• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Cryptographic Technologies

Dynamic Cryptographic Context Management (DCCM)

Sponsored by:
Defense Advanced Research Projects Agency (DARPA)
Information Technology Office (ITO)

DARPA Contract # F30602-97-C-0277
Program Manager: Doug Maughan, DARPA
COTR: Lt. Brian Witten, Air Force Research Laboratory

Table of Contents

• Who We Are
• Overview of DCCM
• DCCM Presentations
• Additional Information on DCCM
• Final Report
• Web Links to Related Work

Who We Are

• David Balenson, DCCM Principal Investigator, David.Balenson@SPARTA.com
• Pete Dinsmore, Manager, Cryptographic Technologies Group
• Michael Heyman, Software Engineer
• Caroline Scace, Software Engineer, Caroline.Scace@SPARTA.com
• Peter Kruus, Software Engineer, Peter.Kruus@SPARTA.com
• Denny Branstad, Independent Security Consultant
• Alan Sherman, Independent Security Consultant
• Matt Mundy, Student Intern, Matt.Mundy@SPARTA.com

Overview of DCCM

Objective:
The objective of the Dynamic Cryptographic Context Management (DCCM) project is to develop and demonstrate new and efficient techniques for providing policy-based cryptographic security to sensitive multiple-participant computer applications in which the number of participants can be large (e.g., up to 100,000) and membership can change rapidly. The project is motivated by applications such as command and control of large, joint military operations, multi-organization cooperative design activities, and multi-national medical research collaboration, which require security services such as data origin authentication, integrity assurance, and confidentiality, and involve very large, dynamic groups of participants. A dynamic cryptographic context management system will be able to negotiate and manage cryptographic contexts from a security policy established by the application manager, assuring that the policy is instantiated and enforced properly and efficiently. Emphasis of the research is on developing policy management and group key establishment and re-keying technology for very large heterogeneous groups of participants in which group membership can change rapidly for a variety of operational as well as security reasons. The results of the research will enable organizations to use sensitive multi-party applications in closed communities of interest efficiently and in accordance with selected security policy. They will enable computing platform developers to implement various levels and types of protection.

Approach:
The approach is to examine selected dynamic multi-party applications, identify their security requirements, and develop a policy-based cryptographic security management architecture, including a cryptographic context specification, a negotiation and management protocol, a software toolkit incorporating policy and cryptographic context management functions, and a demonstration system that integrates the software components into a secure, multi-party application.

Relevant security policy specification languages, trust management approaches, and distributed system security mechanisms will be investigated. We will review peer-to-peer cryptographic support services, such as key generation, certificate management services, and time-date stamping currently becoming available from public key infrastructures or trusted third party services. We will then create a foundation for managing peer-to-peer cryptographic associations and define extensions or enhancements for multi-party, dynamic cryptographic associations.

The effort will be performed as three tasks. The first task will explore security requirements for dynamic multi-party projects (e.g., Closed Interest Groups) in order to develop a multi-party cryptographic context management architecture including practical cryptographic key management methods for establishing and dynamically changing the keys during an interactive, multi-party session. The second task will design a policy-based cryptographic context management system meeting the requirements. The third task will produce a software toolkit and a demonstration application for the design.

The DCCM system will include capabilities for specifying a security policy governing the application and its authorized participants, selecting cryptographic-based security services satisfying the policy, providing supportive security services needed for the selected security services, selecting communication layer(s) for the security services, selecting cryptographic algorithms for use in each selected security service, selecting algorithm parameters (e.g., key length, key lifetime), implementing methods for binding context with protected information, and implementing methods for dynamic key establishment and re-keying.

The DCCM system will treat a multi-party project as a managed event requiring secure group communication. The project may be divided into sessions (e.g., secure lecture series) and will be driven by a specific policy controlled by the project manager. Groups will have managers, members, and subgroups. Group / subgroup membership will be permitted to change dynamically. Group operations will include start/end session, member / subgroup join session, freeze/thaw access to session, leave session, and evict from session, among others.

The DCCM system definition will include a sequence of multi-party application phases: (1) project initialization, which involves security policy specification, negotiation and accommodation; (2) group member initialization, which involves public key authentication and pairwise group member key establishment; (3) group key establishment & re-key using various group methods, including key distribution centers, group Diffie-Hellman, and hierarchical methods; and (4) group communications with confidentiality, integrity, and authentication services.

Security policies will be associated with projects and written in a policy language. The policies will be specified, negotiated, and finalized into a crypto context template listing acceptable alternative crypto mechanisms. Finally, accommodation will be made for specific cryptographic mechanisms within the cryptographic context.

