Secure PVM


Work is ongoing to add authentication, integrity, and privacy to the message passing of PVM. Principal investigators from ORNL are Tom Dunigan and Al Geist. An implementation of secure PVM has been constructed by UT/CS student Nair Venugopal. UT researcher, Bob Manchek provides guidance on internal PVM design and implementation issues.

Here is March, 1995 proposal (postscript, 55K) to DOE/DICCE for implementation of a secure PVM.

Here are Dunigan's slides (50K) of March 4, 1996 progress report on PVM to DOE/DICCE meeting in Reston, VA.

Venu's slides and thesis (202K) are on his Secure PVM page.

Abstract of 1996 ORNL tech report (ORNL/TM-13203) by Dunigan and Venu ``Secure PVM'' (240K)
This research investigates techniques for providing privacy, authentication, and data integrity to PVM (Parallel Virtual Machine). PVM is extended to provide secure message passing with no changes to the user's PVM application, or, optionally, security can be provided on a message-by-message basis. Diffie-Hellman is used for key distribution of a single session key for n-party communication. Keyed MD5 is used for message authentication, and the user may select from various secret-key encryption algorithms for message privacy. The modifications to PVM are described, and the performance of secure PVM is evaluated.

1997 tech report on ``Group Key Management '' , ORNL/TM-13470, with C. Cao, (200KB).
Abstract This report describes an architecture and implementation for doing group key management over a data communications network. The architecture describes a protocol for establishing a shared encryption key among an authenticated and authorized collection of network entities. Group access requires one or more authorization certificates. The implementation includes a simple public key and certificate infrastructure. Multicast is used for some of the key management messages. An application programming interface multiplexes key management and user application messages. An implementation using the new IP security protocols is postulated. The architecture is compared with other group key management proposals, and the performance and the limitations of the implementation are described.

Also see Dunigan's page on group key management.


Return to Tom Dunigan's page.
Last Modified Sunday, 04-Jan-1998 11:06:27 EST thd@ornl.gov (touches: 195357 )