Zhijun Zhang,Pla Information

2010-01-01

Abstract:A group key agreement protocol based on m-tree and DMDH assumption is developed to improve the poor scalability and efficiency of most existing group key agreement protocols in dynamic peer communication.This protocol combined m-tree with DMDH assumption,which key agreement is completed by which all group members agreed on variable m to fix on key tree and selected corresponding multilinear map from cluster of multilinear maps.Meanwhile,it much more applied to LAN and WAN by which communication and computation costs are balanced by variable m.Compared with TGDH and GDH,it made a great progress in security,scalability and efficiency.

Qi Cheng,Zhuo Zhao,Chingfang Hsu,Maoyuan Zhang,Qing Yang,Di Wu

DOI: https://doi.org/10.1155/2021/7703466

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Although nowadays lots of group key agreement schemes have been presented, most of these protocols generate a secret key for a single group. However, in the IoT HCS, more and more communications are involved in multiple groups and users can join multiple groups to communicate at the same time. Therefore, applying the conventional public-key-based one-at-a-time group key establishment protocols has heavy computational cost or suffer from security vulnerabilities. At the same time, in an IoT HCS, a trusted KGC is usually not available and so more flexible self-organized multigroup keys generation will be desired by all group members. In order to address this issue, a practical scheme for efficient and flexible KGC-free polynomial-based multigroup key establishments for IoT HCS is proposed. The proposed protocol can generate multiple group keys for all group members at once, instead of generating one key each time for a single group; more importantly, there is no need for a trusted KGC in the process of group keys establishment and each user can join multiple groups at the same time using only one reserved share. Meanwhile, the security of the proposed protocol is discussed in detail. Finally, we compare this protocol with the latest related group key distribution protocols in performance analysis. The results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS.

Kui Ren,Hyunrok Lee,Kwangjo Kim,Taewhan Yoo

DOI: https://doi.org/10.1007/978-3-540-31815-6_13

2005-01-01

Abstract:Group key management presents a fundamental challenge in secure dynamic group communications. In this paper, we propose an efficient group authenticated key agreement protocol (EGAKA), which is designed to be fully distributed and fault-tolerant, provides efficient dynamic group membership management, mutual authentication among group members and is secure against both passive and active attacks. The features of EGAKA are as follows: Firstly, EGAKA can be built on any general two-party key exchange protocol without relying on a particular one. EGAKA achieves scalability and robustness in heterogenous environments by allowing members to use any available two-party protocol in common and deliberately designed fault-tolerant mechanism in dynamic membership management. Secondly, EGAKA provides extremely efficient member join services in terms of both communication and computation costs which are constant to the group size. This is a very useful property in the scenarios with frequent member addition.

Jianqing Fu,Jian Chen,Rong Fan,XiaoPing Chen,Lingdi Ping

DOI: https://doi.org/10.1109/wcse.2009.731

2009-01-01

Abstract:With the widespread use of mobile devices, authentication and privacy of identification become important issues. We analyzed the security flaws and shortcomings of a delegation-based authentication protocol which was proposed by Caimu Tang, et al., and provided an improved protocol. We use elliptic-curve cryptography and hash chain to ensure the safety of system in our scheme. The research results reveal that the improved protocol can not only corrects the security flaws but also improve the efficiency of key management and reduce the computational load.

Yi Sun,Qiaoyan Wen,Hongxiang Sun,Wenmin Li,Zhengping Jin,Hua Zhang

DOI: https://doi.org/10.1016/j.proeng.2011.12.731

2012-01-01

Procedia Engineering

Abstract:In traditional group key transfer protocol, the key generation center randomly selects a session key and then transports it that has been encrypted by another secret key. Afterwards, scholars construct authenticated key transfer protocols based on secret sharing instead of encryption algorithm. One typical protocol of this style is built by using the secret sharing scheme based on Language's interpolation polynomial. In this paper, we utilize an optimized secret sharing scheme instead of Language's interpolation polynomial. We provide mutual authentication to ensure that only the authorized group members can recover the right session key. What's more, all participants only need to store one secret share for all sessions. Besides, the change of the group members has no effect on the validity of the existing shares, which means the existing shares possess the excellent characteristic “one time assign, many times apply”.

Huihui Yang,Lei Jiao,Vladimir A. Oleshchuk

DOI: https://doi.org/10.1007/978-3-319-05302-8_3

2013-01-01

Abstract:In this paper, we propose a novel framework for group authentication and key exchange protocols. There are three main advantages of our framework. First, it is a general one, where different cryptographic primitives can be used for different applications. Second, it works in a one-to-multiple mode, where a party can authenticate several parties mutually. Last, it can provide several security features, such as protection against passive adversaries and impersonate attacks, implicit key authentication, forward and backward security. There are two types of protocols in our framework. The main difference between them is that the authenticator in Type II has a certificate while in Type I does not. Under the general framework, we also give the details of protocols based on Diffie-Hellman key exchange system, and discrete logarithm problem (DLP) or elliptic curve discrete logarithm problem (ECDLP) based ElGamal encryption respectively. Session keys will be established at the end of each session and they can be utilized later to protect messages transmitted on the communication channel.

Wang Changji,Yang Bo,Wu Jianping

DOI: https://doi.org/10.1007/s11767-005-0007-z

2005-01-01

Abstract:In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang’s protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang’s protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.

Kaiping Xue,Mingxiu Hu,Peilin Hong,Hancheng Lu

DOI: https://doi.org/10.1049/cp:20081037

2008-01-01

Abstract:Group key agreement protocols are important for collaborative and group-oriented applications,which enable group members to share a common conference key for secure group communication. Jung[1] proposed an efficient group key agreement protocol which does not need public key cryptosystems and can be applied in dynamic group applications. But not long ago Lee[2] found inside attack can disrupt group key establishment in Jung's scheme. In this paper, we propose two security improvements on Jung's scheme, which can trace malicious attack and malicious members, and does not leak sensitive information of the group. The purpose of the improvements are not to get the malicious out of the group, but to be tolerant of the existence of malicious members and the group key can still be established in the group.

Zisang Xu,Feng Li,Han Deng,Minfu Tan,Jixin Zhang,Jianbo Xu

DOI: https://doi.org/10.3390/s20174835

IF: 3.9

2020-08-27

Sensors

Abstract:With the rapid development of mobile networks, there are more and more application scenarios that require group communication. For example, in mobile edge computing, group communication can be used to transmit messages to all group members with minimal resources. The group key directly affects the security of the group communication. Most existing group key agreement protocols are often flawed in performance, scalability, forward or backward secrecy, or single node failure. Therefore, this paper proposes a blockchain-based authentication and dynamic group key agreement protocol. With our protocol, each group member only needs to authenticate its left neighbor once to complete the authentication, which improved authentication efficiency. In addition, our protocol guarantees the forward secrecy of group members after joining the group and the backward secrecy of group members after leaving the group. Based on blockchain technology, we solve the problem of single node failure. Furthermore, we use mathematics to prove the correctness and security of our protocol, and the comparison to related protocols shows that our protocol reduces computation and communication costs.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Beibei Cui,Wei He,Yan Cui

DOI: https://doi.org/10.1007/s10207-024-00876-2

2024-06-20

International Journal of Information Security

Abstract:At present, in addressing security challenges within 5 G-era Vehicular Ad-Hoc Networks (VANET), a new protocol has been designed in this paper, named V2X-GKA (Dynamic Group Authentication and Key Agreement Protocol based on C-V2X). V2X-GKA utilizes cryptographic techniques such as ECDLP and DBDH to effectively mitigate risks associated with certificate forgery and key theft. Through the integration of authentication and group key agreement mechanisms, the protocol facilitates dynamic member management and secure key updates without necessitating complete protocol re-execution. This approach not only ensures both forward and backward security but also optimizes algorithmic processes, rendering it highly suitable for real-time, high-speed mobile environments. Through necessary security analysis, it is confirmed that the V2X-GKA scheme in this paper meets the existing security objectives. Compared with other similar schemes, it exhibits a certain degree of completeness and superiority, particularly in open-channel scenarios.

