyperWall architecture as a solution to security of Virtual Machines (VMs) in a fully virtualized environment. Extended-HyperWall architecture is an integration of HyperWall with Rollback Sensitive Data Memory with Architecture Assistance (RSDM-A). HyperWall is a system that proposes hardware support to ensure confidentiality and integrity of a VM's data, with an assumption that hypervisor cannot be trusted. RSDM-A is an architectural support to a virtualized system that separates rollback sensitive data from rollback non-sensitive data which is one of the major causes of threats that arises due to rollback. Extended-HyperWall integrates CIP-table (Confidentiality and Integrity Table to ensure confidentiality and integrity of data) and RSDM-table (Rollback Sensitive Data Memory to protect the system from rollback attacks). The paper illustrates the design of Extended-HyperWall, and its implementation on the Xen Hypervisor kernel for testing and analysis."