Analysis of Key Management Schemes for Secure Group Communication and Their Classification

Secure Group Communication is very critical for applications like board-meetings, group discussions and teleconferencing. Managing a set of secure group keys and group dynamics are the fundamental building blocks for secure group communication systems. Several group key management techniques have been proposed so far by many researchers. Some schemes are information theoretic and some are complexity theoretic in nature. Users in the secure group may negotiate with each other to derive a common group key or may compute the group key on their own. Some schemes involve a trusted Key Distribution Center (KDC), which generates and distributes initial pieces of information, whereas in other schemes users themselves select their private information. Storage at each user and communication cost among members of the group vary from scheme to scheme. Here, in this paper we discuss some of the key management schemes proposed earlier based on the considerations mentioned above. We also analyze the schemes with respect to storage, communication and computation costs

Efficient Dynamic Group Signature Scheme with Verifier Local Revocation and Time-Bound Keys using Lattices

Revocation is an important feature of group signature schemes. Verifier Local Revocation (VLR) is a popular revocation mechanism which involves only verifiers in the revocation process. In VLR, a revocation list is maintained to store the information about revoked users. The verification cost of VLR based schemes islinearly proportional to the size of recvocation list. In many applications, the size of revocation list grows with time, which makes the verification process expensive. In this paper, we propose a lattice based dynamic group signature using VLR and time bound keys to reduce the size of revocation list to speed up the verification process. In the proposed scheme, an expiration date is fixed for signing key of each group member, and verifiers can find out (at constantcost) if a signature is generated using an expired key. Hence revocation information of members who are revoked before signing key expiry date (premature revocation) are kept in revocation list, and other members are part of natural revocation. This leads to a significant saving on the revocation check by assuming natural revocation accounts for large fraction of the total revocation. This scheme also takes care of non-forgeability of signing key expiry date

Analysis of Key Management Schemes for Secure Group Communication and Their Classification

Secure Group Communication is very critical for applications like board-meetings, group discussions and teleconferencing. Managing a set of secure group keys and group dynamics are the fundamental building blocks for secure group communication systems. Several group key management techniques have been proposed so far by many researchers. Some schemes are information theoretic and some are complexity theoretic in nature. Users in the secure group may negotiate with each other to derive a common group key or may compute the group key on their own. Some schemes involve a trusted Key Distribution Center (KDC), which generates and distributes initial pieces of information, whereas in other schemes users themselves select their private information. Storage at each user and communication cost among members of the group vary from scheme to scheme. Here, in this paper we discuss some of the key management schemes proposed earlier based on the considerations mentioned above. We also analyze the schemes with respect to storage, communication and computation costs

On the Security of Group-based Proxy Re-encryption Scheme

Proxy re-encryption (PRE) allows a semi-trusted proxy to convert a ciphertext intended for Alice into a ciphertext for Bob without learning anything about the underlying plaintext. Chunbo Ma et al. have proposed a group based proxy re-encryption scheme to convert a ciphertext from one group to another. Any group member can independently decrypt the ciphertexts encrypted to its group. In their paper, the authors gave a security proof to say that the scheme is secure against adaptive chosen ciphertext attack. However, we highlight the flaws in their scheme and show that their scheme is not secure against adaptive chosen ciphertext attack. In this direction, we construct an adversary who issues only one decryption oracle query and break the security of their scheme with non-negligible advantage

Some Aggregate ForwardSecure Signature Schemes, In:

Abstract: Ordinary digital signatures have an inherent weakness: if the secret key is leaked, then all signatures, even the ones generated before the leak, are no longer trustworthy. Forward-secure digital signatures address this weakness, they ensure that the past signatures remain secure even if the current secret key is leaked. Following the notion of aggregate signatures introduced by Boneh et al, which provides compression of signatures, we have come up with aggregate signature schemes for ElGamal, DSA and BellareMiner forward-secure signatures. We describe two schemes of aggregation for the Bellare-Miner Scheme. The first is a aggregate signature scheme with aggregation done separately in different time periods.The second is a aggregate signature scheme with aggregation done for a set of time periods. All our schemes can be used for multiple signers. To avoid individual verification of signatures, we propose a method by which the verifier will be able to verify n signatures at a time using a single verification equation. We observe that our method saves approximately 160n modular multiplications when compared to individual signature verification of DSA. Keywords : Aggregate Signature, Forward-Security, Key evolution, Hash function, Digital Signature. I Introduction Aggregate signature schemes were introduced in 2003 by Boneh, Gentry, Lynn and Shacham [6]. Basically, an aggregate signature scheme is a digital signature that supports aggregation: Given n signatures on n distinct messages from n distinct users, it is possible to aggregate all these signatures into a single short signature. This single signature will convince the verifier that the n users did indeed sign the n original messages (i.e., user i signed message M i for i = 1, . . . , n). The advantage of these signatures is that they provide compression of signatures. In a general signature aggregation scheme each user i signs her message M i to obtain a signature σ i . Then anyone can use a public aggregation algorithm to take all n signatures σ 1 , . . . , σ n and compress them into a single signature σ. Moreover, the aggregation can be performed incrementally. Signatures σ 1 , σ 2 can be aggregated into σ 12 which can then be further aggregated with σ 3 to obtain σ 123 , and so on. Received December 22, 2008 There is also an aggregate verification algorithm that takes P K 1 , . . . , P K n , M 1 , . . . , M n and σ to decide whether the aggregate signature is valid. Thus, an aggregate signature provides non-repudiation at once on many different messages by many users. This is referred to as general aggregation since aggregation can be done by anyone and without the cooperation of the signers. In another type of aggregation called sequential aggregation scheme, signature aggregation can only be done during the signing process. Each signer in turn sequentially adds her signature to the current aggregate. Thus, there is an explicit order imposed on the aggregate signature and the signers must communicate with each other during the aggregation process. Operationally, sequential aggregation works as follows: U ser 1 signs M 1 to obtain σ 1 ; U ser 2 then combines σ 1 and M 2 to obtain σ 2 ; and so on. The final signature σ n binds U ser i to M i for all i = 1, . . . , n. In [6], the concept of an aggregate signature, security models for such signatures, and applications for aggregate signatures are presented. They construct an efficient aggregate signature from a recent short signature scheme based on bilinear maps due to Boneh, Lynn, and Shacham [6]. In 1554-1010 $ 03.50 Dynamic Publishers, Inc