A key agreement protocol with partial backward confidentiality

Abstract

The essence of dynamic group key agreement protocols is to help compute a secure key for a group communication with a dynamic set of participants in distributed systems. In dynamic group key agreement protocols, the number of participants may change over time because of participants leaving or joining the group. The security of such join and leave operations are affected by the existence of backward confidentiality and forward confidentiality, respectively. Dynamic group key agreement protocols are expected to be used in applications such as file sharing systems. However, there are a number of problems in the use of existing dynamic group key agreement protocols in file sharing systems such as lack of privacy, violation of availability and dependency for key escrow. In this study, we propose a new security property called partial backward confidentiality. Partial backward confidentiality is the property, in which a new participant can compute the last valid group key just before joining the group but the new participant cannot compute former group keys. Moreover, we propose a key agreement protocol to show the provision of partial backward confidentiality that helps to solve file sharing system problems above. Furthermore, we have analyzed the security of the proposed protocol with respect to impersonation attacks under the difficulty in discrete logarithm problem and eavesdropping under the Decisional Difie-Hellman Problem. We present a proof of concept case study called Private File Sharing System in order to show the applicability of partial backward confidentiality property.