| Many emerging network applications, e.g., teleconference, information dissemination services, distributed interactive simulation, and collaborative work, are not based upon traditional message-oriented point-to-point communication model. Some are flow-oriented and generate flows, e.g., audio, video, or sequence of related information. Some are group-based (or multicast-based), i.e., data are sent from one or more senders to many receivers.; The main goal of my research is to efficiently provide two network security services for securing these flow-based and/or group-oriented applications. They are a group key management service and a digital signature service for flows and multicasts.; For the group key management service, I have formalized the notation of a secure group, and proposed a key graph technique to address the scalable group key management problem. For multiple groups, I have identified and exploited two properties, subgroups and JL-patterns, to further improve the processing of multiple groups join/leave requests. Based upon this key graph technique, I have designed and implemented several join/leave protocols and rekeying strategies.; The digital signature service consists of two components: (1) flow signing and verification procedures, and (2) a digital signature scheme called eFFS. They provide authenticity, integrity, and non-repudiation for flows and multicasts. The flow signing and verification procedures amortize a single signing/verification operation over many packets while each packet is still individually verifiable. The eFFS signature scheme provides very efficient signing and verification operations (when compared to several existing signature schemes) and allows adjustable and incremental verification by receivers. |
