Enclaves assumes that initial key assignment to group members is dealt elsewhere - certification authorities can be very useful for assigning keys. More specifically, each member is assumed to share a (possibly long term) symmetric key with the group leader. Authentication (for joining in a group session) uses DES-style shared-key cryptosystems. If we can assume that members have public-key capabilities, then Enclaves can use alternative protocols that provide very strong password protection [8].
Enclaves provides an abstract layer of secure multicast. For each group session, different keys are distributed to members for encrypting multicast data. The implementation of this layer is expected to change in future versions to better handle issues such as failure recovery and efficiency [9].
The Enclaves toolkit does not yet directly support remote objects. To facilitate a simple kind of secure remote object invocation, our approach is to define a platform-independent object manipulation language for each type of shared remote objects. Each local operation, if deemed to have global effect on a remote object, is then translated into this manipulation language before being multicast to the group. There are emerging softwares with built-in remote object capabilities and we will take advantage of them as they become widely available (except that we may have to retrofit these software with security features).
Finally, our design enforces the security of groups in Enclaves through the following mechanisms:
Need help? Use our Contacts page.
Last changed: 1 May 2002 aw |
|