Yongdae Kim
Adrian Perrig
Gene Tsudik
Skip Abstract Section
Abstract
Secure and reliable group communication is an active area of research. Its popularity is fueled by the growing importance of group-oriented and collaborative applications. The central research challenge is secure and efficient group key management. While centralized methods are often appropriate for key distribution in large multicast-style groups, many collaborative group settings require distributed key agreement techniques. This work investigates a novel group key agreement approach which blends key trees with Diffie--Hellman key exchange. It yields a secure protocol suite called Tree-based Group Diffie--Hellman (TGDH) that is both simple and fault-tolerant. Moreover, the efficiency of TGDH appreciably surpasses that of prior art.
- ACMCCS98. 1998. Fifth ACM Conference on Computer and Communications Security. ACM Press.]]Google Scholar
- Amir, Y. 1995. Replication Using Group Communication Over a Partitioned Network. Ph.D. Thesis, Institute of Computer Science, The Hebrew University of Jerusalem.]]Google Scholar
- Amir, Y., Ateniese, G., Hasse, D., Kim, Y., Nita-Rotaru, C., Schlossnagle, T., Schultz, J., Stanton, J., and Tsudik, G. 2000. Secure group communication in asynchronous networks with failures: Integration and experiments. In ICDCS 2000.]] Google Scholar
- Amir, Y. and Stanton, J. 1998. The Spread Wide Area Group Communication System. Technical Report 98--4, Johns Hopkins University Department of Computer Science.]]Google Scholar
- Asokan, N. and Ginzboorg, P. 1999. Key-agreement in ad-hoc networks. In Nordsec'99.]]Google Scholar
- Asokan, N., Shoup, V., and Waidner, M. 2000. Optimistic fair exchange of digital signatures. IEEE Journal on Selected Area in Communications 18, 4, 593--610.]]Google Scholar
- Ateniese, G., Steiner, M., and Tsudik, G. 1998. Authenticated group key agreement and friends. In Fifth ACM Conference on Computer and Communications Security. ACM Press.]] Google Scholar
- Becker, C. and Wille, U. 1998. Communication complexity of group key distribution. In Fifth ACM Conference on Computer and Communications Security. ACM Press.]] Google Scholar
- Bellare, M. and Rogaway, P. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security.]] Google Scholar
- Boneh, D. 1998. The decision Diffie-Hellman problem. In Third Algorithmic Number Theory Symposium, 48--63.]] Google Scholar
- Boneh, D. 1999. Twenty years of attacks on the RSA cryptosystem. Notices of the American Mathematical Society (AMS) 46, 2, 203--213.]]Google Scholar
- Bresson, E., Chevassut, O., and Pointcheval, D. 2001a. Provably authenticated group Diffie-Hellman key exchange---The dynamic case. In Advances in Cryptology---ASIACRYPT'2001.]] Google Scholar
- Bresson, E., Chevassut, O., Pointcheval, D., and Quisquater, J.-J. 2001b. Provably authenticated group Diffie-Hellman key exchange. In Eighth ACM Conference on Computer and Communications Security. ACM Press.]] Google Scholar
- Burmester, M. and Desmedt, Y. 1995. A secure and efficient conference key distribution system. In Advances in Cryptology---EUROCRYPT'94, 275--286 (final version of the Proceedings).]]Google Scholar
- Caronni, G., Waldvogel, M., Sun, D., Weiler, N., and Plattner, B. 1999. The VersaKey framework: Versatile group key management. IEEE Journal on Selected Areas in Communications.]]Google Scholar
- Chaum, D. 1991. Zero-knowledge undeniable signatures. In Advances in Cryptology---EUROCRYPT'90, 458--464.]] Google Scholar
- Dondeti, L., Mukherjee, S., and Samal, A. 2000. Disec: A distributed framework for scalable secure many-to-many communication. In Proceedings of The Fifth IEEE Symposium on Computers and Communications (ISCC 2000).]] Google Scholar
- Fekete, A., Lynch, N., and Shvartsman, A. 1997. Specifying and using a partionable group communication service. In ACM PODC'97, 53--62.]] Google Scholar
- Ingemarsson, I., Tang, D. T., and Wong, C. K. 1982. A conference key distribution system. IEEE Transactions on Information Theory 28, 5.]]Google Scholar
