The Group Security Research Group (GSEC) focuses on security issues of large and small groups that operate on networks, which may be running a bulk distribution method such as broadcast, multicast or anycast. GSEC investigates security topics that are emerging technologies and not ready for standardization, such as novel models for group policy management, scalability issues for large groups, access control, authorization, and security for multiple-source multicast groups. GSEC’s focus is more general than multicast security and encompasses group membership management, key management, and policy management for groups of principals that may or may not use multicast communications. GSEC work includes the interaction between network protocols and security. GSEC’s emphasis is on the stability and convergence of security protocols that operate among groups that have various distinct characteristics of group size, membership dynamics, topology, degree of interaction, latency requirements, centralized control, and bandwidth constraints. Examples areas of interest in GSEC are:
- Group Policy Management. Group Policy Management considers alternative models of group control and the policy parameters that describe group authorization. Groups can have a single locus of authorization as in the Group-Owner/Group-Controller Model or coalitions of Group Owners, which may operate across policy domains. Group policy management touches practically all group-security technologies and may include so-called “traitor tracing” and other technologies that detect when members violate group access-control policies.
- Decentralized Group Key Management. The design of fault tolerant protocols that are robust in decentralized models of group key management. These models do not use a single centralized KDC and are important for small, dynamic groups (or coalitions) in a variety of applications such as small group teleconferencing and fault-tolerant routing.
- Security technologies for closed and open groups. Open groups are those where non-members are allowed to communicate with the group. Such groups might require a notion of a “group public key”, for example.
- Multiple Senders. Multiple-source groups have special requirements for denial of service protection and for minimizing state needed for sender authentication.
- Group Key and Membership Management. New protocols to distribute a common group key to all group members that exhibit differing properties of scalability, processing requirements energy usage, storage, and inter-member communications are part of the research agenda. These topics also include membership management algorithms that manage access to group keying materials and are especially relevant to emerging wireless applications.
- Non-multicast security. Previous work has focused on application of group security to multicast transport. New work that focuses on groups that use some transport other than multicast, such as broadcast or anycast, is of interest. This includes group key management for ad-hoc networking
- Reliable Multicast. The relationship between secure multicast and reliable multicast is not well understood. Additional research is required to clearly articulate the reliability that can be assumed by security services, and the security that can be provided to reliability services.
The goals of GSEC with respect to these areas of investigation include the following.
- Review of past and current work in each area; evaluation of the available technologies and collaboration with those working in these areas.
- Development of new technologies where needed and presentation at appropriate conferences and gatherings
- Identification of technologies that are ready for standardization in the IETF
Meetings are typically held concurrent with IETF meetings (three times a year) with special meetings being called on an as-needed basis.
The GSEC Research Group is an open IRTF RG. The meetings and mailing list are open to all participants. Participants are encouraged to be deeply knowledgeable of the literature and current technologies related to security, multicast, and group communications.
Pete Dinsmore (Pete_Dinsmore@nai.com) and Lakshminath Dondeti (firstname.lastname@example.org)
To subscribe to the list: Send a message to email@example.com with message body: ‘subscribe gsec’.