Download presentation
Presentation is loading. Please wait.
1
A Novel Group Key Transfer Protocol
许静芳 Harn Lein 曾兵 华中师范大学计算机学院 University of Missouri- Kansas City USA 华南理工大学计算机软件学院
2
Why need group key transfer?
It needs efficient solutions to ensure secure group communications. Most existing solutions: Depending on key generation center (KGC) to transport the group key extra communication costs Using traditional threshold secret sharing schemes. increases computational complexity
3
Secret Sharing
4
Threshold Secret Sharing Scheme (TSSS)
By computing a (t-1)-th degree interpolating polynomial, a secret S is divided into n pieces, k1, k2,…,kn, called “shares”, such that a) any t or more than t shares can recover the secret S; b) fewer than t shares cannot get any information about the secret S.
5
Linear secret sharing scheme (LSSS)
Simply needs to compute an inner product of two vectors in order to encrypt and decrypt the secret: A natural and useful generalization of TSSS An advantage in terms of computational complexity Maintaining equal security to TSSS
6
Disadvantages of depending on KGC
Potentially limited communication from KGC to the user Unavailability of a fully trusted KGC Extra communication costs
7
Our Results A novel group key transfer protocol Proposal: Based on DH key agreement and a perfect LSSS; Without an online KGC; Resist potential attacks; Significantly reduce the overhead of system.
8
Our group key transfer protocol
consists of two phases: the secret establishment phase the session key transfer phase Initialization: a) A set of n users, {1,…,n} with each user having a public/private key pair {puk, prk} such that b) An initiator, one of the group members, is n and endowed with the authority to originate the group communications.
9
The secret establishment phase
Contains the following steps: Step 1. The initiator broadcasts a request containing a random number , his/her long-term public key pukn, and a list of members {1,…,n}, to announce the group communication.
10
The secret establishment phase
Step 2. Upon receiving the announcement from the initiator, each group member i, for i=1,…n-1, selects a random number and uses his/her private key puki to compute the secret as Afterwards, i computes and sends to the initiator as a response
11
The secret establishment phase
Step 3. After receiving the message from each i, the initiator computes and then checks If the result is valid, the initiator believes that the secret is shared with corresponding group member i. Otherwise, the initiator claims that i is fraudulent and then restarts the protocol.
12
The session key transfer phase
LSSS based on Vandermonde Matrix a) Given a basis of with for , the mapping defined by is determined. b) Every set of at most (t+1) vectors of the form is linearly independent, this scheme satisfies the basic requirements of secret sharing and is information-theoretically secure.
13
The session key transfer phase
Upon sharing the secret with corresponding group member i, the initiator randomly selects a group key and distributes it to the other group members in a secure and authenticated manner. All communications between the initiator and the other group members are in a broadcast channel. The initiator and the other group members execute the following steps:
14
The session key transfer phase
Step 1. The initiator separates each shared secret si into two parts xi and yi, where for i=1,…,n-1, and randomly generates a session key Then, the initiator computes n-1 additional values and the value , where the vector , the inner product and h is a one-way hash function. The initiator broadcasts to the other group members.
15
The session key transfer phase
Step 2. For each group member i except the initiator, knowing the public value, Ui, is able to compute the inner product and recover the group key Then, i needs to compute and check whether this hash value is identical to Auth. If these two values are identical, i authenticates the group key is sent from the initiator.
16
Security Analysis ● key freshness. ● key confidentiality ● key authentication. ● against outsider attack. ● against insider attack.
17
Performance Evaluation
●The drawback of KGC is that if the server is compromised, the network is totally unsecured. Hence, we used the CDH assumption to share the secrets between the initiator and other users. Our method is more efficient and more practical. ● In key transfer phase, we use a LSSS to replace the TSSS, because LSSS is more computation-efficient than TSSS. The computational comparison is given.
18
Questions and Comments?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.