Abstract
Group authentication enables a set of users to mutually authenticate each other without the help of a coordinating manager, which has proven effective for the new framework of cloud-to-things computing. Recently many group authentication schemes have been proposed using threshold secret sharing technique. In this article we review these schemes and show that some of group authentication schemes based on secret sharing are insecure. Specifically we develop an impersonation attack against such schemes. This attack allows an outsider with no credential to successfully authenticate herself to a group of users. The idea behind our attack is quite simple: in the threshold setting, when the size of the group is larger than the threshold an outsider can compute a linear combination of honest users’ tokens which validates her identity though she is actually not a registered member in the group. Finally we propose three types of security enhancement to fix the vulnerability. Our improved group authentication schemes avoid the above attack by breaking the linearity of threshold secret sharing, using the technique of signature, splitting communication and commitment scheme.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
