[AG-TECH] AG Security

Deb Agarwal DAAgarwal at lbl.gov
Wed Jul 24 14:17:59 CDT 2002 

Hi all,

After reading the various notes regarding security for the AG, we want to
respond and clarify some of the issues.  We have been thinking   about
securing multicast groups since it is what we are researching.  It is our hope that
the Secure Group Layer protocol we are building can be used to secure the Access
Grid and so we have also thought some about what that means.

Security/encryption at the application or network level -

If we look at unicast, there are two possible level at which you can secure
the communication.  You can use IPSec or you can use SSL (most people choose to use
SSL because it is easier to deploy, configure and use).  In the case of multicast
the IETF MSEC working group is working on a multicast equivalent for IPSec.  It is 
our understanding that their work is focussed on IP multicast situations and define
a centralized key management scheme where one site determines the key and sends it
to the rest of the group. The SRTP protocol could then use this key to provide
secure RTP information. Our group here at LBNL is working on reliable multicast
(a multicast "TCP" replacement called InterGroup) and a Secure Group Layer (SGL)
that provides SSL like properties to the reliable multicast groups. (The URL
for the project is http://www-itg.lbl.gov/CIF/GroupComm/).  In SGL we have
the algorithms to implement the building blocks (BB1 and BB2) defined by the MSEC
working group.  We are currently working on BB3 (the policy).  SGL provides a
framework to put these building blocks together into a useable protocol.   In
designing SGL, the attacker is assumed to control the network and have access
to all the traffic (as Bill Nickless indicated in his note).  The papers defining
the cryptographic algorithms for SGL are linked off our web page.

Application of SGL to the Access Grid -

In terms of application to the Access Grid, we see the SGL protocol providing
the basis for a secure reliable multicast control channel that coordinates the
venue participants and possibly disseminates coordination information such as
powerpoint slide changes and chat messages that need to be reliable.  The SGL
channel can also provide a secure access controlled channel to disseminate
keys for the other tools in the AG session.

Hope this helps clarify some of the issues,
Deb Agarwal and Olivier Chevassut

More information about the ag-tech mailing list