Message Passing Communication Presented by : Hailong Hou Instructor: Yanqing Zhang
Outline Introduction Message passing communication 1. Basic Communication Primitives 1. Basic Communication Primitives 2. Message synchronization and buffering 2. Message synchronization and buffering 3. Pipe and socket APIs 3. Pipe and socket APIs 4. Secure sockets 4. Secure sockets 5. Group communication and multicast 5. Group communication and multicast Lasted relevant research Future works References
Introduction Messages are collections of data objects. Messages have a header containing system- dependent control information Message body which is fixed or variable size. The issues addressed in this part include whether the communication is direct or indirect, blocking or nonblocking, reliable or unreliable, and buffered or unbuffered.
Basic Communication Primitives Two generic message passing primitives are used:- Two generic message passing primitives are used:- 1.Send(destination,message) 2.Receive(source,message) Messages can be anything that is comprehensible data, remote procedure calls, executable code etc. Source and destination maybe process name, link or mailbox.
Symmetric process name Asymmetric process name Links
Addressing can be Addressing can be Direct /Indirect 1)Direct Communication: Entities can be addressed by using process names (Global process identifiers). Entities can be addressed by using process names (Global process identifiers). GPI’s are made unique by concatenating GPI’s are made unique by concatenating –Host Network Address+ local Generated Process Id This implies one logical communication path exists between sender and receiver. This implies one logical communication path exists between sender and receiver.
Symmetric Addressing:- Direct communication path exists between sending and receiving processes. Since sender and receiver explicitly name each other in communication primitive. Asymmetric Addressing:- Only the sender needs to indicate the recipient Disadvantages of Direct Communication:- –limited modularity - changing the name of a process means changing every sender and receiver process to match –need to know process names
2) Indirect Communication Primitives:- –Sometimes the sending processes are not concerned with the identity of the receiving process as long as message is received. –Receiver is not interested in the Id of the sending process as long as the message is received. –Such scenarios are implemented by Mailboxes.
Multipoint communication Multipath communication
–process mailbox ownership : only the process may receive messages from the mailbox other processes may send to the mailbox mailbox can be created with the process and destroyed when the process dies –system mailbox ownership : mailboxes have their own independent existence, not attached to any process dynamic connection to a mailbox by processes –for send and/or receive
Message synchronization and buffering Message passing and synchronization depends on Synchronization. Messages are passed to senders system Kernel, which transmits to the communication network. Message then reaches remote system Kernel which delivers to destination process.
There are 2 typical combinations:- 1) Blocking Send, Blocking Receive Both receiver and sender are blocked until the message is delivered. (provides tight synchronization between processes) Both receiver and sender are blocked until the message is delivered. (provides tight synchronization between processes) 2) Non Blocking Send, Blocking Receive 2) Non Blocking Send, Blocking Receive Sender can continue the execution after sending a message, the receiver is blocked until message arrives. (most useful combination) Sender can continue the execution after sending a message, the receiver is blocked until message arrives. (most useful combination) 3) Non Blocking Send, Non Blocking Receive 3) Non Blocking Send, Non Blocking Receive Neither party waits. Neither party waits.
Message Synchronization Stages Sender source network destination receiver 1 2 message 3 4 request 8 7 ack 6 5 reply 8 7 ack 6 5 reply
Message passing depends on Synchronization at several points. When sending a message to remote destination, the message is passed to sender system kernel which transmits it to communication network. Non blocking Send 1+8 Sender process is released after message has been composed and copied into senders kernel. Sender process is released after message has been composed and copied into senders kernel. Blocking Send Sender process is released after message has been transmitted to Network. Sender process is released after message has been transmitted to Network. Reliable Blocking Send Released after message has been received by kernel. Explicit Blocking Send Sender process is released after Message has been received by receiver process. Request & Reply 1-4 service 5-8 Released after message has been processed by the receiver and response returned to the sender. Released after message has been processed by the receiver and response returned to the sender.
Pipe and socket APIs Pipes are implemented with finite size, FIFO byte stream buffer maintained by the kernel. Used by 2 communicating processes, a pipe serves as unidirectional communication link so that one process can write data into tail end of pipe while another process may read from head end of the pipe.
