Zeyu Yang,Ziqing Wang,Fei Qiu,Fagen Li

DOI: https://doi.org/10.1016/j.jisa.2022.103388

IF: 4.96

2023-01-01

Journal of Information Security and Applications

Abstract:A group key agreement protocol allows a set of users to establish a common session key over an open network. A dynamic contributory group key agreement (DCGKA) protocol generates a session key based on contributions of all group members and allows a member to dynamically join or leave this group. Although current DCGKA can resist passive attacks, it cannot resist positive attacks like the man-in-the-middle (MITM) attack. In this paper, we propose a dynamic contributory Group Key Agreement protocol by using Short Signature (called GKA-SS) which uses bilinear map to accomplish the signature and the verification processes. The formal security proof shows that our protocol can resist both active and passive attacks under random oracle model. The informal security analysis indicates that our protocol can obtain backward secrecy, forward secrecy, etc. Besides, we analyze the communication and computation cost of our protocol and simulate it with pypbc library. As compared with TGECDH, our protocol is 2.4 times faster in join phase and 29 times faster in leave phase, when p is 512 bits, q is 160 bits and group size is 256.

Xiangjun Xin,Chaoyang Li,Dongsheng Chen,Fagen Li

DOI: https://doi.org/10.14257/ijhit.2016.9.2.11

2016-01-01

International Journal of Hybrid Information Technology

Abstract:In the paper, we analyze the security vulnerability of the key agreement protocol proposed by Lee et al.'s. We present a forgery attack to their protocol. In this attack, the adversary can modify the signed message and forge a new signature, which can pass the verification. Then, we propose a new group key agreement protocol, which overcomes this security drawback. The new protocol can be proved to be secure under Elliptic Curve Discrete Logarithm Problem, Bilinear Computational Diffie–Hellman Problem and Square-Exponent Problem. On the other hand, in the new protocol, only three pairing operations are used, so it is more efficient. Our protocol is also a contributory group key agreement protocol.

J. Li,X. Chen,H. Tian,C. Gao

DOI: https://doi.org/10.1504/ijahuc.2014.065156

2014-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:Since the notion of attribute-based encryption (ABE) was proposed, it has been found a lot of important applications such as fine-grained access control. However, the issue of key exposure problem in ABE has been solved completely. This problem is formally addressed and formulated in this paper. More specifically, we propose a new key-insulated ABE (KI-ABE) scheme as a solution to the key exposure problem. The definition and security model of KI-ABE is proposed. Then, a KI-ABE scheme is presented, which is provably secure under the proposed model. The scheme is secure in the remaining time periods against an adversary who compromises the insecure device and obtains secret keys for the periods of its choice. Finally, we show that the scheme also supports user delegation, which is critical when one wants to delegate part of attributes (privileges) to others.

Zheng Yang,Shuangqing Li

DOI: https://doi.org/10.1016/j.ipl.2015.08.006

IF: 0.851

2016-01-01

Information Processing Letters

Abstract:In this paper, we revisit the security result of an authenticated key exchange (AKE) scheme proposed in AsiaCCS'14 by Alawatugoda, Stebila and Boyd (which is referred to as ASB scheme). The ASB scheme is proved to be secure in a new bounded (continuous) after-the-fact leakage extended Canetti–Krawczyk (B(C)AFL-eCK) model without random oracles, where the B(C)AFL-eCK is extended from the eCK model. However we disprove their security results. We first show an attack against ASB scheme in the eCK model. This also implies that the insecurity of ASB scheme in the B(C)AFL-eCK model. Secondly we point out that the security of ASB scheme is incorrectly reduced to DDH assumption. A solution is proposed to fix the problem of ASB scheme with minimum changes, which yields a new ASB' scheme. We prove the eCK security of ASB' in the random oracle model under Gap Diffie–Hellman assumption.