Accomplishments:
The DCCM project was completed on April 6, 2000. During the course of the project, the accomplishments were:

• Developed, documented and implemented a new hierarchical group key management mechanism known as One-way Function Trees.
• Developed, documented and implemented a Cryptographic Context Negotiation Template. The Cryptographic Context Negotiation Template (CCNT) has completed two phases of evolution, documented in DCCM report #2 and #2 version 2, respectively. The current template provides a BNF specification for the representation of policy by high-level statements, cryptographic mechanisms, and mechanism-specific configuration. The template provides a compact mechanism to store, transmit and negotiate cryptographic policies and contexts.
• Developed and documented a Cryptographic Context Negotiation Protocol. The Cryptographic Context Negotiation Protocol specifies how the CCNT is used to reach closure on a single cryptographic context for a project starting from multiple diverse member policies. It is documented in DCCM report #3, which was recently completed and delivered.
• Completed an Interim Demo highlighting the use of a CCNT by multiple clients to manage a multicast audio application. The application allows for many to many communication using application layer encryption. It is keyed from a central key manager.
• Created an Internet Draft for the One-way Function Tree (OFT) key mechanism developed earlier under this contract and presented it in the SMuG working group of the IRTF at the 44th IETF in Minneapolis, MN.
• Developed a DCCM software toolkit implementing various manager and client workstation functions for security policy and cryptographic context negotiation and management.
• Developed and demonstrated a DCCM testbed showing a secure multi-party application demonstration. The demonstration supports multicast communications among a set of manager and client workstations within a security perimeter jointly performing multi-party transactions. The workstations are equipped with policy specification, negotiation, translation, and accommodation software, as well as cryptographic context processing and enforcement software developed within the DCCM software toolkit.

Results:

• The testbed system demonstrated that the OFT group key mechanism can be implemented and run with groups up to 100,000 users. Group members can be re-keyed after the eviction of a single member with a message of 1105 bytes that can be computed and transmitted in 1 second.
• The testbed system showed that a wide range of security policies could be represented by the Cryptographic Context Negotiation Template and that a single context for group communications could be arrived at through a negotiation protocol.

Technology Transfer:
The project resulted in a number of results and capabilities, including:

• A comprehensive architecture / framework for large, dynamic, secure multi-party applications
• A multi-party security policy specification language, negotiation protocol, and translator
• A multi-party cryptographic context template
• A cryptographic context negotiation / accommodation protocol
• Efficient group key establishment and re-key methods

We provided these results and capabilities to research, industry, and user communities through a number of technology transfer activities:

• Distributing all technical reports and results of the DCCM research via the Web.
• Making the multi-party application security management toolkits and demonstration software available to other researchers and industry for reuse.
• Closely coordinating our work with a related NSA/SPARTA multicast security research effort.
• Participating in and supporting research and development groups addressing multi-party security issues, including IETF working groups and IRTF research groups.
• Promoting the development and use of a comprehensive architecture / framework for large, dynamic, secure multi-party applications.

DCCM Presentations (Zipped MS Powerpoint)

• Kickoff Meeting, 9/97 (ZIP Archive) (Adobe Acrobat)
• NETS PI Meeting, 3/98 (ZIP Archive) (Adobe Acrobat)
• HCN PI Workshop, 6/98 (ZIP Archive) (Adobe Acrobat)
• SMUG, 3/99 (ZIP Archive)
• HCN PI Workshop, 4/99 (Zip Archive)
• Program Review 5/99 (ZIP Archive)
• Dynamic Coalitions Workshop 5/99 (ZIP Archive)

Additional Information on DCCM - Last Updated 10/00

• Report #1: Architecture and System Design, 6/98 (ZIP Archive) (Microsoft Word) (Adobe Acrobat)
• Report #2: Version 2: Cryptographic Context Negotiation Template, 2/99 (ZIP Archive) (Microsoft Word) (Adobe Acrobat)
• Report #3: Cryptographic Context Negotiation Protocol, 2/99 (ZIP Archive) (Microsoft Word) (Adobe Acrobat)
• Key Establishment in Large Dynamic Groups Using One-Way Function Trees, McGrew, Sherman, 5/98 (PostScript) (Adobe Acrobat)
• Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization, (draft_irtf_smug_groupkeymgmt_oft_00.txt), Balenson, McGrew, Sherman 8/00 (Adobe Acrobat)
• Policy-Based Security Management for Large Dynamic Groups: An Overview of the DCCM Project, Dinsmore, Balenson, Heyman, Kruus, Scace, Sherman, 11/99, (Microsoft Word) (Adobe Acrobat)
• Efficient variants of the Fiat-Naor key predistribution scheme, Desmedt, 12/99 (Adobe Acrobat) (PostScript)
• The DCCM "Quad Chart" includes high-level architecture, new ideas, impact and schedule (Adobe Acrobat)
• DCCM Brochure (Adobe Acrobat)

Final Report

• Final Report (Zip Archive) (Microsoft Word)

Web Links to Related Work

• Defense Research Projects Agency (DARPA)
• Information Technology Office (ITO)
• High Confidence Networking (HCN)
• Internet Engineering Task Force (IETF)
• IETF Security Area
• IETF IP Security Working Group
• IRTF Secure Multicast Research Group
• Cliques: Gene Tsudik and his research group at Information Sciences Institute (ISI) at University of Southern California research group communication, group security services, and cryptographic mechanisms applicable for diverse group-oriented applications.
• Horus, Isis and Ensemble: Kenneth Birman and his research group at Cornell University research secure, distributed, fault-tolerant systems.
• Antigone: Atul Prakash, Peter Honeyman and Patrick McDaniel at University of Michigan developed a policy framework for secure group communication.

RFCs
Note: Many related links to RFCs are available through the IETF and IRTF working groups above and are therefore not included in this link list.

• Host Extensions for IP Multicasting, Deering, 8/89 (RFC1112.txt)
• Scalable Multicast Key Distribution, Ballardie, 5/96 (RFC1949.txt)
• Group Key Management Protocol (GKMP) Specification, Harney, Muckenhirn, Rivers, 7/97 (RFC2093.txt)
• Group Key Management Protocol (GKMP) Architecture, Harney, Muckenhirn, Rivers, 7/97 (RFC2094.txt)
• Core Based Tree (CBT Version 2) Multicast Routing, Ballardie, 11/97 (RFC2189.txt)
• Core Based Trees (CBT) Routing Architecture, Ballardie,11/97 (RFC2201.txt)
• Internet Group Management Protocol, Version 2, Fenner, 11/97 (Updates 1112) (RFC2236.txt)
• SDP: Session Description Protocol , Handley, Jacobson, 4/98 (RFC2327.txt)
• Taxonomy of Communication Requirements for Large-scale Multicast Applications, Bagnall, Briscoe, Poppitt, 12/99
• Key Management for Multicast: Issues and Architectures (LKH), Wallner, Harder, Agee, 6/99

Internet Drafts
Note: Many related links to internet drafts are available through the IETF and IRTF working groups above and are therefore not included in this link list.

• Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization, Balenson, McGrew, Sherman, 8/00 (draft_irtf_smug_groupkeymgmt_oft_00.pdf)
• Multicast Security Policy, McDaniel, Harney, Dinsmore, Prakash, 5/00 (draft_irtf_smug_mcast_policy_00.pdf)
• Logical Key Hierarchy Protocol, Harney, Harder, 3/99 (draft_harney_sparta_lkhp_sec_00.pdf)
• Multicast Security Management Protocol (MSMP), Harney, Harder, 3/99 (draft_harney_sparta_msmp_sec_00.pdf)
• The Keynote Trust Management System Version 2, Blaze, Feigenbaum, Keromytis, Ioannidis, 6/99 (draft_blaze_ietf_trustmgt_keynote_02.pdf)
• An Architecture for Secure Internet Multicast, Canetti, Cheng, Pendrakis, Rao, Rohatgi, Saha, 2/99 (draft_irtf_smug_sec_mcast_arch_00.pdf)
• A Taxonomy of Multicast Security Issues, Canetti, Pinkas, 8/00 (draft_irtf_smug_taxonomy_01.pdf)
• Group Security Association (GSA) Definition for IP Multicast, Monga, Hardjono, 2/99 (draft_irtf_smug_gsadef_00.pdf)
• Intra-Domain Group Key Management Protocol, Hardjono, Cain, Monga, 2/00 (draft_ietf_ipsec_intragkm_02.pdf)

Papers

• A Survey of Multicast Security Issues and Architectures, Kruus, 1998 (.ps) (.pdf)
• Techniques and Issues in Multicast Security, Kruus, 1998 (.ps) (.pdf)
• Presentation (.ps) (.pdf)
• Key Management for Secure Multicast Communications (Dissertation), Poovendran, 1999 (.ps)
• Internet Multicast Security: Overview of Issues and Technologies, Kleinmann and Kipnis, 1999 (.pdf)
• A Scalable Extension of Group Key Management Protocol, Poovendran, Ahmed, Corson, and Baras, 1998 (.pdf)
• Key Establishment in Large Dynamic Groups Using One-Way Function Trees, McGrew and Sherman, 5/98 (.ps)
• Efficient Security for Large Dynamic Multicast Groups, Caronni, Waldvogel, Sun, and Plattner, 7/98 (.ps)
• Elements of Trusted Multicasting, Gong, Shacham, 94 (.ps)