Conference Key Distribution System Research Articles

On the conference key distribution system with user anonymity

Conference Key Distribution Systems (CKDS) are well-analyzed systems for the computation and distribution of a symmetric key shared amongst a session's participants. We focus on previous CKDS with user anonymity and we propose modifications from the perspective of anonymity, dynamicity, efficiency and security crystallized in a novel CKDS design. The security of the proposed anonymous CKDS is based on the difficulty of computing discrete logarithms over Elliptic Curves, the intractability of inverting one-way hash functions and the creation of random, however disjoint, pseudonyms by the group members. Under these modifications, our proposed dynamic CKDS can be ported to clustered Mobile Ad Hoc Networks so that the members of a mobile group can rapidly establish a shared Conference Key. We demonstrate the effectiveness of the proposed scheme through performance comparisons and security analysis that covers passive and active attack scenarios.

UNCONDITIONALLY SECURE CONFERENCE KEY DISTRIBUTION: SECURITY NOTIONS, BOUNDS AND CONSTRUCTIONS

A conference key distribution is a protocol that allows designated subset of users to calculate a shared private key. We consider unconditionally secure conference key distribution systems where the adversary has unlimited computational power, and focuses on a stronger and more realistic adversary model, proposed by Safavi-Naini and Jiang, in which the adversary in addition to corrupting subsets of users and obtaining their private keys, can access the conference keys of a number of uncorrupted conferences. We consider alternative definitions of security with this adversary model and show the relationship between them. An important efficiency parameter for conference key distribution systems is the size of the users' private keys. We derive lower bounds on the size of this key and discuss the results in comparison with the known bounds. We also consider one-round Interactive Conference Key Distribution Systems (ICKDS) in the new adversarial model where the adversary in addition to learning the private keys of the corrupted users and a number of conference keys, has access to the transcripts of some conferences. We show that under this new adversary model, the previously proposed one round protocol of Blundo et. al. is no longer secure and we construct an ICKDS with provable security in the new adversarial model.

User-anonymous and short-term Conference Key Distribution System via link-layer routing in mobile communications

There are occasions when some people carry their portable devices to a hotel room or office to hold a short-term conference over wireless networks. This paper designs a user-anonymous and short-term Conference Key Distribution System (CKDS) to ensure secure communications over an open channel and to protect the identities of the users. Furthermore, linker-layer routing between the Mobile Hosts (MHs) makes it possible for MHs to directly communicate with one another. Under the random oracle model and the elliptic curve version of the Computational Diffie-Hellman (CDH) assumption, the proposed system is demonstrated to be provably secure against active adversaries. Compared with previously proposed systems, the proposed system is efficient in terms of communication and computational complexity, and is suitable for low-power mobile devices.

Secure authenticated group key agreement protocol in the MANET environment

Due to dynamic and infrastructure-less nature of Mobile Ad hoc Network (MANET) environment, there exist number of threats as mobile devices and nodes could freely move around in MANET such as eavesdropping of communications channels, modification of sensitive m-commerce transactions, Denial of Service(DoS), vulnerabilities of impersonation by malicious insiders etc. In this paper, we propose a novel authenticated group key agreement protocol for end-to-end security in the MANET environment without any infrastructure that is based on Burmester and Desmedt group key agreement protocol (Burmester M, Desmedt Y. A secure and efficient conference key distribution system. Advances in Cryptology – EuroCrypt ’94, Lecture Notes in Computer Science 1995;950:275–86) and their variants (Choi KY, Hwang JY, Lee DH. Efficient ID-based group key agreement with bilinear maps. Public Key Cryptography – PKC, Lecture Notes in Computer 2004;2947:130–144)]. We also design practical enhancements of BD and Choi et al.'s protocols that not only detect, but also identify malicious insiders by using the trusted arbiter who only involves in the protocol if the cheating has been occurred.

Security of Tseng–Jan’s conference key distribution system

Recently, Tseng and Jan presented anonymous conference key distribution systems that make use of the interpolating properties of polynomials. However, their protocol has some limitations in that users are not able to check the correctness of the distributed conference key but also verify if they take part in any particular protocol run. This leads to the possibility of an active attack. In this article, we show that Tseng and Jan’s protocol does not work properly because of its incompleteness. We also describe a simple and promising remedy to such a problem.

Comments on two anonymous conference key distribution systems

In this paper, we consider the security of two recently proposed anonymous conference key distribution schemes. We show that neither scheme is as practical as the authors' claim, and that, in certain circumstances, both schemes also suffer from security vulnerabilities. We also show that the attack described in one paper is invalid.

New conference key agreement protocol with user anonymity

In 2003, Yang et al. presented a conference key distribution system that was intended to provide user anonymity. Subsequently, Lin et al. pointed out a security flaw in Yang et al.'s scheme based on solving linear equations and proposed a modified scheme. Accordingly, the current paper reviews the schemes proposed by Yang et al. and Lin et al., highlights the weakness in both schemes, and then proposes a new conference key agreement scheme with user anonymity.

Cryptanalysis of the Tseng-Jan Anonymous Conference Key Distribution System Without Using A One-Way Hash Function

This paper mounts a conspiracy attack on the anonymous conference key distribution system without using a one-way hash function proposed by Tseng and Jan. The attack described in the article can reveal the participants’ common key shared with the chairperson.