computer science, information systems, theory & methods, software engineering

Adhirath Kabra,Sumit Kumar,Gaurav S. Kasbekar

DOI: https://doi.org/10.48550/arXiv.2008.06890

2020-08-16

Abstract:Many Internet of Things (IoT) scenarios require communication to and data acquisition from multiple devices with similar functionalities. For such scenarios, group communication in the form of multicasting and broadcasting has proven to be effective. Group Key Management (GKM) involves the handling, revocation, updation and distribution of cryptographic keys to members of various groups. Classical GKM schemes perform inefficiently in dynamic IoT environments, which are those wherein nodes frequently leave or join a network or migrate from one group to another over time. Recently, the `GroupIt' scheme has been proposed for GKM in dynamic IoT environments. However, this scheme has several limitations such as vulnerability to collusion attacks, the use of computationally expensive asymmetric encryption and threats to the backward secrecy of the system. In this paper, we present a highly efficient and secure GKM protocol for dynamic IoT settings, which maintains forward and backward secrecy at all times. Our proposed protocol uses only symmetric encryption, and is completely resistant to collusion attacks. Also, our protocol is highly flexible and can handle several new scenarios in which device or user dynamics may take place, e.g., allowing a device group to join or leave the network or creation or dissolution of a user group, which are not handled by schemes proposed in prior literature. We evaluate the performance of the proposed protocol via extensive mathematical analysis and numerical computations, and show that it outperforms the GroupIt scheme in terms of the communication and computation costs incurred by users and devices.

Networking and Internet Architecture,Cryptography and Security

Jianbin Hu,Hu Xiong,Zhi Guan,Cong Tang,Yonggang Wang,Wei Xin,Zhong Chen

DOI: https://doi.org/10.1109/ISPAW.2011.15

2011-01-01

Abstract:Key agreement protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities and which cannot be predetermined by any party. Recently, the notion of certificateless public key cryptography was introduced to mitigate the heavy certificate management burden in traditional public key infrastructure and key escrow problem in ID-based cryptosystem. In this paper, we present an efficient certificateless three-party authenticated key agreement protocol based on certificateless signature scheme. We show that the proposed protocol is secure (i.e. conforms to defined security attributes) while being efficient.

Daojing He,Chun Chen,Maode Ma,Sammy Chan,Jiajun Bu

DOI: https://doi.org/10.1002/dac.1355

2011-01-01

International Journal of Communication Systems

Abstract:SUMMARYPassword‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.

HM Sun,BC Chen,T Hwang

DOI: https://doi.org/10.1016/j.jss.2003.11.017

IF: 3.5

2004-01-01

Journal of Systems and Software

Abstract:Key exchange protocol is important for sending secret messages using the session key between two parties. In order to reach the objective, the premise is to generate a session key securely. Encryption key exchange was first proposed to generate a session key with a weak authenticated password against guessing attacks. Next, another authenticated key exchange protocols for three-party, two clients who request the session key and one server who authenticates the user's identity and assist in generating a session key, were proposed. In this paper, we focus on the three-party authenticated key exchange protocol. In addition to analyzing and improving a password-based authenticated key exchange protocol, a new verified-based protocol is also proposed.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.jnca.2012.10.001

IF: 7.574

2013-01-01

Journal of Network and Computer Applications

Abstract:Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In the recent years, several identity-based (ID-based) authenticated key agreement protocols have been proposed and most of them broken. In this paper, we formalize the security model of ID-based authenticated tripartite key agreement protocol and propose a provably secure ID-based authenticated key agreement protocol for three parties with formal security proof under the computational Diffie-Hellman assumption. Experimental results by using the AVISPA tool show that the proposed protocol is secure against various malicious attacks.

Zhao Hu,Yuesheng Zhu,Limin Ma

DOI: https://doi.org/10.1109/icon.2012.6506591

2012-01-01

Abstract:Kerberos is a widely-used network authentication protocol based on a trusted third-party. PKINIT, an enhanced Kerberos protocol which uses PKI mechanism, can prevent the password guessing attack, however, it introduces excessive amount of computational power. To enhance the security performance and computation efficiency of Kerberos, in this paper an improved Kerberos protocol based on Diffie-Hellman-DSA (DH-DSA) key exchange is proposed. Mutual authentication and key exchange between the client and Authentication Server (AS) can be simultaneously achieved with the proposed approach. Our experimental and analysis results have demonstrated that this new protocol can resist the password guessing attack and is more efficient and easily deployed than PKINIT.

