Distributed and Private Group Management

Group management is a fundamental building block of today´s Internet applications. Mailing lists, chat systems, collaborative document editing, even well established online social networks such as Twitter and Facebook also use group management systems. In many cases, group security is required to restrict access and visibility of data in a group only to members of the group. Some applications also require privacy by keeping group members anonymous and unlinkable. Group management systems routinely rely on a central authority that manages and controls the infrastructure and data of the system. This can negatively impact the privacy and scalability properties of the system. In this paper, we propose a completely distributed approach for group management based on distributed hash tables. Enrollment to the system is not controlled by any central authority. Anyone can create groups and principals, and a various set of applications can share existing groups. In this paper, we describe a novel decentralized system for group management, address various security and privacy issues that arise by removing the central authority, and formally validate the security properties using AVISPA. We demonstrate the feasibility of this protocol by implementing a prototype running on top of Vuze´s DHT.