A Secure Key Agreement Protocol for Dynamic Group

To accomplish secure group communication, it is essential to share a unique cryptographic key among group members. The underlying challenges to group key agreement are scalability, efficiency, and security. In a dynamic group environment, the rekeying process is more frequent; therefore, it is more crucial to design an efficient group key agreement protocol. Moreover, with the emergence of various group-based services, it is becoming common for several multicast groups to coexist in the same network. These multicast groups may have several shared users; a join or leave request by a single user can trigger regeneration of multiple group keys. Under the given circumstances the rekeying process becomes a challenging task. In this work, we propose a novel methodology for group key agreement which exploits the state vectors of group members. The state vector is a set of randomly generated nonce instances which determine the logical link between group members and which empowers the group member to generate multiple cryptographic keys independently. Using local knowledge of a secret nonce, each member can generate and share a large number of secure keys, indicating that SGRS inherently provides a considerable amount of secure subgroup multicast communication using subgroup multicasting keys derived from local state vectors. The resulting protocol is secure and efficient in terms of both communication and computation.Comment: This article is accepted for the publication in Cluster Computing-The Journal of Networks, Software Tools and Applications. Print ISSN 1386-7857, Online ISSN 1573-754

An Efficient Distributed Group Key Management Using Hierarchical Approach with ECDH and Symmetric Algorithm

Ensuring secure communication in an ad hoc network is extremely challenging because of the dynamic nature of the network and the lack of centralized management. For this reason, key management is particularly difficult to implement in such networks. Secure group communication is an increasingly popular research area having received much attention in recent years. Group key management is a fundamental building block for secure group communication systems. We will present an efficient many-to-many group key management protocol in distributed group communication. In this protocol, group members are managed in the hierarchical manner logically. Two kinds of keys are used, asymmetric and symmetric keys. The leaf nodes in the key tree are the asymmetric keys of the corresponding group members and all the intermediate node keys are symmetric keys assigned to each intermediate node. For asymmetric key, a more efficient key agreement will be introduced. To calculate intermediate node keys, members use codes assigned to each intermediate node key tree. Group members calculate intermediate node keys rather than distributed by a sponsor member. The features of this approach are that, no keys are exchanged between existing members at join, and only one key, the group key, is delivered to remaining members at leave. Keywords: Elliptic Curve, Distributed Group Key Management, Hierarchical Key Management, Mobile Ad-hoc network (MANET)

Group key agreement protocols with implicit key authentication

There have been numerous studies performed on secure group communication over unsecured channels such as the Internet and ad-hoc network. Most of the results are focused on cryptographic methods to share secret keys within the group. In the real world, however, we cannot establish an application for group communication without considering authentication of each peer (group member) since the adversary could digitally disguise itself and intrude into the key sharing process without valid membership. Therefore, authentication is an inevitable component for any secure communication protocols as well as peer group communication. In the classical design of group key protocols, each peer should be authenticated by a separate and centralized authentication server (e.g. Kerberos). Although many practical protocols present efficient ways for authentication, we are still facing the necessity of optimization between authentication and group key sharing. In that sense, implicit key authentication is an ideal property for group key protocols since, once it is possibly put into practice, we do not need any separate authentication procedure as a requisite. There was an attempt to devise implicit key authentication service in conjunction with group key agreement protocol; Authenticated Group Diffie-Hellman (A-GDH) and its stronger version (SA-GDH). Unfortunately, both were proved to have some weakness from the man-in-the-middle attacks. In this project, practical fixes for A-GDH and SA-GDH using Message Authentication Code (MAC) schemes are proposed and performance evaluation is carried out from implementation and experimentation for each: A-GDH, SA-GDH, A-GDH with MAC, and SA-GDH with MAC. Finally, the policies how and where to deploy authenticated GDH protocols are discussed under various group communication scenarios

The performance of Group Diffie-Hellman paradigms: a software framework and analysis

A mobile computing environment typically involves groups of small, low-power devices interconnected through a mobile and dynamic network. Attempts to secure communication over these “ad-hoc” networks must be scalable to conserve the minimal resources of mobile devices as network sizes grow. In this project, the scalability of differing Group Diffie-Hellman security key generation implementations is examined. In theory, the implementation utilizing a data structure with the lowest theoretical run-time complexity for building the Diffie-Hellman group should prove the most scalable experimentally. A common modular framework was implemented to support generic Group Diffie-Hellman key agreement implementations abstracted from the underlying data structure and traversal mechanism. For comparison, linear, tree-based, and hypercubic Group Diffie-Hellman topologies were implemented and tested. Studies were conducted upon the results to compare the experimental scalability of each implementation to the other implementations as well as the theoretic predictions. The results indicate that the benefits of implementations with low theoretic-complexity are rarely experienced in smaller networks (less than 100 nodes,) and conversely implementations with high theoretic-complexities become unsuitable in larger networks (more than 100 nodes.) These experimental results match the theoretical predictions based on the mathematical properties of each implementation. Since mobile ad-hoc networks are typically small, less efficient, less complex implementations of Group Diffie-Hellman key agreement will suit most needs, however larger networks will require more efficient implementations

