Group authentication scheme based on zero-knowledge proof

Рассматривается проблема взаимной аутентификации пользователей в децентрализованных системах обмена сообщениями в отсутствие доверенной третьей стороны. Предложен алгоритм взаимной аутентификации пользователей групп на основе доказательства с нулевым разглашением. Алгоритм позволяет аутентифицировать пользователей децентрализованной сети без установки общего секрета по стороннему каналу, опираясь на существующие в сети цепочки доверия. В основе метода лежит протокол демократичной групповой подписи DGS и алгоритм выработки общего ключа для больших и динамических групп CCEGK. Проведены анализ безопасности, устойчивости схемы аутентификации, в том числе к атаке Сивиллы, и оценка сложности предлагаемого алгоритма. Алгоритм реализован на модельном децентрализованном приложении на основе P2P топологии Chord, с помощью модельной реализации сделаны оценки накладных расходов схемы аутентификации и времени сходимости для некоторых частных случаев конфигураций групп пользователей и начальных цепочек доверия

Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas

GPRKEY - A NOVEL GROUP KEY REKEYING TECHNIQUE FOR MANET

A Mobile Ad hoc Network (MANET) is a collection of autonomous nodes or mobile devices that can arrange themselves in various ways and work without strict network administration. Ensuring security in mobile ad hoc networks is a challenging issue and most of the applications in mobile ad hoc networks involve group oriented communication. Mostly cryptographic techniques are used to provide the security to MANETs. Cryptographic techniques will not be efficient security mechanism if the key management is weak. The issue of packet loss in MANET that is caused due to multi casting and backward and forward secrecy results in mobility. Hence, we investigate on this issue and propose a method to overcome this scenario. On analysing the situation we find that frequent rekeying leads to huge message overhead and hence increases energy utilization. With the existing key management techniques it causes frequent disconnections and mobility issues. Therefore, an efficient multi casting group key management will help to overcome the above problems. In this paper we propose a novel group key rekeying technique named GPRKEY (Group key with Periodic ReKEYing) deal with scalability issue of rekeying and also analyze the performance of the newly proposed key management method using key trees. In this approach we use the periodic rekeying to enhance the scalability and avoid out of sync problems. We use sub trees and combine them using the merging algorithm and periodic re-keying algorithm. The GPRKEY is evaluated through NS-2 simulation and compared with existing key management techniques OFT (One-way Function Tree) and LKH (Logical Key Hierarchy). The security and performance of rekeying protocols are analyzed through detailed study and simulation

A three round authenticated group key agreement protocol for ad hoc networks

International audienceGroup Key Agreement (GKA) protocols enable the participants to derive a key based on each one's contribution over a public network without any central authority. They also provide efficient ways to change the key when the participants change. While some of the proposed GKA protocols are too resource consuming for the constraint devices often present in ad hoc networks, others lack a formal security analysis. In this paper, we propose a simple, efficient and secure GKA protocol well-suited to ad hoc networks and present results of our implementation of the same in a prototype application

Adaptive trust and reputation system as a security service in group communications

