1 / 33

Efficient Group Authenticated Key Agreement Protocol for Dynamic Group s

WISA 2004 (23-25, Aug). Efficient Group Authenticated Key Agreement Protocol for Dynamic Group s. Kui Ren * , Hyunrok Lee*, Kwangjo Kim * , and Taewhan Yoo** * IRIS, Information and Communications University , Daej e on, Korea

irene-dalton
Télécharger la présentation

Efficient Group Authenticated Key Agreement Protocol for Dynamic Group s

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WISA 2004 (23-25, Aug) Efficient GroupAuthenticated Key Agreement Protocol for Dynamic Groups Kui Ren*, Hyunrok Lee*, Kwangjo Kim*, and Taewhan Yoo** * IRIS, Information and Communications University, Daejeon, Korea ** Electronics and Telecommunications Research Institute, Daejeon, Korea

  2. Contents • Introduction • EGAKA Overview • Notation and Primitives • EGAKA • EGAKA-KE (Key Establishment) • EGAKA-KU (Key Update) • Complexity & Security Analysis • Conclusion • Q & A

  3. Introduction (1/3) • Secure group communication • A (large) group of users communicate with one another in a secure way • Ex) Teleconferencing, Collaborative work, Multiple interactive game, VPN (Virtual Private Networks), Wireless Ad-hoc Networks • Dynamic Peer Groups • Relatively small (~ 100 of members) • No hierarchy • Frequent membership changes • Any member can be sender and receiver

  4. Introduction (2/3) • Group Key Management • A group key • Shared only by current group members • Communication encrypted/decrypted by the group key • Difficult aspect Dynamics • Join • Backward secrecy • Allow the joining member(s) to decrypt future messages, but not previous messages • Leave: • Forward secrecy • Prevent the leaving member(s) from decrypting future messages • Burst behavior: • Multiple joins and/or multiple leavessimultaneously.

  5. Introduction (3/3) • Classification • Group Key Distribution • One party generates a secret key anddistributes to others • Not suitable for dynamic groups • Group Key Agreement • Secret key is derived jointly by two ormore parties • Key is a function of informationcontributed byeach member • No party can pre-determine the key • Motivation • Need Group Key Agreement • Strong security • Dynamic membership management • Adapt to heterogeneous environments • Efficiency in communication and computation

  6. EGAKA Overview (1/2) • EGAKA • Efficient Group Authenticated Key Agreement protocol • Important Properties • Distributed • Fault-tolerant • Efficient dynamic group membership management • Mutual authentication among group members • Secure against both passive and active attacks • Can be built on any two-party authenticated key exchange protocols • E.g. Diffie-Hellman protocol, password based protocol • Achieves scalability and robustnessin heterogeneous environments • provides efficient member join services • Low communicationand computation costs, and they are constant to the group size.

  7. EGAKA Overview (2/2) • Trust Model • Any singlecurrent member can authenticate the newmembers and accept them. • Assumption • Do not consider insider attacks • The secrecy of group keys and the integrity of group membership • The size of dynamics group < 200 • Group members in dynamic groups have different security primitives • For generating the group key • Use Common two-party key exchange protocol

  8. Notation and Primitives (1/4)

  9. Notation and Primitives (2/4) Root node Interior node Isolated Leaf node Leaf node Key pair: Kij & Bij

  10. Notation and Primitives (3/4) CP5*= {N31, N22, N12} KP5*= {N32, N21, N11}

  11. Notation and Primitives (4/4) M2’s view of the group which could be divided into lsubgroups

  12. EGAKA • Two basic sub-protocol • EGAKA-KE : Key Establishment Protocol • EGAKA-KU : Key Update Protocol • Both sub-protocols are subtle integrations of above mentioned binarykey tree structure, one way functions and two-party key agreement protocol, as well as symmetric encryption algorithm.

  13. EGAKA-KE • EGAKA-KE includes two phases: • Phase I • To complete group entity authentication by applying anychosen two-party authenticated key agreement protocol • Phase II • The group key generationprocess.

  14. EGAKA-KE: Phase I (1/6) • Tasks to accomplish • choose the two-party protocol in common • generate the key tree structure • perform mutual authentication according to generated tree structure • establish peer-to-peer session keys among members.

  15. EGAKA-KE: Phase I (2/6) M2 M3 Hello, here is the key tree structure Hello, I want to use DH protocol, and M4 can be the one to generate the key tree structure M1 M4 M7 M5 M6

  16. EGAKA-KE: Phase I (3/6) M2 M3 M1 M4 M7 M5 M6

  17. EGAKA-KE: Phase I (4/6) M2 M3 M1 M4 M7 M5 M6

  18. EGAKA-KE: Phase I (5/6) Session Key Execution Results of EGAKA-KE: Phase I

  19. EGAKA-KE: Phase I (6/6) • Rounds = 2 (except for protocol negotiation step) • Two-party key exchange protocol executes exactly n-1 times to finish the entity authentication among group members

  20. EGAKA-KE: Phase II (1/5)

  21. EGAKA-KE: Phase II (2/5) KG M1 needs to compute M1 yet to know Round 1 M1 knows M1’s view of the group

  22. EGAKA-KE: Phase II (3/5) M1 needs to compute KG Round 2 M1 yet to know M1 knows M1’s view of the group

  23. EGAKA-KE: Phase II (4/5) KG Round 3 M1 compute M1 knows M1’s view of the group

  24. EGAKA-KE: Phase II (5/5) • Rounds = d, where d equals to , n is the size of the group. • No computational expensive operation is needed in this phase.

  25. EGAKA-KU: Member Join Protocol (1/5)

  26. EGAKA-KU: Member Join Protocol (2/5)

  27. EGAKA-KU: Member Leave Protocol (3/5)

  28. EGAKA-KU: Member Leave Protocol (4/5)

  29. EGAKA-KU(5/5) • In Member Join Protocol: only fixed 6 exponential operations are needed for any member to be added to the group and update the group key. Moreover, this cost is constant to group size. This property is very useful in scenarios with frequent member additions. • Member Leave protocol is not as efficient as member join protocol, but it’s robust and fault-tolerant.

  30. Complexity and Security Analysis • Complexity Analysis • Communication and computation costs • Comparison between EGAKA and other well known key establishment protocols • A-DH is used as the underlyingtwo-party authenticated key agreement protocol in order to provide a quantificational comparison. • Security Analysis • Provide informal security analysis. (Formal analysis is undergoing) • Secure against both passive and active attacks • Do not consider insider attacks • Provide forward and backward secrecy

  31. Comparison

  32. Conclusion • In this paper, we propose EGAKA (Efficient Group Authenticated Key Agreement) protocol • Distributed • Fault-tolerant • Efficient dynamic group membership management • Mutual authentication among group members • Secure against both passive and active attacks • Can be built on any two-party authenticated key exchange protocols • E.g. Diffie-Hellman protocol, password based protocol • Achieves scalability and robustnessin heterogeneous environments • provides efficient member join services • Low communicationand computation costs, and they are constant to the group size. • Support fault-tolerant property to achieve robustness in member leave service

  33. Thank you for your attentionQ&A

More Related