- Kim, Y., Mazzochi, D., and Tsudik, G. 2003. Admission control in collaborative groups. In Second IEEE International Symposium on Network Computing and Applications (NCA-03).]]Google Scholar
- Kim, Y., Perrig, A., and Tsudik, G. 2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Seventh ACM Conference on Computer and Communications Security. ACM Press, 235--244.]] Google Scholar
- Kim, Y., Perrig, A. and Tsudik, G. 2001. Communication-efficient group key agreement. In Information Systems Security, Proceedings of the Seventeenth International Information Security Conference IFIP SEC'01.]] Google Scholar
- Kurnio, H., Safavi-Naini, R., Susilo, W., and Wang, H. 2000. Key management for secure multicast with dynamic constrollers. In Information Security and Privacy, Fifth Australasian Conference, ACISP00.]] Google Scholar
- Lenstra, A. K. and Verheul, E. R. n.d. Selecting cryptographic key sizes. Available at http://www.cryptosavvy.com/.]]Google Scholar
- McGrew, D. A. and Sherman, A. T. n.d. Key establishment in large dynamic groups using one-way function trees. Manuscript.]]Google Scholar
- Moser, L., Amir, Y., Melliar-Smith, P., and Agarwal, D. 1994. Extended virtual synchrony. In ICDCS'94, 56--65.]]Google Scholar
- OpenSSL Project Team. 2001. Openssl.]]Google Scholar
- Perrig, A. 1999. Efficient collaborative key management protocols for secure autonomous group communication. In International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC '99).]]Google Scholar
- Rodeh, O., Birman, K., and Dolev, D. 2000. Optimized rekey for group communication systems. In NDSS2000, 37--48.]]Google Scholar
- Shoup, V. 1997. Lower bounds for discrete logarithms and related problems. In Advances in Cryptology---EUROCRYPT'97, 256--266.]]Google Scholar
- Shoup, V. 2000. Using hash functions as a hedge against chosen ciphertext attacks. In Advances in Cryptology---EUROCRYPT'2000, 275--288.]]Google Scholar
- Steer, D., Strawczynski, L., Diffie, W., and Wiener, M. 1988. A secure audio teleconference system. In Advances in Cryptology---CRYPTO'88, 520--528.]] Google Scholar
- Steiner, M., Tsudik, G., and Waidner, M. 2000. Key agreement in dynamic peer groups. IEEE Transactions on Parallel and Distributed Systems.]] Google Scholar
- Tzeng, W.-G. and Tzeng, Z.-J. 2000. Round-efficient conference-key agreement protocols with provable security. In Advances in Cryptology---ASIACRYPT'2000.]] Google Scholar
- Wallner, D., Harder, E., and Agee, R. 1997. Key Management for Multicast: Issues and Architecture. Internet-Draft draft-wallner-key-arch-00.txt.]] Google Scholar
- Wong, C., Gouda, M., and Lam, S. 1998. Secure group communications using key graphs. In Proceedings of the ACM SIGCOMM'98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, 68--79. Appeared in ACM SIGCOMM Computer Communication Review 28, 4 (Oct. 1998).]] Google Scholar
- Wong, C., Gouda, M., and Lam, S. 2000. Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8, 1, 16--30.]] Google Scholar
Index Terms
- Tree-based group key agreement
Recommendations
Certificateless and identity-based authenticated asymmetric group key agreement
Group key agreement (GKA) is one of the traditional ways to guarantee the subsequent secure group communications. However, conventional GKA protocols face two limitations, i.e., they require two or more rounds to establish secure channels and are sender ...
Enhancement on strongly secure group key agreement
In 2011, Zhao et al. presented a new security model of group key agreement GKA by considering ephemeral secret leakage ESL attacks. Meanwhile, they proposed a strongly secure GKA protocol under the new model. In this paper, two security weaknesses on ...
Round-optimal ID-based dynamic authenticated group key agreement
A group key agreement protocol provides a set of users with a shared secret key to achieve cryptographic goal. When membership changes, group session key should be updated efficiently and securely. Hence, dynamic group key agreement protocols are of ...
Comments