Jianjie Zhao,Dawu Gu,M. Choudary Gorantla

DOI: https://doi.org/10.1145/1966913.1966975

2010-01-01

Abstract:ABSTRACTIn PKC 2009, Gorantla, Boyd and González Nieto presented a nice result on modelling security for group key agreement (GKA) protocols. They proposed a novel security model (GBG model) that better supports the adversaries' queries than previous models for GKA protocols by considering KCI resilience. However, ephemeral key leakage attack resistance has been left outside the scope of the GBG model. In this paper, we demonstrate an ephemeral key leakage on an existing GKA protocol which has been shown secure in the GBG model. We then extend the GBG model by allowing the adversary greater attack powers of leaking ephemeral keys in GKA protocol session. We also apply the well known NAX-OS trick to propose an improvement to an existing GKA protocol, which can resist the ephemeral key leakage attack. The security of the improved protocol has been argued under the our new model.

Debiao He,Jianhua Chen,Jin Hu

DOI: https://doi.org/10.31449/inf.v34i3.308

2010-01-01

Informatica

Abstract:Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. Due to their significance in building a secure communication channel, a number of key exchange protocols have been suggested over the years for a variety of settings. Among these is the so-called S-3PAKE protocol proposed by Lu and Cao for passwordauthenticated key exchange in the three-party setting. In the current work, we are concerned with the password security of the S-3PAKE protocol. We first show that S-3PAKE is vulnerable to an off-line dictionary attack in which an attacker exhaustively enumerates all possible passwords in an off-line manner to determine the correct one. We then figure out how to eliminate the security vulnerability of S3PAKE.

Daniel Camazón Portela,Álvaro Otero Sánchez,Juan Antonio López Ramos

2024-11-30

Abstract:The advent of large-scale quantum computers implies that our existing public-key cryptography infrastructure has become insecure. That means that the privacy of many mobile applications involving dynamic peer groups, such as multicast messaging or pay-per-view, could be compromised. In this work we propose a generalization of the well known group key exchange protocol proposed by Burmester and Desmedt to the non-abelian case by the use of finite group actions and we prove that the presented protocol is secure in Katz and Yung's model.

Cryptography and Security,Information Theory

Jian Shu,Chunxiang Xu

DOI: https://doi.org/10.1109/ICACIA.2009.5361154

2009-01-01

Abstract:Authenticated group key exchange (AGKE) enable a set of participants in a public network to share a key which can be further used to achieve confidentiality and authe.ntication. Most of the schemes required a linear number of communications round with respect to the number of group members, such schemes are not practical. Others are inefficient being required some additional condition such as central authority or logic structure. After analyzed the security of Bresson's protocol, a improved scheme is proposed, which is simple and efficient. The scheme is proven secure under Decisional Diffie-Hellman assumption.

Kaiping Xue,Mingxiu Hu,Peilin Hong,Hancheng Lu

DOI: https://doi.org/10.1049/cp:20081037

2008-01-01

Abstract:Group key agreement protocols are important for collaborative and group-oriented applications,which enable group members to share a common conference key for secure group communication. Jung[1] proposed an efficient group key agreement protocol which does not need public key cryptosystems and can be applied in dynamic group applications. But not long ago Lee[2] found inside attack can disrupt group key establishment in Jung's scheme. In this paper, we propose two security improvements on Jung's scheme, which can trace malicious attack and malicious members, and does not leak sensitive information of the group. The purpose of the improvements are not to get the malicious out of the group, but to be tolerant of the existence of malicious members and the group key can still be established in the group.

SF Sun,Udaya Parampalli,TH Yuen,Yong Yu,Dawu Gu

2016-01-01

Abstract:© Springer International Publishing Switzerland 2016.Motivated by tampering attacks in practice, two different but related security notions, termed complete non-malleability and relatedkey attack security, have been proposed recently. In this work, we study their relations and present the first public key encryption scheme that is secure in both notions under standard assumptions. Moreover, by exploiting the technique for achieving complete non-malleability, we give a practical scheme for the related-key attack security. Precisely, the scheme is proven secure against polynomial functions of bounded degree d under a newly introduced hardness assumption called dmodified extended decisional bilinear Diffie-Hellman assumption. Since the schemes are constructed in a direct way instead of relying on the noninteractive zero knowledge proof or signature techniques, they not only achieve the strong security notions but also have better performances.

