A Novel Group Key Transfer Protocol

Slides:

Advertisements

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Advertisements

Akshat Sharma Samarth Shah

A Survey of Key Management for Secure Group Communications Celia Li.

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Key Agreement Guilin Wang School of Computer Science 12 Nov

An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Digital Signatures, Message Digest and Authentication Week-9.

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Interleaving and Collusion Attacks on a Dynamic Group Key Agreement Scheme for Low-Power Mobile Devices * Junghyun Nam 1, Juryon Paik 2, Jeeyeon Kim 2,

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

1 Authenticated Key Exchange Rocky K. C. Chang 20 March 2007.

KERBEROS SYSTEM Kumar Madugula.

Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,

Fall 2006CS 395: Computer Security1 Key Management.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

P2P encryption by an identity-based one-way group key agreement protocol By Jyh-haw Yeh Boise State University Proceedings of IEEE ICPADS 2014.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

Systems Architecture Anonymous Key Agreement Dominik Oepen

An Efficient and Practical Authenticated Communication Scheme for Vehicular Ad Hoc Networks Source: IEEE Transactions on Vehicular Technology, Reviewing.

Web Applications Security Cryptography 1

Lightweight Mutual Authentication for IoT and Its Applications

Golden Linear Group Key Agreement Protocol

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Computer Communication & Networks

Secure Sockets Layer (SSL)

Packet Leashes: Defense Against Wormhole Attacks

e-Health Platform End 2 End encryption

CMSC 414 Computer and Network Security Lecture 15

A Wireless LAN Security Protocol

CS480 Cryptography and Information Security

Efficient password authenticated key agreement using smart cards

Radius, LDAP, Radius used in Authenticating Users

Tutorial on Creating Certificates SSH Kerberos

Introduction to security goals and usage of cryptographic algorithms

刘振上海交通大学计算机科学与工程系电信群楼3-509

9.2 SECURE CHANNELS Medisetty Swathy.

Fuzzy Identity Based Encryption

SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET

Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.

CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9

The Secure Sockets Layer (SSL) Protocol

Network Security Security Techniques: Encryption & decryption :

Key Management Network Systems Security

Kerberos Part of project Athena (MIT).

CDK: Chapter 7 TvS: Chapter 9

Key Distribution Reference: Pfleeger, Charles P., Security in Computing, 2nd Edition, Prentice Hall, /18/2019 Ref: Pfleeger96, Ch.4.

Authors: Yuh-Min TSENG, Tsu-Yang WU, Jui-DiWU

Electronic Payment Security Technologies

刘振上海交通大学计算机科学与工程系电信群楼3-509

Cryptographic Protocols Secret Sharing, Threshold Security

Secure Diffie-Hellman Algorithm

Key Exchange, Man-in-the-Middle Attack

Presentation transcript:

A Novel Group Key Transfer Protocol 许静芳 Harn Lein 曾兵华中师范大学计算机学院 University of Missouri- Kansas City USA 华南理工大学计算机软件学院

Why need group key transfer? It needs efficient solutions to ensure secure group communications. Most existing solutions: Depending on key generation center (KGC) to transport the group key extra communication costs Using traditional threshold secret sharing schemes.  increases computational complexity

Secret Sharing

Threshold Secret Sharing Scheme (TSSS) By computing a (t-1)-th degree interpolating polynomial, a secret S is divided into n pieces, k1, k2,…,kn, called “shares”, such that a) any t or more than t shares can recover the secret S; b) fewer than t shares cannot get any information about the secret S.

Linear secret sharing scheme (LSSS) Simply needs to compute an inner product of two vectors in order to encrypt and decrypt the secret: A natural and useful generalization of TSSS An advantage in terms of computational complexity Maintaining equal security to TSSS

Disadvantages of depending on KGC Potentially limited communication from KGC to the user Unavailability of a fully trusted KGC Extra communication costs

Our Results A novel group key transfer protocol Proposal: Based on DH key agreement and a perfect LSSS; Without an online KGC; Resist potential attacks; Significantly reduce the overhead of system.

Our group key transfer protocol consists of two phases: the secret establishment phase the session key transfer phase Initialization: a) A set of n users, {1,…,n} with each user having a public/private key pair {puk, prk} such that b) An initiator, one of the group members, is n and endowed with the authority to originate the group communications.

The secret establishment phase Contains the following steps: Step 1. The initiator broadcasts a request containing a random number , his/her long-term public key pukn, and a list of members {1,…,n}, to announce the group communication.

The secret establishment phase Step 2. Upon receiving the announcement from the initiator, each group member i, for i=1,…n-1, selects a random number and uses his/her private key puki to compute the secret as . Afterwards, i computes and sends to the initiator as a response

The secret establishment phase Step 3. After receiving the message from each i, the initiator computes and then checks . If the result is valid, the initiator believes that the secret is shared with corresponding group member i. Otherwise, the initiator claims that i is fraudulent and then restarts the protocol.

The session key transfer phase LSSS based on Vandermonde Matrix a) Given a basis of with for , the mapping defined by is determined. b) Every set of at most (t+1) vectors of the form is linearly independent, this scheme satisfies the basic requirements of secret sharing and is information-theoretically secure.

The session key transfer phase Upon sharing the secret with corresponding group member i, the initiator randomly selects a group key and distributes it to the other group members in a secure and authenticated manner. All communications between the initiator and the other group members are in a broadcast channel. The initiator and the other group members execute the following steps:

The session key transfer phase Step 1. The initiator separates each shared secret si into two parts xi and yi, where for i=1,…,n-1, and randomly generates a session key . Then, the initiator computes n-1 additional values and the value , where the vector , the inner product and h is a one-way hash function. The initiator broadcasts to the other group members.

The session key transfer phase Step 2. For each group member i except the initiator, knowing the public value, Ui, is able to compute the inner product and recover the group key . Then, i needs to compute and check whether this hash value is identical to Auth. If these two values are identical, i authenticates the group key is sent from the initiator.

Security Analysis ● key freshness. ● key confidentiality ● key authentication. ● against outsider attack. ● against insider attack.

Performance Evaluation ●The drawback of KGC is that if the server is compromised, the network is totally unsecured. Hence, we used the CDH assumption to share the secrets between the initiator and other users. Our method is more efficient and more practical. ● In key transfer phase, we use a LSSS to replace the TSSS, because LSSS is more computation-efficient than TSSS. The computational comparison is given.

Questions and Comments?