Hu Xiong,Zhong Chen,Fagen Li

DOI: https://doi.org/10.1016/j.mcm.2011.10.001

2012-01-01

Mathematical and Computer Modelling

Abstract:Authenticated key agreement (AKA) protocols are multi-party protocols in which entities exchange public information allowing them to create a common secret key that is known only to those entities over an open network. Recently, in order to circumvent the key escrow problem inherent to ID-based cryptography and the certificate management burden in traditional public key infrastructure, the notion of certificateless public key cryptography (CL-PKC) was introduced. In this paper, we first present a security model for certificateless AKA protocols for three parties, and then propose an efficient construction based on bilinear pairings. The security of the proposed scheme can be proved to be equivalent to the computational Diffie–Hellman problem in the random oracle model.

Qiang Zhao,Zhuohua Li,John C.S. Lui

2023-12-07

Abstract:Quantum key distribution (QKD) protocols are essential to guarantee information-theoretic security in quantum communication. Although there was some previous work on quantum group key distribution, they still face many challenges under a ``\textit{dynamic}'' group communication scenario. In particular, when the group keys need to be updated in real-time for each user joining or leaving to ensure secure communication properties, i.e., forward confidentiality and backward confidentiality. However, current protocols require a large amount of quantum resources to update the group keys, and this makes them impractical for handling large and dynamic communication groups. In this paper, we apply the notion of ``{\em tree key graph}'' to the quantum key agreement and propose two dynamic Quantum Group Key Agreement (QGKA) protocols for a join or leave request in group communications. In addition, we analyze the quantum resource consumption of our proposed protocols. The number of qubits required per join or leave only increases logarithmically with the group size. As a result, our proposed protocols are more practical and scalable for large and dynamic quantum group communications.

Quantum Physics

Yong Gan,Bingli Wang,Yuan Zhuang,Yuan Gao,Zhigang Li,Qikun Zhang

DOI: https://doi.org/10.1002/ett.4179

IF: 3.6

2020-11-25

Transactions on Emerging Telecommunications Technologies

Abstract:<p>With the development of wireless mobile network and Internet of Things (IoT), users enter the network with a large amount of data and information, including some important personal information, such as ID number, telephone number. Personal privacy disclosure has become one of the focuses of attention. In this article, we propose an asymmetric group key agreement (GKA) protocol based on attribute threshold for IoT to protect user privacy. Users do not need to expose any personal information in the group, but only need to meet the same number of attributes and conduct bidirectional authentication registration with key generation center (KGC) to ensure the legitimacy of mobile terminal members participating in GKA. In the registration phase, user performs heavy preliminary calculations according to the designed protocol, thereby reducing the computation in the key agreement phase and decreasing the complexity of the protocol. The protocol can realize self‐verification, and any member participating in key agreement can verify the correctness of the negotiated key by themselves. Under the assumption of bilinear computational Diffie‐Hellman problem, the security of the protocol is proved. Performance analysis further shows that our protocol has lower energy consumption in terms of communication and computing.</p>

telecommunications

Sueda Guzey,Gunes Karabulut Kurt,Enver Ozdemir

2024-05-04

Abstract:Group authentication is a method of confirmation that a set of users belong to a group and of distributing a common key among them. Unlike the standard authentication schemes where one central authority authenticates users one by one, group authentication can handle the authentication process at once for all members of the group. The recently presented group authentication algorithms mainly exploit Lagrange's polynomial interpolation along with elliptic curve groups over finite fields. As a fresh approach, this work suggests use of linear spaces for group authentication and key establishment for a group of any size. The approach with linear spaces introduces a reduced computation and communication load to establish a common shared key among the group members. The advantages of using vector spaces make the proposed method applicable to energy and resource constrained devices. In addition to providing lightweight authentication and key agreement, this proposal allows any user in a group to make a non-member to be a member, which is expected to be useful for autonomous systems in the future. The scheme is designed in a way that the sponsors of such members can easily be recognized by anyone in the group. Unlike the other group authentication schemes based on Lagrange's polynomial interpolation, the proposed scheme doesn't provide a tool for adversaries to compromise the whole group secrets by using only a few members' shares as well as it allows to recognize a non-member easily, which prevents service interruption attacks.

Cryptography and Security