Many of distributed and collaborative applications (e.g., conferencing, white-boards, and command-and-control systems) need secure communication. However, experience shows that security mechanisms for collaborative peer groups tend to be both expensive and complex. My research focuses on group key management and admission control problem.
Group key management refers to the set of mechanisms to create, maintain and destroy the group key. Group key management on peer group is particularly challenging, since 1) group key has to be changed when a new user joins (or existing group members leave) the group, in order to guarantee strong security, 2) it must cope with arbitrary network partition, in order to guarantee that any subgroup can still communicate securely, and 3) it must be efficient in computation and communication. I made seminal contributions to the development of two novel group key management techniques for group key management. The first technique achieves group key management by blending binary key trees with Diffie-Hellman key exchange. This technique is very simple, provably-secure, fault-tolerant and its efficiency surpasses that of prior art. The second technique is based on purposely unbalanced binary key tree, which trades off higher computation cost for near optimal communication overhead. Both techniques can handle dynamic groups and network failures such as group partitions and merges. The security of these protocols is proven to be reducible to Decisional Diffie-Hellman problem.
Both algorithms are quite well-known to security community and included as a standard reading for seminar course in more than 20 universities. They are implemented as a group key management API to separate cryptographic protocols from communication protocols, which was further integrated with Spread group communication system, and commercialized by Spread Concepts.