Secure Distributed Virtual Conferencing
The Secure Distributed Virtual Conferening (SDVC) application is an extension of the Secure Video Conferencing (SVC) work  CITI presented at the Internet2 Member Meeting held October 1997. SDVC is based on VIC and VAT, the popular MBONE videoconferencing tools, and maintains the look and feel of these applications. Where SVC provides authenticated encrypted full frame video delivered over a unicast channel, SDVC extends this work by adding multicast video delivery and a key exchange protocol for members of the multicast group.
All participants use the same data encryption key for the video and audio streams. When a new participant joins the group, or when a heartbeat detects that a participant has left the group, SDVC generates and distributes a new data encryption key to the participants. This means that only active members of the group can decrypt the video and audio streams. We use Globus to distribute this key.
There is a relatively high cost associated with setting up a Globus session, so we want to avoid doing this every time the data encryption key is changed. When a participant joins the group, the group server sets up a Globus connection to the new participant, authenticates the participant, generates a random participant key, sends it to the participant, and shuts down the Globus connection. Then any time the server wants to change the data encryption key, it generates a new key, encrypts it using each of the participant keys, and multicasts the list of encrypted data keys to all the group members. All members share the same data key.
Walk through a visual demo of an SDVC client joining the LSGC group here.
For group establishment and maintainence, SDVC uses Lightweight Secure Group Communications (LSGC) . LSGC employs three protocol layers; reliable broadcast, process group management, and security services. The reliable broadcast layer ensures ordered and atomic reception of group messages. The process group management layer provides all processes with a consistent view of group membership. The security services layer provides facilities for ensuring secrecy, integrity, and freshness of the group communication.
There is a trade off between the level of security and scaleability. Security comes at a cost, and that cost includes maintaining state between participants, which grows with higher levels of security and the number of participants in a group. Our approach is to start with a very high level of security, measure the scaleability, and then reduce security only where required to increase scaleability. This process is employed because our experience has shown that it is a lot easier to reduce security than to add security where there was none.
CITI replaced the Leighton-Micali key distribution algorithm employed by the original implementation of LSGC with Globus's GSSAPI_SSLEAY key exchange. We also replaced LSGC's DES encryption with SVC's multiple choice cipher, thus retaining the ablity to change ciphers on the fly.
SDVC integrates multicast video and audio with a scaleable key exchange protocol and secure multiparty group communication to provide an authenticated, encrypted data stream to members of the group.
Secure Distributed Virtal Conferencing W.A. Adamson, C.J. Antonelli, K.W. Coffman, P.D. McDaniel, and J. Rees January, 1999. Secure Information Networks Communications and Multimedia Security, IFIP TC6/TC11 Joint Working Conference on Communications and Multimedia Security (CMS'99), September 1999. (CITI Tech Report tr-99-1)