舒剑,许春香

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.03.018

2009-01-01

Abstract:The security of an authenticated group key exchange is analyzed,the results show that it is insecure due to redundancy of the exchange messages.Based on the protocol of Burmester and Desmedt,an improved protocol is proposed with merits in terms of computation and communication.The improved protocol provides not only the capability of forward secrecy and mutual authentication,but also the capability against man-in-middle attack.The protocol is proven secure in the random-oracle and ideal-cipher models under the computational Diffie-Hellman(CDH) assumption.

Payal Sharma,B. R. Purushothama

DOI: https://doi.org/10.1007/s11277-024-10925-7

IF: 2.017

2024-04-09

Wireless Personal Communications

Abstract:There have been several proposed methods in the literature for securely distributing group keys and managing group dynamics for secure group communications. While these methods claim to be secure against passive adversaries, our focus has been on a more powerful adversary known as a strong active outsider adversary. This adversary has the ability to corrupt legitimate users, which can result in the leakage of crucial secret information to the adversary. Such information can enable the adversary to recover both current and past group keys. One commonly utilized approach for ensuring secure group communication is group key management schemes based on the Chinese remainder theorem (CRT). In this paper, we evaluate prominent CRT-based key management schemes in the presence of an active adversary. Our findings indicate that the adversary can exploit the leaked information of the corrupted user to break backward secrecy. As a result, we demonstrate that the CRT-based schemes found in the literature are insecure against strong active adversaries and are therefore unsuitable for practical applications.

telecommunications

Zhe Xia,Yu Yang,Fuyou Miao

DOI: https://doi.org/10.1049/ise2.12085

2022-01-01

IET Information Security

Abstract:To ensure private message exchange among the group members, it is desirable to construct secure and efficient group key management schemes. Moreover, these schemes are more versatile if they could support dynamic join or leave of group members. In IET Information Security 2014, Vijayakumar et al. have introduced such a group key management scheme with lightweight overheads in both computation and communication. And this scheme has been used as a building block in many cryptographic protocols afterwards. In this paper, the authors demonstrate that Vijayakumar's scheme suffers some potential security weaknesses. First, after participating in the group communications for some sessions, a group member may still be able to obtain the group key after it leaves the group, and this violates the claimed security property of forward secrecy. Second, some colluding group members may derive another group member's long term secret key, and obviously, this has more serious consequences. One of the main reasons for the existence of these attacks is that the security analyses in Vijayakumar's scheme are informal and they cannot cover the dynamic environment. To address this issue, the authors' suggestion is that heuristic arguments of security are not adequate in the design of cryptographic protocols, but formal security definitions and proofs are required.

XU Chun-xiang,LUO Shu-dan,Shu D. Luo

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.04.025

2009-01-01

Abstract:The three-party password-based authenticated key exchange protocol based on the CCDH assumption is analyzed. It is demonstrated that this protocol has security vulnerabilities from on-line guessing attack and lacks a perfect authentication mechanism. This paper presents an attack scheme to the protocol. Our attack scheme shows that an adversary can get other legitimate user's password successfully by on-line guessing cyclically.

Chunbo Ma,Jun Ao,Jianhua Li

DOI: https://doi.org/10.1109/npc.2007.36

2007-01-01

Abstract:A password-based dynamic group key agreement protocol from tripartite Diffie-Hellman using pairing on elliptic curve is presented in this paper. In this scheme, due to all users share a common pre-distributed password, the setup of the key agreement is simplified and the performance is improved. In addition, each user establishes a relation between his left and right neighbors respectively in order to implement the fast joining and leaving operations. Under the DDH assumption, proofs are given to show that the proposed key agreement protocol is secure against passive attack.

