Abstract
End-to-end encrypted messaging applications such as Signal became widely popular thanks to their capability to ensure the confidentiality and integrity of online communication. While the highest security guarantees were long reserved to two-party communication, solutions for n-party communication remained either inefficient or less secure until the standardization of the MLS Protocol (Messaging Layer Security). This new protocol offers an efficient way to provide end-to-end secure communication with the same guarantees originally offered by the Signal Protocol for two-party communication. However, both solutions still rely on a centralized component for message delivery, called the Delivery Service in the MLS Protocol. The centralization of the Delivery Service makes it an ideal target for attackers and threatens the availability of any protocol relying on MLS. In order to overcome this issue, we propose the design of a fully distributed Delivery Service that allows clients to exchange protocol messages efficiently and without any intermediary. It uses a Probabilistic Reliable-Broadcast mechanism to efficiently deliver messages and the Cascade Consensus Protocol to handle messages requiring an agreement. Our solution strengthens the availability of the MLS Protocol without compromising its security.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Albouy, T., Frey, D., Gestin, M., Raynal, M., Taïani, F.: Context adaptive cooperation (2023). https://arxiv.org/abs/2311.08776
Alwen, J., Auerbach, B., Noval, M.C., Klein, K., Pascual-Perez, G., Pietrzak, K., Walter, M.: Cocoa: concurrent continuous group key agreement. In: Advances in Cryptology - EUROCRYPT 2022: 41st Annual International Conference on the Theory and Applications of Cryptographic Techniques, Trondheim, Norway, 30 May–3 June 2022, Proceedings, Part II, p. 815-844. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-07085-3_28
Alwen, J., Coretti, S., Dodis, Y., Tselekounis, Y.: Modular design of secure group messaging protocols and the security of mls. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, CCS 2021, pp. 1463-1483. Association for Computing Machinery, New York (2021). https://doi.org/10.1145/3460120.3484820
Ateniese, G., Steiner, M., Tsudik, G.: Authenticated group key agreement and friends. In: Proceedings of the 5th ACM Conference on Computer and Communications Security, CCS 1998, pp. 17–26 (1998). https://doi.org/10.1145/288090.288097
Balbás, D., Collins, D., Gajland, P.: Analysis and improvements of the sender keys protocol for group messaging. XVII Reunión española sobre criptología y seguridad de la información. RECSI 2022 265, 25 (2022). https://arxiv.org/abs/2301.07045
Barnes, R., Beurdouche, B., Robert, R., Millican, J., Omara, E., Cohn-Gordon, K.: The Messaging Layer Security (MLS) Protocol. RFC 9420 (2023). https://doi.org/10.17487/RFC9420, https://www.rfc-editor.org/info/rfc9420
Bessani, A., Sousa, J., Alchieri, E.E.: State machine replication for the masses with bft-smart. In: 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 355–362 (2014). https://doi.org/10.1109/DSN.2014.43
Beurdouche, B., Rescorla, E., Omara, E., Inguva, S., Duric, A.: The Messaging Layer Security (MLS) Architecture. Internet-Draft draft-ietf-mls-architecture-10, Internet Engineering Task Force (2022). https://datatracker.ietf.org/doc/draft-ietf-mls-architecture/10/
Bhargavan, K., Barnes, R., Rescorla, E.: TreeKEM: asynchronous decentralized key management for large dynamic groups a protocol proposal for messaging layer security (MLS). Research report, Inria Paris (2018). https://hal.inria.fr/hal-02425247
Brzuska, C., Cornelissen, E., Kohbrok, K.: Security analysis of the mls key derivation. In: 2022 IEEE Symposium on Security and Privacy (SP), pp. 2535–2553 (2022). https://doi.org/10.1109/SP46214.2022.9833678
Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: De Santis, A. (ed.) Advances in Cryptology—EUROCRYPT 1994, vol. 950, pp. 275–286 (1995). https://doi.org/10.1007/BFb0053443. https://www.cs.fsu.edu/~langley/Eurocrypt/euro-pre.pdf
Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1802-1819. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243747
Guerraoui, R., Kuznetsov, P., Monti, M., Pavlovic, M., Seredinschi, D.A.: Scalable byzantine reliable broadcast (Extended Version). In: 33rd International Symposium on Distributed Computing (DISC 2019) (2019). https://arxiv.org/abs/1908.01738
Kim, Y., Perrig, A., Tsudik, G.: Simple and fault-tolerant key agreement for dynamic collaborative groups. In: Proceedings of the 7th ACM Conference on Computer and Communications Security, CCS 2000, pp. 235–244. (2000). https://doi.org/10.1145/352600.352638
Klein, K., et al.: Keep the dirt: tainted treekem, adaptively and actively secure continuous group key agreement. In: 2021 IEEE Symposium on Security and Privacy (SP), pp. 268–284 (2021). https://doi.org/10.1109/SP40001.2021.00035
Moxie, M., Trevor, P.: Signal - specifications - the x3dh key agreement protocol (2016). https://signal.org/docs/specifications/x3dh/
Nicolas, M., Elvinger, V., Oster, G., Ignat, C.L., Charoy, F.: MUTE: a peer-to-peer web-based real-time collaborative editor. In: ECSCW 2017 - 15th European Conference on Computer-Supported Cooperative Work. Proceedings of 15th European Conference on Computer-Supported Cooperative Work - Panels, Posters and Demos, vol. 1, pp. 1–4. EUSSET, Sheffield (2017). https://doi.org/10.18420/ecscw2017_p5
Perrin, T., Marlinspike, M.: The double ratchet algorithm. Signal - Specifications (2016). https://signal.org/docs/specifications/doubleratchet/
Rault, P.A., Ignat, C.L., Perrin, O.: Access control based on CRDTs for collaborative distributed applications. In: The International Symposium on Intelligent and Trustworthy Computing, Communications, and Networking (ITCCN-2023), Proceedings of the 22nd IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom-2023). Exeter, UK (2023). https://inria.hal.science/hal-04224855
Steiner, M., Tsudik, G., Waidner, M.: Key agreement in dynamic peer groups. IEEE Trans. Parallel Distrib. Syst. 11(8), 769–780 (2000). https://doi.org/10.1109/71.877936
Acknowledgments
This work is supported by the "Alvearium" Inria and hive partnership.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Paillat, L., Ignat, CL., Frey, D., Turuani, M., Ismail, A. (2024). Design of an Efficient Distributed Delivery Service for Group Key Agreement Protocols. In: Mosbah, M., Sèdes, F., Tawbi, N., Ahmed, T., Boulahia-Cuppens, N., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2023. Lecture Notes in Computer Science, vol 14551. Springer, Cham. https://doi.org/10.1007/978-3-031-57537-2_25
Download citation
DOI: https://doi.org/10.1007/978-3-031-57537-2_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-57536-5
Online ISBN: 978-3-031-57537-2
eBook Packages: Computer ScienceComputer Science (R0)