GAC_API 0.3.1  January, 2003

Copyright (c) 2002  SCONCE, ICS, University of California at Irvine 
All rights reserved.


 DESCRIPTION
 -----------
 GAC_API provides group admission control,called GAC, mechanisms over 
 OpenSSL library. The Integrated API based on the following four signature 
 schemes is provided.   

 * Plain Signature (PS)
   implements group admission control using RSA signature scheme. 
 
 * Threshold Signatures (TS)
   RSA-based threshold signature scheme is applied. 
   Refer to the following paper for the details;
   "Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc 
    Networks"  by J. Kong, P. Zerfos, H. Luo, S. Lu, L. Zhang, ICNP 2001

 * Accountable Subgroup Multisignatures (ASM)
   implements group admission control mechanism based on the following paper:
   "Accountable-Subgroup Multisignatures" by K. Ohta, S. Micali, L. Reyzin, 
   ACM CCS, 2001
   
 * Group Signatures (GS)
   Refer to  the following paper:
   "A Practical and Provably Secure Coalition-Resistant Group Signature 
    Scheme" by G. Ateniese, J. Camenisch, M. Joye, G. Tsudik, CRYPTO 2000


 OVERVIEW
 --------
 This package contains the followings:

 1) Common library
    * libgac.a: mostly used at setup phase to establish the security context
    * libhandle.a: provides functions of protocol handler

 2) Signature library
    * libps.a:  PS library
    * libtss.a: TS library
    * libasm.a: ASM library
    * libgs.a:  GS library

 3) Certificate library
    * libcert.a: provides functions for generating all kinds of certificates 
                 for group admission (i.e., PKC, GPC, GCHT, and GMC). 
                 All certificates conform to X.509v3 format.
    * libgacext.a: includes functions to manuplate the extension fields of 
                   X.509v3 certificate for our purposes

 4) Crypto library
    * libcryptutil.a: provides functions to use some popular OpenSSL crypto 
                         library functions more conveniently
    * libcrypto.a: is a crypto library copied from OpenSSL for convenience. 
                   You don't need to install OpenSSL separately.
           
 5) Utility library       
    * libutil.a: is general-purpose library which includes socket handling, 
                 logging, error handling, and so on.


 INSTALLATION 
 ------------

 After unzipping the files, change the current directory to
 gac-0.5.0, then do the following:
  
 1) run "./configure --prefix=.."
    If you want to put all binaries in /usr/local/bin, 	remove "--prefix=.." option; 
		i.e., "./configure"
 2) run "make"
 3) run "make install"


 TEST PROGRAM
 ------------

 Even if GAC_API is just an interface for group admisson control, we provide 
 a sample program to test our mechanism, simulating group communications with 
 client-server concept. Four sample programs listed below are provided in the 
 package. 

 * Certification Authority (cad)
   it is not a mandatory component for GAC. We made CA on-line 
   just for testing.

 * Group Authority (gad)
   it is an on-line TTP which generates a group membership certificate, 
   called GMC, for each eligible incoming member.
 
 * Application Server (apps)
   this simulates current members who are on-line. Application servers run
   as daemon processes.

 * Application Client (appc)
   it is a program for simulating new joining member.


 CONFIGURATION
 -------------
 
 Before running the program, you should configure the following:

 1) CA server address in both "apps" and "appc"
    edit "./bin/apps/cad.addr" and "./bin/appc/cad.addr"

 2) GA server address in both "apps" and "appc"
    edit "./bin/apps/gad.addr" and "./bin/appc/gad.addr"

 3) Application server addresses in "appc"
    edit "./bin/appc/serv.addr$" 
         where $ is the number of desired application servers.
    For example, suppose we set "threshold = 3" in a group charter.
    You need to create or edit the following three files:
      "./bin/appc/serv.addr0"
      "./bin/appc/serv.addr1"
      "./bin/appc/serv.addr2"

 NOTE: You can pre-configure all server addresses mentioned above 
       in "./inst/addr" directory. Right after that, you should run 
       "./make install" again. 
       You don't need to configure the above files separately now.


 TODO
 ----
 1) Make n copies of  "./bin/apps" directory, 
    where n denotes the number of application servers you want to use 
    in your test program.
 2) run ./bin/ca/cad
 3) run ./bin/ga/gad
 4) run ./bin/server/apps in each server machine
 5) run ./bin/client/appc
  
 NOTE: All resource files related to GAC are stored in ".bin/client/.gac". 
       Finally, after running the above programs, you can view the new GMC 
       (whose filename is "gmcert.pem" in that directory)


 SUPPORT
 -------

 jhyi@ics.uci.edu