Shuai Han,Shengli Liu,Dawu Gu

DOI: https://doi.org/10.1007/978-3-030-92075-3_17

2021-01-01

Abstract:For Key Encapsulation Mechanism (KEM) deployed in a multi-user setting, an adversary may corrupt some users to learn their secret keys, and obtain some encapsulated keys due to careless key managements of users. To resist such attacks, we formalize Enhanced security against Chosen Plaintext/Ciphertext Attack (ECPA/ECCA), which ask the pseudorandomness of unrevealed encapsulated keys under uncorrupted users. This enhanced security for KEM serves well for the security of a class of Authenticated Key Exchange protocols built from KEM. In this paper, we study the achievability of tight ECPA and ECCA security for KEM in the multi-user setting, and present an impossibility result and an optimal security loss factor that can be obtained. The existing meta-reduction technique due to Bader et al. (EUROCRYPT 2016) rules out some KEMs, but many well-known KEMs, e.g., Cramer-Shoup KEM (SIAM J. Comput. 2003), Kurosawa-Desmedt KEM (CRYPTO 2004), run out. To solve this problem, we develop a new technique tool named rank of KEM and a new secret key partitioning strategy for meta-reduction. With this new tool and new strategy, we prove that KEM schemes with polynomially-bounded ranks have no tight ECPA and ECCA security from non-interactive complexity assumptions, and the security loss is at least linear in the number n of users. This impossibility result covers lots of well-known KEMs, including the CramerShoup KEM, Kurosawa-Desmedt KEM and many others. Moreover, we show that the linear security loss is optimal by presenting concrete KEMs with security loss T(n). This is justified by a non-trivial security reduction with linear loss factor from ECPA/ECCA security to the traditional multi-challenge CPA/CCA security.

Jianjie Zhao,Dawu Gu

DOI: https://doi.org/10.1007/s11859-010-0312-8

2010-01-01

Wuhan University Journal of Natural Sciences

Abstract:The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values A V and B V in the CLC protocol will make a man-in-the-middle attack feasible in practice, where A V and B V are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own passwords by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.

Niu Liu,Shaohua Tang,Lingling Xu,Daojing He

DOI: https://doi.org/10.1002/sec.966

IF: 1.968

2014-01-01

Security and Communication Networks

Abstract:ABSTRACTDesigning group key management schemes is a troubled field. In this paper, we review three schemes recently proposed, including Kayam's scheme for groups with hierarchy, Piao's group key management (KM) scheme, Purushothama's group KM schemes. We point out the problems in each scheme. Kayam's scheme is not secure to collusion attack. Piao's group KM scheme is not secure. The hard problem it bases is not really hard, and the way their scheme uses a hard problem is improper. Purushothama's scheme has an unnecessary design that costs lots of resources and does not give an advantage to the security level and dynamic efficiency of it. We also briefly analyze the underlying reasons why these problems emerge and give suggestions on designing. Copyright © 2014 John Wiley & Sons, Ltd.

Hui Li,Chuan-Kun Wu,Lingbo Wei

DOI: https://doi.org/10.1007/978-3-642-12827-1_24

2010-01-01

Abstract:In this paper, we extend Abdalla et al. ’s work in Asiacrypt 2005 to group-based setting. Our goal is to allow a group of users to establish a shared session key with a gateway under the assistance of an authentication server, while the server has no information about this session key and the gateway has no information about any password. Distinct to ordinary password-based group key exchange protocols, different shares of a groupwise password are assigned to group users respectively in our protocol. Each share is also a human-memorable password. According to our protocol, a group of at least k (a predefined threshold) users is authorized to establish a key with gateway. Additionally, the new protocol is proven secure in random-oracle model.

Bessie C. Hu,Duncan S. Wong,Zhenfeng Zhang,Xiaotie Deng

DOI: https://doi.org/10.1007/11780656_20

2006-01-01

Abstract:Certificateless cryptography involves a Key Generation Center (KGC) which issues a partial key to a user and the user also independently generates an additional public/secret key pair in such a way that the KGC who knows only the partial key but not the additional secret key is not able to do any cryptographic operation on behalf of the user; and a third party who replaces the public/secret key pair but does not know the partial key cannot do any cryptographic operation as the user either. We call this attack launched by the third party as the key replacement attack. In ACISP 2004, Yum and Lee proposed a generic construction of digital signature schemes under the framework of certificateless cryptography. In this paper, we show that their generic construction is insecure against key replacement attack. In particular, we show that the security requirements of their generic building blocks are insufficient to support some security claim stated in their paper. We then propose a modification of their scheme and show its security in a new and simplified security model. We show that our simplified definition and adversarial model not only capture all the distinct features of certificateless signature but are also more versatile when compared with all the comparable ones. We believe that the model itself is of independent interest.