Pipe is created by a system call which returns 2 file descriptors, (reading /writing) They are shared by two communicating processes,therefore pipes are used for related processes. For unrelated processes, there is need to uniquely identify a pipe since pipe descriptors cannot be shared. So concept of Named pipes. With a unique path name, named pipes can be shared among disjoint processes across different machines with a common file system.
Use of Named pipes is limited to single domain within a common file system. To achieve interdomain process communication neither data structures nor files can be shared or named we need an API running on top of transport layer. Two commonly API’s are Berkeley socket and System V Transport Layer Interface.
Socket A Socket is a communication end point of a communication link managed by the transport services. It is not feasible to name a communication channel across different domains. It is not feasible to name a communication channel across different domains. A Communication channel can be visualized as a pair of 2 communication endpoints. A Communication channel can be visualized as a pair of 2 communication endpoints.
Sockets have become most popular message passing API. Most recent version of the Windows Socket which is developed by WinSock Standard Group which has 32 companies (including Microsoft) also includes a SSL (Secure Socket Layer) in the specification. Most recent version of the Windows Socket which is developed by WinSock Standard Group which has 32 companies (including Microsoft) also includes a SSL (Secure Socket Layer) in the specification.
Peer processes Logical communication endpoint(socket, LCD) Physical communication endpoint (PCE) socket bind Peer processes Logical communication endpoint(socket, LCD) Physical communication endpoint (PCE) socket bind Send/recvfrom Connectionless socket communication
Connection oriented client/server socket communication
Secure sockets The goal of Secure socket layer (SSL) is to provide: Privacy in socket communication by using symmetric cryptographic data encryption. Privacy in socket communication by using symmetric cryptographic data encryption. Integrity in socket data by using message integrity check. Integrity in socket data by using message integrity check. Authenticity of servers and clients by using asymmetric public key cryptography Authenticity of servers and clients by using asymmetric public key cryptography
SSL handshake protocol
Group communication and multicast The communication models for message passing discussed are all examples of p2p communication. However, there is also group communications.
s G 21 s G 2 1 G s G 2 1 s G 2 1 s G 2 1 s s G 2 1 s G 2 1 s G 1 s G 2
It is not necessary for all servers to respond as long as at least one does. The multicast is performed on a best-effort basis and can be repeated if necessary. The system needs only to guarantee the delivery of the multicast message to the reachable nonfaulty processes, this is called the best- effort multicast.
It is often necessary to ensure that all servers have received the request so that consistency among the servers can be maintained. The multicast message should either be received by all of the servers or none of them, this is called reliable
Multicast orders: FIFO order: Multicast messages from a single source are delivered in the order that they were sent. Causal order: Causally related messages from multiple sources are delivered in their causal order. Total order: all messages multicast to a group are delivered to all members of group in the same order. A reliable and total order multicast is called an atomicmulticast.
A F BC D E G Group1Group2 Tree representations of overlapped groups
Latest research Group key 1. CENTRALIZED GROUP KEY MANAGEMENT PROTOCOLS(CGKMP) A. Member-driven CGKMP A. Member-driven CGKMP 1) The GKMP protocol 1) The GKMP protocol Harney and Muckenhirn [2],[3] proposed the Group Key Management Protocol (GKMP). The key server shares a secretkey (KEKs) with each active member (MB). Harney and Muckenhirn [2],[3] proposed the Group Key Management Protocol (GKMP). The key server shares a secretkey (KEKs) with each active member (MB).
2) The LHK protocol The basis for the LKH[4] approach for scalable group rekeying is a logical key tree structure maintained by the key server. The root of the key tree is the group key used for encrypting data in group communications and it is shared by all users.