Energy-Efficient ID-based Group Key Agreement Protocols for Wireless Networks

One useful application of wireless networks is for secure group communication, which can be achieved by running a Group Key Agreement (GKA) protocol. One well-known method of providing authentication in GKA protocols is through the use of digital signatures. Traditional certificate-based signature schemes require users to receive and verify digital certificates before verifying the signatures but this process is not required in ID-based signature schemes. In this paper, we present an energy-efficient ID-based authenticated GKA protocol and four energy-efficient ID-based authenticated dynamic protocols, namely Join, Leave, Merge and Partition protocol, to handle dynamic group membership events, which are frequent in wireless networks. We provide complexity and energy cost analysis of our protocols and show that our protocols are more energyefficient and suitable for wireless networks.

Group key agreement in dynamic tactical networks

Mobile tactical (military) networks have a number of concerns that distinguish them from commercial networks. Of primary concern is information security, achieved in part through message encryption using a common key. These networks are often wireless and ad hoc, that is they lack fixed infrastructure and communications are relayed in a multi-hop fashion. The mobility of the nodes leads to a highly dynamic and unpredictable network topology as well as a dynamic communication group membership. The focus of this thesis is on finding a secure and efficient solution to group key agreement in a tactical network. Existing group key establishment protocols were surveyed, but many were found inept in this setting. The best solution was the Arbitrary Topology Group Diffie Hellman (AT-GDH). However, this protocol has not been fully specified as no provisions were made for auxiliary key agreements. To complete the AT-GDH key agreement, additional protocols are presented to be performed upon group membership changes. Each protocol was evaluated in terms of efficiency and security. All agreements stemming from additions to the group membership were found to be highly efficient. However, the exponential key structure impedes the efficient removal of one or more participant\u27s contributions

Practical Supersingular Isogeny Group Key Agreement

We present the first quantum-resistant $n$-party key agreement scheme based on supersingular elliptic curve isogenies. We show that the scheme is secure against quantum adversaries, by providing a security reduction to an intractable isogeny problem. We describe the communication and computational steps required for $n$ parties to establish a common shared secret key. Our scheme is the first non-generic quantum-resistant group key agreement protocol, and is more efficient than generic protocols, with near-optimal communication overhead. In addition, our scheme is contributory, which in some settings is a desirable security property: each party applies a function of their own private key to every further transmission. We implement the proposed protocol in portable C for the special case where three parties establish a shared secret. Moreover, we benchmark our software on two generations of Intel processors, highlighting the feasibility and efficiency of using the proposed scheme in practical settings. The proposed software computes the entire group key agreement in 994 and 1,374 millions of clock cycles on Intel Core i7-6500 Skylake and Core i7-2609 Sandy Bridge processors, respectively

Fault-Tolerant Extension of Hypercube Algorithm for Efficient, Robust Group Communications in MANETs

Securing multicast communications in Mobile Ad Hoc Networks (MANETs) has become one of the most challenging research directions in the areas of wireless networking and security. MANETs are emerging as the desired environment for an increasing number of commercial and military applications, addressing also an increasing number of users. Security on the other hand, is becoming an indispensable requirement of our modern life for all these applications. However, the limitations of the dynamic, infrastructure-less nature of MANETs impose major difficulties in establishing a secure framework suitable for group communications. The design of efficient key management (KM) schemes for MANET is of paramount importance, since the performance of the KM functions (key generation, entity authentication, key distribution/agreement) imposes an upper limit on the efficiency and scalability of the whole secure group communication system. In this work, we contribute towards efficient, robust and scalable, secure group communications for MANETs, by extending an existing key agreement (KA) scheme (where all parties contribute equally to group key generation) ypercube - to tolerate multiple member failures with low cost, through its integration with a novel adaptively proactive algorithm. We assume that the participating users have already been authenticated via some underlying mechanism and we focus on the design and analysis of a fault-tolerant Hypercube, with the aim to contribute to the robustness and efficiency of Octopus-based schemes (an efficient group of KA protocols for MANETs using Hypercube as backbone). We compare our algorithm with the existing approach, and we evaluate the results of our analysis. Through our analysis and simulation results we demonstrate how the new Hypercube algorithm enhances the robustness of the Octopus schemes maintaining their feasibility in MANETs at the same time. Key terms: Key Management, Key Agreement, Hypercube Protocol, Fault-Tolerance, Octopus Schemes, Elliptic Curves Cryptograph