[Spread-users] Secure Spread problem
Yair Amir
yairamir at cnds.jhu.edu
Wed May 16 12:59:23 EDT 2001
Hi Yiqiang,
This is a very good point.
Secure Spread is an on-going research project. The focus so far was on robust key agreement protocols and the first release of Secure Spread implements such a protocol. From a security perspective, nothing bad has happened (!) - no un-authorized members can get messages or join the secure group.
To solve the problem of them joining the group, access control has to be involved (so that non-authorized members will not be able to join or send to the group). This support is located actually at the Spread daemon level itself. The hooks for such support are already in Spread 3.16 that will be released in the near future as part of the big changes happening to Spread.
Stay tuned,
:) Yair. http://www.cnds.jhu.edu
Ding Yiqiang wrote:
> Hi, What if a normal user(attacker) Eve tries to join the secure group, assume Spread daemons are accessible by Eve, Eve knows the address of those Spread daemons, and even the group name those secure members are joining? I made a test using the demo program "user" provided by SSP 1.0.0. One group with secure group communication was setup successfully. However, when I use another demo program "user" provided by Spread-1.14 to connect this secure group, following events happened:1. Eve got all those member names in the secure group;2. Each secure member received a FLUSH_REQ message;3. Even after sending flush ok to the group, all secure members got stuck. Any comments? BTW, lots of thanks for Jonathan's comments of spread configuration problem. Yiqiang
More information about the Spread-users
mailing list