Nathalie Weiler

The VersaKey framework: versatile group key management

Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components, or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that newly joining members are not able to understand past group traffic and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed, and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity [O(log N) for joins or leaves], thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper, we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties based on the existing prototype implementation.

Secure Internet based virtual trading communities

Today, we face a growing interest in distributed business-to-business applications using the Internet as communication media. However, the involved security threats are often neglected in the design of such systems. In this paper we present our security architecture for an Internet based virtual trading community. Our solution has been designed for an heterogeneous, distributed workflow management system environment which we call WISE (Workflow based Internet SErvices). The modular security services toolbox and the group key management form the core of the security architecture. Furthermore, we do not interfere with local security policies. We rather reuse the defined roles by mapping them to security communication parameters. So, we are able to present a scalable, secure solution for cooperative work over the Internet.