Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Novel Group Key Transfer Protocol

Published byEugenia Garrett Modified over 5 years ago

Similar presentations

Presentation on theme: "A Novel Group Key Transfer Protocol"— Presentation transcript:

1 A Novel Group Key Transfer Protocol
许静芳 Harn Lein 曾兵 华中师范大学计算机学院 University of Missouri- Kansas City USA 华南理工大学计算机软件学院

2 Why need group key transfer?
It needs efficient solutions to ensure secure group communications. Most existing solutions: Depending on key generation center (KGC) to transport the group key extra communication costs Using traditional threshold secret sharing schemes.  increases computational complexity

3 Secret Sharing

4 Threshold Secret Sharing Scheme (TSSS)
By computing a (t-1)-th degree interpolating polynomial, a secret S is divided into n pieces, k1, k2,…,kn, called “shares”, such that a) any t or more than t shares can recover the secret S; b) fewer than t shares cannot get any information about the secret S.

5 Linear secret sharing scheme (LSSS)
Simply needs to compute an inner product of two vectors in order to encrypt and decrypt the secret: A natural and useful generalization of TSSS An advantage in terms of computational complexity Maintaining equal security to TSSS

6 Disadvantages of depending on KGC
Potentially limited communication from KGC to the user Unavailability of a fully trusted KGC Extra communication costs

7 Our Results A novel group key transfer protocol Proposal: Based on DH key agreement and a perfect LSSS; Without an online KGC; Resist potential attacks; Significantly reduce the overhead of system.

8 Our group key transfer protocol
consists of two phases: the secret establishment phase the session key transfer phase Initialization: a) A set of n users, {1,…,n} with each user having a public/private key pair {puk, prk} such that b) An initiator, one of the group members, is n and endowed with the authority to originate the group communications.

9 The secret establishment phase
Contains the following steps: Step 1. The initiator broadcasts a request containing a random number , his/her long-term public key pukn, and a list of members {1,…,n}, to announce the group communication.

10 The secret establishment phase
Step 2. Upon receiving the announcement from the initiator, each group member i, for i=1,…n-1, selects a random number and uses his/her private key puki to compute the secret as Afterwards, i computes and sends to the initiator as a response

11 The secret establishment phase
Step 3. After receiving the message from each i, the initiator computes and then checks If the result is valid, the initiator believes that the secret is shared with corresponding group member i. Otherwise, the initiator claims that i is fraudulent and then restarts the protocol.

12 The session key transfer phase
LSSS based on Vandermonde Matrix a) Given a basis of with for , the mapping defined by is determined. b) Every set of at most (t+1) vectors of the form is linearly independent, this scheme satisfies the basic requirements of secret sharing and is information-theoretically secure.

13 The session key transfer phase
Upon sharing the secret with corresponding group member i, the initiator randomly selects a group key and distributes it to the other group members in a secure and authenticated manner. All communications between the initiator and the other group members are in a broadcast channel. The initiator and the other group members execute the following steps:

14 The session key transfer phase
Step 1. The initiator separates each shared secret si into two parts xi and yi, where for i=1,…,n-1, and randomly generates a session key Then, the initiator computes n-1 additional values and the value , where the vector , the inner product and h is a one-way hash function. The initiator broadcasts to the other group members.

15 The session key transfer phase
Step 2. For each group member i except the initiator, knowing the public value, Ui, is able to compute the inner product and recover the group key Then, i needs to compute and check whether this hash value is identical to Auth. If these two values are identical, i authenticates the group key is sent from the initiator.

16 Security Analysis ● key freshness. ● key confidentiality ● key authentication. ● against outsider attack. ● against insider attack.

17 Performance Evaluation
●The drawback of KGC is that if the server is compromised, the network is totally unsecured. Hence, we used the CDH assumption to share the secrets between the initiator and other users. Our method is more efficient and more practical. ● In key transfer phase, we use a LSSS to replace the TSSS, because LSSS is more computation-efficient than TSSS. The computational comparison is given.

18 Questions and Comments?

Download ppt "A Novel Group Key Transfer Protocol"

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.

1 Secure Credit Card Transactions on an Untrusted Channel Source: Information Sciences in review Presenter: Tsuei-Hung Sun ( 孫翠鴻 ) Date: 2010/9/24.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September 2007 1.

Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Key Agreement Guilin Wang School of Computer Science 12 Nov. 2007.

Key Agreement Guilin Wang School of Computer Science 12 Nov
An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.

An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Digital Signatures, Message Digest and Authentication Week-9.

Digital Signatures, Message Digest and Authentication Week-9.
Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)
Protocol Analysis. CSCE 522 - Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

Similar presentations

Ads by Google