Germano Caronni

The VersaKey framework: versatile group key management

Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components, or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that newly joining members are not able to understand past group traffic and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed, and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity [O(log N) for joins or leaves], thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper, we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties based on the existing prototype implementation.

Enabling hierarchical and bulk-distribution for watermarked content

One of the solutions to deter copyright violations consists of embedding hard to detect watermarks in digital media. Current developments have focused on how to embed watermarks, and on one-to-one exchanges on how to securely convey tagged data to the end consumer Assuming a large customer base or predistributed media, it may become prohibitively expensive or time consuming to tag each separate copy of data individually before it is delivered to the customer We present two mechanisms that allow the preparation and distribution of tagged data in a more scalable way than existing approaches. The first one, called hierarchical tagging, is preferable for on-line multi-level distribution, where producer and consumer are not in direct contact, but intermediate agents provide distribution channels and sales platforms. The second method is well Suited to pre-produced bulk-media distribution (such as through CDROMs or DVDs), with only small amounts of on-line information being transferred to each consumer We call it bulk-tagging.

Firewalls in a P2P world

Summary form only given, as follows. The past decade has seen a strong opening of company networks towards the Internet. Nearly every organization has some web presence, does some business by email (internally and externally) and many allow their employees access to the Internet from the office. Firewalls (acting as filter and proxy for network traffic) were supposed to be the magic all-encompassing solution to regulate this opening, and not expose the internal infrastructure to the public. But there are problems. The request for transparency and higher accessibility has been getting stronger. Firewalls process more and more traffic, and have to enforce more complex (and harder to formulate) restrictions. They are supposed to offer more and more fimctionality, and they get harder to use all the time. This way, firewalls are becoming a source of faults themselves, and a security risk. P2P Environments reinforce the issues, by potentially opening up many portals between different types of networks. Drive-by hacking in the wireless ethernet world is just one example of this. How do you decide who is going to be a member of your little ad hoc network, and whether users can employ any of the devices participating to hop on (or get routed to) a network they are not supposed to get to? Are there alternatives for classic firewalls? Do they apply to the P2P world? Do they fit the current scenario of ever-increasing mobility and ad hoc intermeshing of our computing environment? The talk explores the rise of firewalls, their evolution and tendencies in this area, and has a look at their strengths and weaknesses. Some alternative solutions are examined, and a vision of a potential future solution is presented.