Comments on the Yang–Chang–Hwang anonymous conference key distribution system

Yang et al. [Comput. Stand. Interfaces 25 (2003)] proposed a conference key distribution system (CKDS) based on the elliptic curve discrete logarithm problem (ECDLP). Their scheme used a line with a hash value to broadcast the conference key. In this article, we point out that it suffers from the attack by solving linear equations to obtain the hash value h i . Thus, the conference key CK can be obtained by using the known parameter h i . We also propose an improved scheme to overcome the weakness.

A new anonymous conference key distribution system based on the elliptic curve discrete logarithm problem

In 1999, Tseng and Jan [Comput. Commun. 22 (1999) 749] proposed two conference key distribution systems (CKDS) with user anonymity based on the discrete logarithm problem and the interpolating properties of polynomials. Their first CKDS scheme uses a one-way hash function to hide the identities of the participants and to protect each participant's common key that is shared with the chairperson. In this article, we will propose a more efficient CKDS scheme with user anonymity that is based on the elliptic curve discrete logarithm problem and the properties of the line. Our scheme has the advantage of requiring less computing time than the Tseng–Jan CKDS with a one-way hash function.

The design of conference key distribution system employing a symmetric balanced incomplete block design

A conference key distribution system is a scheme to generate a conference key, and then to distribute this key to only participants attending the conference in order to communicate with each other securely. In this paper, an efficient conference key distribution system is presented by employing a symmetric balanced incomplete block design (SBIBD), one class of block designs. Through techniques for creating a conference key and for performing authentication based on identification information, the communication protocol is designed. The protocol presented minimizes the message overhead for generating a conference key. In a special class of SBIBD the message overhead is O(v v ) , where v is the number of participants. The security of the protocol, which is a significant problem in the construction of a secure system, can be proved as computationally difficult to calculate as factoring and discrete logarithms.

Broadcast authentication for group communication

Traditional point-to-point message authentication systems have been extensively studied in the literature. In this paper, we consider authentication systems for group communication. The basic primitive is a multireceiver authentication system with dynamic senders (DMRA-code). In a DMRA-code any member of the group can broadcast an authenticated message to the rest of the group such that every other member of the group can individually verify the authenticity of the message. We give a flexible ‘synthesis’ construction for DMRA-codes by combining an A-code and a key distribution pattern. tDMRA-codes extend this model when there are up to t senders. We give two constructions, one algebraic and one by ‘synthesis’ of an A-code and a perfect hash family. We show universality of ‘synthesis’ constructions for unconditional and computational models of security which means that our results have wider range applications. Finally, to demonstrate the usefulness of DMRA model, we modify a secure dynamic conference-key distribution system to construct a secure dynamic conference system that provides secrecy and authenticity of communication among conferencees. The system is key-efficient as its key requirement remains nearly the same as the original conference key distribution system and so authentication is effectively obtained without any extra cost. We discuss possible extensions to this work.

( t, m) Threshold and generalized ID-based conference key distribution system

One strategy for distributing conference keys is for a chairman to one-way distribute the conference key to all participants. However, the chairman does not know whether the participants are present to receive the conference key or not. Thus, the number of attendants for the conference cannot be controlled, a drawback when a conference requires that the number of members exceed a certain threshold value. This paper will propose a new scheme such that only when t or more members out of m participants of the conference are on-line, can they derive the conference key. The scheme is also extended to a generalized case.

Anonymous conference key distribution systems based on the discrete logarithm problem

In 1997, Wu [T.C. Wu, Conference key distribution system with user anonymity based on algebraic approach, IEE Proc. Comput. Digit. Tech. 144(2) (1997) 145–148] proposed a conference key distribution system (CKDS) with user anonymity using algebraic operations. User anonymity is, in which the identities of participants in a conference are anonymous to each other, except for the chairperson. In this article, two CKDSs with user anonymity are proposed. One is a modified one of the Wu’s scheme that uses simple interpolating properties of polynomials to replace the algebraic approach. Both the Wu’s original scheme and our modified one require a one-way hash function to hide the identities of participants and to protect each participant’s common key shared with the chairperson. Both schemes also use the one-way hash function to provide the authentication for the chairperson. Moreover, we propose another scheme which does not use a one-way hash function, but also achieve the same purposes. Compared to the Wu’s scheme, both our schemes require less computing time. The security of the proposed CKDSs is based on the difficulty of computing the discrete logarithm problem as well as the one-way hash cryptographic function assumption. Both schemes are secure against impersonation and conspiracy attacks.

A conference key distribution system for the star configuration based on the discrete logarithm problem

A conference key distribution system for the star configuration is proposed which is based on the discrete logarithm problem. In the protocol of this system, one of the participants is a chairperson and every other participant communicates only with the chairperson. The proposed system has the following properties, 1. (i) The number of the exchanged messages is linear in that of the participants, 2. (ii) It is not necessary for every participant to verify that he shares a common conference key with other participants after the end of the protocol, 3. (iii) Each participant can confirm the attendance of the other participants.

Conference key distribution system with user anonymity based on algebraic approach

Most previously proposed conference key distribution systems (CKDSs) have been performed through modular exponentiation, which makes them inefficient in practical usage, especially in the case that the attending principals of the conference have less computing power. