News
Scalable, wide-area mechanisms:
Many distributed applications require reliable ordered delivery of
messages and membership services for a group of processes. IP multicast
provides only unreliable unordered delivery of messages and TCP only
provides reliable delivery
between two processes. A reliable multicast protocol provides message
delivery
services similar to TCP but between the members of a group of any size.
Several
factors go into developing a reliable multicast protocol that will work
for
a group spread across the Internet. Reliable multicast protocols that
work
on the Internet must scale to large numbers of members, long latencies,
asynchronous
messages, and dynamically changing group membership/connectivity. Many
reliable
multicast protocols simplify this task by defining that the group has
only
one sender and that reliable delivery means the receiving process is
provided
the mechanisms to request retransmissions (no guaranteed delivery).
These
sorts of limitations and simplified delivery definitions are useful in
some
applications but many distributed applications need a stronger delivery
guarantee.
We have concentrated on developing protocols providing much stronger
delivery
guarantees.
Multi-sender and managed group issues:
One aspect that makes our reliable group communication protocol harder
to build is that we assume all the members of the group may send
messages
to the group. With a multi-sender group, the reliable multicast
protocol
needs to be able to determine when messages from any group member are
missing
and thus each receiver must know the correct group membership. In
addition,
many distributed applications expect the set of messages delivered at
each
receiver to be in the same order and the view of membership at each
receiver
to be consistent. Providing these properties in the reliable group
communication protocol simplifies the task of the distributed
application since the application does not need to separately track
membership.
Our current work is based on our previous experience in designing and
implementing the LAN oriented, Totem reliable multicast protocol. We
have
used the Totem protocol in several projects but have been limited by
the
fact that Totem protocol is poorly suited to a wide-area environment.
The
goal of the project is to develop a reliable multicast infrastructure
that
leverages off of the DOE Science Grid infrastructure and can be used by
Grid
applications. A principal task in this project is the development of
secure
multicast capabilities with flexible reliability and ordering. The
InterGroup
reliable multicast protocol is currently under development and will
provide
a flexible set of group message delivery services and scale to the
Internet.
Internet scale reliable multicast is achieved by radically changing the
protocol design and delivery guarantees. One of the changes that
directly
benefits the application is that we have moved the decision regarding
level
of reliability for message delivery to the receivers. Also, only the
processes
currently sending messages to the process group are explicitly tracked
in
the membership. The processes that are not currently sending messages
communicate
with the process group by means of a hierarchical coordinator tree. We
expect
these mechanisms to allow InterGroup to efficiently support
multi-sender
process groups spread across the Internet.
One challenge in building a multicast protocol for use over a public
network is security. When communication is conducted over the Internet,
it is essential to allow the application components to safely
communicate in the face of adversaries. The approach taken is to
establish secure multicast channels among application
components. A secure multicast channel is built by first establishing a
session
key among the legitimate application components and then using it to
achieve
multicast message confidentiality or multicast data integrity.
Authenticated group Diffie-Hellman key exchange is used to compute
a session
key and dynamically update it after each change in the group membership
(e.g.,
failures, network partitions). A fully distributed access control
scheme
also ensures that only the legitimate principals get entry into the key
exchange.
Once a session key has been established, it is used to derivate secret
values
used by symmetric-key algorithms to protect application sensitive
messages.
Our work is based on our prior experience in securing the Totem
system. We have used the Totem system to study and implement the secure
group services required by a reliable group communication in wide-area
environments. On-going work is replacing the Totem system with its more
recent follow-on the InterGroup protocols and extending what we learn
from securing Totem to secure InterGroup.
Reliable Multicast and the IETF:
The IETF is currently focussing on defining the building blocks that
compose a single-sender "reliable" multicast protocol. The IRTF is
focusing on the primary research issues facing single sender protocols
are congestion/flow control, efficient retransmission, and
acknowledgement aggregation. These issues are currently being worked on
within the IETF reliable
multicast transport group and the IRTF reliable
multicast research group. We have been tracking work by the IETF
and IRTF.
Secure Multicast and the IETF:
The IRTF
secure multicast research group is currently researching a suite of
standards and associated reference architectures upon which secure
multicast applications can be built. In addition, it also specifies the
context security transforms and key management schemes. Solutions for
these requirements will eventually be standardized within the IETF multicast
security working group when ready. We have been tracking work by
the IETF and IRTF.
LBNL home page |
DSD Research |
Notice to Users
Page last modified: Wednesday, 09-Mar-2005 12:34:09 PST
Contact: Webmaster <webmaster@george.lbl.gov>
Credits: Secure
and Reliable Group Communications research and development is funded
by the U.S. Dept. of Energy, Office of Science, Office of Advanced
Scientific Computing Research, Mathematical, Information, and
Computational Sciences Division;
Support Credits
identify the funding sources and the organizational context of the work described in this document.
Privacy and site security notice to Users