Lightweight Modelling and Automatic Analysis of Multicast Key Management Schemes

Alloy, a lightweight modelling language based on relations, is used to construct a framework for modelling a class of key management schemes used in secure multicast, aimed at checking them against some critical correctness properties that should be satisfied by all secure multicast protocols. This framework is used to model pull-based Asynchronous Rekeying Framework (ARF) and Iolus, two very different proposed schemes addressing the scalability issue inherently involved in group key management problem. The models are analyzed using the Alloy Analyzer, a fully automatic simulation and checking tool for Alloy models. These analyses exposed some flaws, including one serious security breach, in ARF, previously unknown to its designers. To eliminate the most serious flaw, some fixes are suggested and checked using the Alloy Analyzer. The proposed framework introduces a novel idiom for modelling distributed systems. Compared to the conventional way of modelling these systems, our idiom is simpler and more intuitive while supporting better modularity. Thesis Supervisor: Daniel Jackson Title: Associate Professor