Groove - PowerPoint PPT Presentation

1 / 46
About This Presentation
Title:

Groove

Description:

Second asymmetric key pair per identity for encryption / Decryption ... These keys are not sent over wire. They are calculated individually ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 47
Provided by: rishi2
Category:
Tags: groove | keys

less

Transcript and Presenter's Notes

Title: Groove


1
Groove
  • Preeti Mehra
  • 16th November, 2001
  • ECE - 579

2
Groove Architecture
3
(No Transcript)
4
  • Shared Space

Mutually Trusting Shared Spaces
Mutually Suspicious Shared Spaces
  • Message Received
  • Re-compute MAC using LG
  • Compare calc MAC with Transmitted MAC

5
Why Mutually Suspicious Shared Spaces
  • Corporate discussions where a lot is at risk
  • Authenticated identity of a person is really
    important for discussion

6
Keys used
  • Keys used so far
  • One passphrase per account
  • One symmetric key per account
  • One asymmetric key pair per identity for
    signature/Verification
  • Second asymmetric key pair per identity for
    encryption / Decryption

7
Keys in Mutually Suspicious Shared Spaces
  • Diffie-Hellman public/private key pair
  • These have to be authenticated identity key pairs
  • Pairwise Symmetric keys are established
  • These keys are not sent over wire. They are
    calculated individually

8
Calculation of Diffie-Hellman Pairwise Keys
9
Message Format in trusting Mode
Delta Header Delta Body Header Body
Digest
Group Encryption Key
Group MAC Key
10
Message Format in Suspicious Mode
11
Why Multi-authenticators
  • Constant signature size
  • Constant Time to compute signature
  • Support message fan-out and recovery of lost
    messages
  • Works best for small groups.

12
Relay Server
  • A System that understands Groove protocols
  • No knowledge about members.
  • Knows only about shared spaces
  • Uses of relay server
  • Firewall transparency
  • Message fanouts
  • Permits user to work offline

13
Relay for message fan-outs
____ Modem Link ____ High Speed Link
A
Relay Server
B
C
14
Relaying vs. Direct Connection
15
Recovery of lost messages
A
B
X
C
16
Recovery of lost messages
A
B
Request As Message
C
17
Recovery of lost messages
A
B
Sends As Message With B/C encryption A/C MAC
C
18
Invitation of people into shared spaces
  • Chair - Person who sends an invitation to join a
    shared space
  • Ways of inviting
  • Email
  • Instant Messages

19
Addition of User C
A
B
Delta message of addition of C Cs DH key
C
20
  • By accepting, Kathleen receives Andrews public
    key
  • By accepting, Kathleen sends to Andrew her public
    key
  • All future instant messages and invitations are
    authenticated

21
(No Transcript)
22
Uninvitation of a member
  • A rekey delta message is sent
  • Changed membership information
  • piggy-backed rekey information
  • new group key - transmitted by pairwise
    encrypting keys
  • New piggy-backed key is used to encrypt the
    message
  • Currently there is no administrative control for
    uninvitation.

23
A
B
Uninvite message
C
24
Rekey message sent for both trusted and not
trusted modesPer Member encryption always used
A
B
Rekey Message Group key encrypted using K (AB)
Membership Info
C
25
Key Versioning Dependencies
A
B
____ Modem Link ____ High Speed Link
C
26
Key Versioning Dependencies
A
B
____ Modem Link ____ High Speed Link
C
27
Key Versioning Dependencies
A
B
____ Modem Link ____ High Speed Link
C
28
Key Versioning Dependencies
A
B
____ Modem Link ____ High Speed Link
C
29
Key Versioning Dependencies
A
B
____ Modem Link ____ High Speed Link
C
30
Key Versioning Dependencies
A
B
____ Modem Link ____ High Speed Link
C
31
Key Versioning Dependencies
M4
Internet
M1
M6
M5
M3
M2
32
Key Versioning Dependencies
Uninvite message
M4
Internet
M1
M6
M3
M2
M5
33
Addition of tools
  • Any member can add new tools and functionality to
    a Groove shared space.
  • When Andrew adds a CAD Viewer Tool to the shared
    space, Groove automatically tells the other
    members shared spaces to add the CAD Viewer Tool
    as well.

34
  • Members do not send tools to each other they
    send commands to add a tool.
  • If a member already has the tool installed
    locally, Groove simply adds the tool to the
    shared space.

IT Controls
add tool
Andrew
  • If a member does not already have the tool
    installed, Groove automatically locates the tool
    on a component server, downloads and installs the
    tool, and adds it to the space.
  • All components are digitally signed.
  • IT managers can limit which components users are
    able to download, balancing end user control and
    flexibility with corporate security guidelines.

35
Enterprise Integration - multi-point Integration
www.groove.net
C
www.groove.net
B
www.groove.net
A
36
Enterprise Integration - multi-point Integration
www.groove.net
C
www.groove.net
B
www.groove.net
A
37
Enterprise Integration - multi-point Integration
Groove
C
Groove
B
Groove
A
38
Enterprise Integration - single-point Integration
E
D
C
Data Source
BOT
A
39
Enterprise Integration - single-point Integration
E
D
C
Data Source
BOT
A
40
Enterprise Integration - single-point Integration
E
D
C
Data Source
BOT
A
41
Building security in P2P (By IBM)
  • Peer A connects to peer B announces its
    identity
  • A is asked to authenticate itself
  • Authentication can be done in any desired way
  • B is asked to authenticate itself
  • B authorizes A
  • Encrypt channel to communicate

42
Building security in P2P (By IBM)
  • Peer AA communicates securely with C
  • C communicates securely with B
  • C gives A information about B (e.g. Keys)
  • A initiates secure connection to B

43
P2P and SSL
  • JSSE - provides SSL for Java applications
  • Function like regular sockets
  • Transparent authentication and encryption

44
Keystore - Private Key certificate containing
Public Key certificates of trusted peers. This
is protected by a password Scenario - A wants to
query resource B. But communication had to be
secure. Authentication proceeds as described
earlier
45
Steps to use JSSE (Intialization)
  • Prompt user for identity password
  • Create home directory for that user
  • Create a keystore. Secure APIs cannot do it in
    same process. Needs an external process
  • Create an instance of keystore
  • Create key manager to hold peers private key
  • Create trust manager to hold trusted certificates
  • Create SSL connection
  • Create socket factories

46
References
  • IBMs security site
  • http//www-106.ibm.com/developerworks/security/
  • Groove
  • http//www.groove.net
  • Other interesting sites
  • Intels P2P trusted library
  • www.sourceforge.net/projects/ptp1
  • http//www.idg.net/english/crd_peer_699186.html
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Groove" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!