3) The OFT protocol In OFT [5] the key server maintains a binary key tree. Unlike in LKH, in OFT an interior key in the key tree is derived from its child keys. A node v has a node secret Xv and a node key Kv. The relationship of the node secrets and the node keys of v is: Kv= g (Xv). Where g( ⋅ ) is a One- way function, such as MD5, SHA or MAC. The node key is computed from the node secret using a one-way function. That is to say any computationally limited adversary cannot find node secret from node key. So the node secret is all called blinded node key, and the node key is called unblinded node key. The parent node secret is derived from the keys of the left child and right child.
One way function tree
4) CFKM(Centralized Flat Table Key Management) In CFKM protocol, every member has an identity code(which is proposed to be IP ddress). The KS constructs 2n KEKs if the sum of members and potential members is no more than 2n in group. B. Time-driven CGKMP In time-driven CGKMP, the KS updates the group key in each regular interval. 1) Hao-Hua Chu’s protocol 1) Hao-Hua Chu’s protocol In the protocol proposed by Hao-Hua Chu et al[1], there is a group leader in the group. Any time when a member wants to multicast a message, it generates a TEK and encrypts the message with it before multicasting. In the protocol proposed by Hao-Hua Chu et al[1], there is a group leader in the group. Any time when a member wants to multicast a message, it generates a TEK and encrypts the message with it before multicasting.
Decentralized methods A. Stateless group key management protocols All GKs are formed a chain. If one group key omitted, the member be likely to miss all GKs followed. That is the worst thing we try to evade. If whether the new GK can be received rests with the former GK, All GKs are formed a chain. If one group key omitted, the member be likely to miss all GKs followed. That is the worst thing we try to evade. If whether the new GK can be received rests with the former GK, B. Self-healing group key management Protocols In a group key management protocol, the KS transmits group key updating message when has membership changed or at regular interval. In a group key management protocol, the KS transmits group key updating message when has membership changed or at regular interval.
C. Group key management protocols applied in mobile network Mobile networks, such as MANETs and sensor networks have come to play an more and more important role in recent years. Mobile network is different form fixed network. Most of facilities in mobile network are suitable for broadcast or multicast. But this characteristic also brings security problem. Many of the mobile equipments are power limited and their computation capacity is limited too. In many mobile networks, there is no relatively stationary framework an no fixed trusted third party(TTP). So distributed group key management is more appropriate. Mobile networks, such as MANETs and sensor networks have come to play an more and more important role in recent years. Mobile network is different form fixed network. Most of facilities in mobile network are suitable for broadcast or multicast. But this characteristic also brings security problem. Many of the mobile equipments are power limited and their computation capacity is limited too. In many mobile networks, there is no relatively stationary framework an no fixed trusted third party(TTP). So distributed group key management is more appropriate.
Future works Improve the group key methods for mobile devices.
References [1] H.H.Chu, L.Qiao, K.Nahrstedt. “A Secure multicast Protocol with Copyright Protection”. ACM SIGCOMM Computer Communications Review, April [2] H. Harney and C. Muckenhirn. “Group Key Managemant Protocol(GKMP) Architecture”. July 1997, RFC Protocol(GKMP) Architecture”. July 1997, RFC [3] H. Harney and C. Muckenhirn. “Group Key Managemant Protocol(GKMP) Specification”. July 1997, RFC Protocol(GKMP) Specification”. July 1997, RFC [4] D.Wallner, E.Harder and R.Agee. “Key Management for Multicat: Issues and Architecture”. Internet Draft, draft- wallner-key-arch-01.txt, Sepember 1998.
[5] D.Balenson, D.McGRew and A.Sherman. “Key management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization”. Internet-Draft, draft- Balenson-groupkeymagmt-oft- 00.txt, February [6] F.Staddon, S.Miner, M.Franklin, D.Balfanz, and D.Dean. “Selfhealing Key Distribution with Revocation”. In Proc. Of the IEEE Symposium on Security and Privacy, Oakland, CA, May [7] S. Zhu, S. Xu, S. Setia, and S. Jajodia. “GKMPAN: An Efficient Group Key Management Scheme for Secure Multicast in Ad-hoc Networks”. In Proc. of the 1st International Conference on Mobile and Ubiquitous Systems (Mobiquitous’04), Boston, Massachusetts, August 22-25, 2004
Thanks & question?