15 research outputs found
Remarks on the Cryptographic Primitive of Attribute-based Encryption
Attribute-based encryption (ABE) which allows users to encrypt and decrypt
messages based on user attributes is a type of one-to-many encryption. Unlike
the conventional one-to-one encryption which has no intention to exclude any
partners of the intended receiver from obtaining the plaintext, an ABE system
tries to exclude some unintended recipients from obtaining the plaintext
whether they are partners of some intended recipients. We remark that this
requirement for ABE is very hard to meet. An ABE system cannot truly exclude
some unintended recipients from decryption because some users can exchange
their decryption keys in order to maximize their own interests. The flaw
discounts the importance of the cryptographic primitive.Comment: 9 pages, 4 figure
DGKD: Distributed Group Key Distribution with Authentication Capability
Group key management (GKM} is the most important issue in secure group communication (SCC). The existing GKM protocols fall into three typical classes: centralized group key distribution (CGKD), decentralized group key management (DGKM), and distributed/contributory group key agreement (CGKA). Serious problems remains in these protocols, as they require existence of central trusted entities (such as group controller or subgroup controllers), relaying of messages (by subgroup controllers), or strict member synchronization (JOT multiple round stepwise key agreement), thus suffering from the single point of failure and attack, performance bottleneck, or mis-operations in the situation of transmission delay or network failure. In this paper, we propose a new class of GKM protocols: distributed group key distribution (DGKD). The new DGKD protocol solves the above problems and surpasses the existing GKM protocols ZR terms of simplicity, efficiency, scalability, and robustness
DGKD: Distributed Group Key Distribution with Authentication Capability
Group key management (GKM} is the most important issue in secure group communication (SCC). The existing GKM protocols fall into three typical classes: centralized group key distribution (CGKD), decentralized group key management (DGKM), and distributed/contributory group key agreement (CGKA). Serious problems remains in these protocols, as they require existence of central trusted entities (such as group controller or subgroup controllers), relaying of messages (by subgroup controllers), or strict member synchronization (JOT multiple round stepwise key agreement), thus suffering from the single point of failure and attack, performance bottleneck, or mis-operations in the situation of transmission delay or network failure. In this paper, we propose a new class of GKM protocols: distributed group key distribution (DGKD). The new DGKD protocol solves the above problems and surpasses the existing GKM protocols ZR terms of simplicity, efficiency, scalability, and robustness
On the mean number of encryptions for tree-based broadcast encryption schemes
AbstractThe challenge of stateless-receiver broadcast encryption lies in minimizing storage and the number of encryptions while maintaining system security. Tree-based key distribution schemes offer the best known trade-off between the two parameters. Examples include the complete subtree scheme [D. Wallner, et al., Internet draft, http://www.ietf.org/ID.html [10]; C.K. Wong, et al., in: Proc. SIGCOMM, 1998, pp. 68–79 [11]], the subset difference scheme [D. Naor, et al., in: CRYPTO 2001, Lecture Notes in Comput. Sci., vol. 2139, 2001, pp. 41–62 [7]], and the layered subset difference scheme [D. Halevy, A. Shamir, in: CRYPTO 2002, Lecture Notes in Comput. Sci., vol. 2442, 2002, pp. 47–60 [5]]. We introduce generating functions for this family of schemes, which lead to analysis of the mean number of encryptions over all privileged sets of users. We also derive the mean number of encryptions when the number of privileged users is fixed. We expect that the techniques introduced as well as the results in this work will find applications in related areas
Efficient and Secure Multicast in WirelessMAN: A Cross-layer Design
Effectively adding security measures to a multicast service is an intriguing problem, especially when the service isdeployed in a wireless setting. Next generation IEEE 802.16standard WirelessMAN networks are a perfect example of this problem, and the latest draft specification of the standard includes a secure protocol solution called Multicast and Broadcast Rekeying Algorithm (MBRA). In this paper, we expose the security problems of MBRA, including non-scalability and omission of backward and forward secrecy, and propose new approaches, ELAPSE and ELAPSE+, to address these problems. In particular, ELAPSE+ makes use of membership and mobility information gathered in the application layer to augment the adaptive group management in the MAC layer. We analyze the security property of ELAPSE and ELAPSE+, and compare their performances with MBRA by simulating group rekeying scenarios
Optimal Multicast Group Communication
Many IP multicast based applications, such as Pay-TV, Multiplayer games, require controlling the group
memberships of senders and receivers. One common solution is to encrypt the data with a session key shared
with all authorized senders/receivers. To efficiently update the session key in the event of member removal,
many rooted-tree based group key distribution schemes have been proposed. However, most of the existing
rooted-tree based schemes are not optimal. In other words, given the O(log N) storage overhead, the
communication overhead is not minimized. On the other hand, although Flat Table scheme
achieves optimality , it is rather dismissed due to the vulnerability to collusion
attacks.
In this paper, we propose a key distribution scheme -- EGK that attains the same optimality as Flat Table
without collusion vulnerability. EGK also support dynamic subgroup communication initialized by each group
members (imagine a virtual chat room in the multicast group). Additionally, EGK provides constant message
size and requires O(log N) storage overhead at the group controller, which makes EGK suitable for
applications containing a large number of multicasting group members. Moreover, adding members in EGK
requires just one multicasting message. EGK is the first work with such features and out-performs all
existing schemes
BESTIE: Broadcast Encryption Scheme for Tiny IoT Equipments
In public key broadcast encryption, anyone can securely transmit a message to a group of receivers such that privileged users can decrypt it. The three important parameters of the broadcast encryption scheme are the length of the ciphertext, the size of private/public key, and the performance of encryption/decryption. It is suggested to decrease them as much as possible, however, it turns out that decreasing one increases the other in most schemes.
This paper proposes a new broadcast encryption scheme for tiny IoT equipments (BESTIE), minimizing the private key size in each user. In the proposed scheme, the private key size is O(log n), the public key size is O(log n), the encryption time per subset is O(log n), the decryption time is O(log n), and the ciphertext text size is O(r), where n denotes the maximum number of users and r indicates the number of revoked users. The proposed scheme is the first subset difference based broadcast encryption scheme to reduce the private size O(log n) without sacrificing the other parameters. We prove that our proposed scheme is secure under q-Simplified Multi-Exponent Bilinear Diffie-Hellman (q-SMEBDH) in the standard model
Collusion-Resistant Multicast Key Distribution Based on Homomorphic One-Way Function Trees
Providing security services for multicast, such as
traffic integrity, authentication, and confidentiality, requires
securely distributing a group key to group receivers. In the literature,
this problem is called multicast key distribution (MKD).
A famous MKD protocol—one-way function tree (OFT)—has
been found vulnerable to collusion attacks. Solutions to prevent
these attacks have been proposed, but at the cost of a higher
communication overhead than the original protocol. In this paper,
we prove falsity of a recently-proposed necessary and sufficient
condition for a collusion attack on the OFT protocol to exist
by a counterexample and give a new necessary and sufficient
condition for nonexistence of any type of collusion attack on it.
We instantiate the general notion of OFT to obtain a particular
type of cryptographic construction named homomorphic one-way
function tree (HOFT).We propose two structure-preserving graph
operations on HOFTs, tree product and tree blinding. One elegant
quality possessed by HOFTs is that handling (adding, removing,
or changing) leaf nodes in a HOFT can be achieved by using
tree product without compromising its structure. We provide
algorithms for handling leaf nodes in a HOFT. Employing HOFTs
and related algorithms, we put forward a collusion-resistant MKD
protocol without losing any communication efficiency compared
to the original OFT protocol. We also prove the security of our
MKD protocol in a symbolic security model