Group communications has been facilitating many emerging applications which require packet delivery from one or more sender(s) to multiple receivers. Owing to the multicasting and broadcasting nature, group communications are susceptible to various kinds of attacks. Though a number of proposals have been reported to secure group communications, provisioning security in group communications remains a critical and challenging issue. This work first presents a survey on recent advances in security requirements and services in group communications in wireless and wired networks, and discusses challenges in designing secure group communications in these networks. Effective security services to secure group communications are then proposed. This dissertation also introduces the taxonomy of security services, which can be applied to secure group communications, and evaluates existing secure group communications schemes. This dissertation work analyzes a number of vulnerabilities against trust and reputation systems, and proposes a threat model to predict attack behaviors. This work also considers scenarios in which multiple attacking agents actively and collaboratively attack the whole network as well as a specific individual node. The behaviors may be related to both performance issues and security issues. Finally, this work extensively examines and substantiates the security of the proposed trust and reputation system. This work next discusses the proposed trust and reputation system for an anonymous network, referred to as the Adaptive Trust-based Anonymous Network (ATAN). The distributed and decentralized network management in ATAN does not require a central authority so that ATAN alleviates the problem of a single point of failure. In ATAN, the trust and reputation system aims to enhance anonymity by establishing a trust and reputation relationship between the source and the forwarding members. The trust and reputation relationship of any two nodes is adaptive to new information learned by these two nodes or recommended from other trust nodes. Therefore, packets are anonymously routed from the \u27trusted\u27 source to the destination through \u27trusted\u27 intermediate nodes, thereby improving anonymity of communications. In the performance analysis, the ratio of the ATAN header and data payload is around 0.1, which is relatively small. This dissertation offers analysis on security services on group communications. It illustrates that these security services are needed to incorporate with each other such that group communications can be secure. Furthermore, the adaptive trust and reputation system is proposed to integrate the concept of trust and reputation into communications. Although deploying the trust and reputation system incurs some overheads in terms of storage spaces, bandwidth and computation cycles, it shows a very promising performance that enhance users\u27 confidence in using group communications, and concludes that the trust and reputation system should be deployed as another layer of security services to protect group communications against malicious adversaries and attacks

Securing group key exchange against strong corruptions and key registration attacks

Abstract: In Group Key Exchange (GKE) protocols, users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets, in addition to the possibly used long-lived keys. Undoubtedly, security impact of strong corruptions is serious, and thus specifying appropriate security requirements and designing secure GKE protocols appears an interesting yet challenging task -the aim of our article. We start by investigating the current setting of strong corruptions and derive some refinements like opening attacks that allow to reveal ephemeral secrets of users without their long-lived keys. This allows to consider even stronger attacks against honest, but 'opened' users. Further, we define strong security goals for GKE protocols in the presence of such powerful adversaries and propose a 3-round GKE protocol, named TDH1, which remains immune to their attacks under standard cryptographic assumptions. Our security definitions allow adversaries to register users and specify their longlived keys, thus, in particular capture attacks of malicious insiders for the appropriate security goals such as Mutual Authentication, key confirmation, contributiveness, key control and keyreplication resilience. Keywords: authenticated group key exchange; GKE; contributiveness; insider attacks; key registration; mutual authentication; MA; strong corruptions; tree Diffie-Hellman; TDH1. Reference to this paper should be made as follows: Biographical notes: Emmanuel Bresson received his PhD at the École normale supérieure in Paris. He works as a Cryptography Expert for government teams. His main research subjects involve key exchange mechanisms and authentication for multi-party protocols with provable security. He has published his work in many international conference papers and security focusing journals. Mark Manulis received his PhD in Computer Science from the Ruhr University Bochum in 2007. His research focuses on security and cryptography related to key management, authentication, anonymity and privacy in distributed applications and (wireless) communications

Group Key Exchange Enabling On-Demand Derivation of Peer-to-Peer Keys

Abstract. We enrich the classical notion of group key exchange (GKE) protocols by a new property that allows each pair of users to derive an independent peer-to-peer (p2p) key on-demand and without any subsequent communication; this, in addition to the classical group key shared amongst all the users. We show that GKE protocols enriched in this way impose new security challenges concerning the secrecy and independence of both key types. The special attention should be paid to possible collusion attacks aiming to break the secrecy of p2p keys possibly established between any two non-colluding users. In our constructions we utilize the well-known parallel Diffie-Hellman key exchange (PDHKE) technique in which each party uses the same exponent for the computation of p2p keys with its peers. First, we consider PDHKE in GKE protocols where parties securely transport their secrets for the establishment of the group key. For this we use an efficient multi-recipient ElGamal encryption scheme. Further, based on PDHKE we design a generic compiler for GKE protocols that extend the classical Diffie-Hellman method. Finally, we investigate possible optimizations of these protocols allowing parties to re-use their exponents to compute both group and p2p keys, and show that not all such GKE protocols can be optimized. Key words: group key exchange, peer-to-peer keys, on-demand derivation