Skip to content

HiveNetCode/distributed-mls

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
mlspp @ 3a84133
mlspp @ 3a84133
 
 
src
src
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
mlspp-patch
mlspp-patch
 
 

Repository files navigation

Distributed MLS Client

Proof of concept demonstrating an MLS (Messaging Layer Security, RFC 9420) client that can operate in a fully distributed manner. This is the concept described in the following article:

Ludovic Paillat, Claudia-Lavinia Ignat, Davide Frey, Mathieu Turuani, Amine Ismail. Design of an Efficient Distributed Delivery Service for Group Key Agreement Protocols. FPS 2023 - 16th International Symposium on Foundations & Practice of Security, Dec 2023, Bordeaux, France. pp.1-16. hal-04337821

This project is based on Cisco's implementation of MLS: cisco/mlspp.

Build

First, clone the project using the following command

git clone https://github.com/HiveNetCode/distributed-mls.git --recursive

Dependencies

The mlspp project requires two dependencies to be installed prior to compilation:

  • openssl
  • nlohmann-json

Compilation

The project and mlspp can be compiled directly by running the following command:

make

Usage

First, to be able to run clients, one must run a PKI instance with the following command:

bin/pki

In our settings, the PKI has two roles:

  • storing clients' KeyPackage that will be use by other users to invite them in the group,
  • providing clients' address to allow other clients to communicate with them.

In a P2P network, this PKI could be replaced by distributed mechanisms such as a DHT (Distributed Hash Table).

Then, one can run MLS clients by providing the following parameters:

  • a user-friendly (and unique) name for the client,
  • the IP address or hostname of the PKI,
  • the network estimated RTT in milliseconds (i.e. the estimated round-trip time between the most distant clients).
bin/mls_client client1 127.0.0.1 300

Then, the client provides five commands:

  • create allows to create an empty group. This operation is mandatory before inviting other members into the user's group. On the other hand, invited members must not have called create.
  • add <user> allows to add a given member to the group and send him an invitation.
  • remove <user> allows to remove a given member from the group.
  • update performs an MLS Post-Compromise update of the current member.
  • message <message> allows to send a message to all group members. This message will be sent end-to-end encrypted to group members as the purpose of the MLS Protocol.

Build and Run using Docker

Alternatively, a Dockerfile is provided to build the project using Docker. The build command is the following:

docker build -t distributed-mls .

Then, the pki, as well as the mls-client can be run with the following commands:

docker run --rm -it -p 10501:10501 distributed-mls bin/pki

and

docker run --rm -it --network=host distributed-mls bin/mls_client client1 127.0.0.1 300

About

Distributed MLS Client (RFC 9420) using a Distributed Delivery Service

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages