A Secure Key Agreement Protocol for Dynamic Group

To accomplish secure group communication, it is essential to share a unique cryptographic key among group members. The underlying challenges to group key agreement are scalability, efficiency, and security. In a dynamic group environment, the rekeying process is more frequent; therefore, it is more crucial to design an efficient group key agreement protocol. Moreover, with the emergence of various group-based services, it is becoming common for several multicast groups to coexist in the same network. These multicast groups may have several shared users; a join or leave request by a single user can trigger regeneration of multiple group keys. Under the given circumstances the rekeying process becomes a challenging task. In this work, we propose a novel methodology for group key agreement which exploits the state vectors of group members. The state vector is a set of randomly generated nonce instances which determine the logical link between group members and which empowers the group member to generate multiple cryptographic keys independently. Using local knowledge of a secret nonce, each member can generate and share a large number of secure keys, indicating that SGRS inherently provides a considerable amount of secure subgroup multicast communication using subgroup multicasting keys derived from local state vectors. The resulting protocol is secure and efficient in terms of both communication and computation.Comment: This article is accepted for the publication in Cluster Computing-The Journal of Networks, Software Tools and Applications. Print ISSN 1386-7857, Online ISSN 1573-754

Key Agreement for Large-Scale Dynamic Peer Group

Many applications in distributed computing systems,such as IP telephony, teleconferencing, collaborative workspaces,interactive chats and multi-user games, involve dynamic peergroups. In order to secure communications in dynamic peergroups, group key agreement protocols are needed. In this paper,we come up with a new group key agreement protocol, composedof a basic protocol and a dynamic protocol, for large-scaledynamic peer groups. Our protocols are natural extensions ofone round tripartite Diffie-Hellman key agreement protocol. Inview of it, our protocols are believed to be more efficient thanthose group key agreement protocols built on two-party Diffie-Hellman key agreement protocol. In addition, our protocols havethe properties of group key secrecy, forward and backwardsecrecy, and key independence

An Efficient Distributed Group Key Management Using Hierarchical Approach with ECDH and Symmetric Algorithm

Ensuring secure communication in an ad hoc network is extremely challenging because of the dynamic nature of the network and the lack of centralized management. For this reason, key management is particularly difficult to implement in such networks. Secure group communication is an increasingly popular research area having received much attention in recent years. Group key management is a fundamental building block for secure group communication systems. We will present an efficient many-to-many group key management protocol in distributed group communication. In this protocol, group members are managed in the hierarchical manner logically. Two kinds of keys are used, asymmetric and symmetric keys. The leaf nodes in the key tree are the asymmetric keys of the corresponding group members and all the intermediate node keys are symmetric keys assigned to each intermediate node. For asymmetric key, a more efficient key agreement will be introduced. To calculate intermediate node keys, members use codes assigned to each intermediate node key tree. Group members calculate intermediate node keys rather than distributed by a sponsor member. The features of this approach are that, no keys are exchanged between existing members at join, and only one key, the group key, is delivered to remaining members at leave. Keywords: Elliptic Curve, Distributed Group Key Management, Hierarchical Key Management, Mobile Ad-hoc network (MANET)

Energy-Efficient ID-based Group Key Agreement Protocols for Wireless Networks

One useful application of wireless networks is for secure group communication, which can be achieved by running a Group Key Agreement (GKA) protocol. One well-known method of providing authentication in GKA protocols is through the use of digital signatures. Traditional certificate-based signature schemes require users to receive and verify digital certificates before verifying the signatures but this process is not required in ID-based signature schemes. In this paper, we present an energy-efficient ID-based authenticated GKA protocol and four energy-efficient ID-based authenticated dynamic protocols, namely Join, Leave, Merge and Partition protocol, to handle dynamic group membership events, which are frequent in wireless networks. We provide complexity and energy cost analysis of our protocols and show that our protocols are more energyefficient and suitable for wireless networks.

Multicast Key Agreement, Revisited

Multicast Key Agreement (MKA) is a long-overlooked natural primitive of large practical interest. In traditional MKA, an omniscient group manager privately distributes secrets over an untrusted network to a dynamically-changing set of group members. The group members are thus able to derive shared group secrets across time, with the main security requirement being that only current group members can derive the current group secret. There indeed exist very efficient MKA schemes in the literature that utilize symmetric-key cryptography. However, they lack formal security analyses, efficiency analyses regarding dynamically changing groups, and more modern, robust security guarantees regarding user state leakages: forward secrecy (FS) and post-compromise security (PCS). The former ensures that group secrets prior to state leakage remain secure, while the latter ensures that after such leakages, users can quickly recover security of group secrets via normal protocol operations. More modern Secure Group Messaging (SGM) protocols allow a group of users to asynchronously and securely communicate with each other, as well as add and remove each other from the group. SGM has received significant attention recently, including in an effort by the IETF Messaging Layer Security (MLS) working group to standardize an eponymous protocol. However, the group key agreement primitive at the core of SGM protocols, Continuous Group Key Agreement (CGKA), achieved by the TreeKEM protocol in MLS, suffers from bad worst-case efficiency and heavily relies on less efficient (than symmetric-key cryptography) public-key cryptography. We thus propose that in the special case of a group membership change policy which allows a single member to perform all group additions and removals, an upgraded version of classical Multicast Key Agreement (MKA) may serve as a more efficient substitute for CGKA in SGM. We therefore present rigorous, stronger MKA security definitions that provide increasing levels of security in the case of both user and group manager state leakage, and that are suitable for modern applications, such as SGM. We then construct a formally secure MKA protocol with strong efficiency guarantees for dynamic groups. Finally, we run experiments which show that the left-balanced binary tree structure used in TreeKEM can be replaced with red-black trees in MKA for better efficiency

Group key agreement in dynamic tactical networks

Mobile tactical (military) networks have a number of concerns that distinguish them from commercial networks. Of primary concern is information security, achieved in part through message encryption using a common key. These networks are often wireless and ad hoc, that is they lack fixed infrastructure and communications are relayed in a multi-hop fashion. The mobility of the nodes leads to a highly dynamic and unpredictable network topology as well as a dynamic communication group membership. The focus of this thesis is on finding a secure and efficient solution to group key agreement in a tactical network. Existing group key establishment protocols were surveyed, but many were found inept in this setting. The best solution was the Arbitrary Topology Group Diffie Hellman (AT-GDH). However, this protocol has not been fully specified as no provisions were made for auxiliary key agreements. To complete the AT-GDH key agreement, additional protocols are presented to be performed upon group membership changes. Each protocol was evaluated in terms of efficiency and security. All agreements stemming from additions to the group membership were found to be highly efficient. However, the exponential key structure impedes the efficient removal of one or more participant\u27s contributions