03-05-2012, 03:12 PM
Authenticated Group Key Transfer Protocol Based on Secret Sharing
Authenticate.pdf (Size: 507.56 KB / Downloads: 89)
INTRODUCTION
IN most secure communication, the following two security
functions are commonly considered:
. Message confidentiality: Message confidentiality ensures the
sender that the message can be read only by an intended
receiver.
. Message authentication: Message authentication ensures the
receiver that the message was sent by a specified sender
and the message was not altered en route.
To provide these two functions, one-time session keys need to be
shared among communication entities to encrypt and authenticate
messages. Thus, before exchanging communication messages, a key
establishment protocol needs to distribute one-time secret session
keys to all participating entities. The key establishment protocol
also needs to provide confidentiality and authentication for session
keys. According to [5], there are two types of key establishment
protocols: key transfer protocols and key agreement protocols. Key
transfer protocols rely on a mutually trusted key generation center
(KGC) to select session keys and then transport session keys to all
communication entities secretly. Most often, KGC encrypts session
keys under another secret key shared with each entity during
registration. In key agreement protocols, all communication entities
are involved to determine session keys. The most commonly used
key agreement protocol is Diffie-Hellman (DH) key agreement
protocol [12].
PRELIMINARIES
In this section, we introduce some fundamental backgrounds.
Definition 1 (Factoring Problem). Let us choose two large safe primes
p and q (i.e., primes such that p0 ¼ p1
2 and q0 ¼ q1
2 are also primes)
and compute n ¼ pq. n is made publicly known. Factoring problem is
defined to compute factors p and q such that n ¼ pq.
Definition 2 (Factoring Assumption). It is computationally intractable
to solve the Factoring Problem.
Secret sharing schemes were introduced by both Blakley [1] and
Shamir [26] independently in 1979 as a solution for safeguarding
cryptographic keys and have been studied extensively in the
literatures. In a secret sharing scheme, a secret s is divided into
n shares and shared among n shareholders in such a way that, with
any t or more than t shares, it is able to reconstruct this secret; but,
with fewer than t shares, it cannot reconstruct the secret. Such a
scheme is called a ðt; nÞ secret sharing, denoted as ðt; nÞ-SS.
Goals
The main security goals for our group key transfer protocol are:
1) key freshness; 2) key confidentiality; and 3) key authentication.
Key freshness is to ensure that a group key has never been used
before. Thus, a compromised group key cannot cause any further
damage of group communication. Key confidentiality is to protect
the group key such that it can only be recovered by authorized
group members; but not by any un-authorized user. Key authentication
is to provide assurance to authorized group members that
the group key is distributed by KGC; but not by an attacker.
SECURITY ANALYSIS
In this section, we first consider two types of adversaries in our
proposed protocol, insider and outsider. Then, we prove that our
proposed protocol achieves the security goals mentioned in
Section 3 and is against inside and outside attacks.
Attacks
Adversaries can be categorized into two types. The first type of
adversaries are outsiders of a particular group. The outside attacker
can try to recover the secret group key belonging to a group that
the outsider is unauthorized to know. This attack is related to the
confidentiality of group key. In our proposed protocol, anyone can
send a request to KGC for requesting a group key service. The
outside attacker may also impersonate a group user to request a
group key service. In security analysis, we will show that the
outside attacker gains nothing from this attack since the attacker
cannot recover the group key. The second type of adversaries are
insiders of a group who are authorized to know the secret group
key; but inside attacker attempts to recover other member’s secret
shared with KGC. Since any insider of a group is able to recover
the same group key, we need to prevent inside attacker knowing
other member’s secret shared with KGC.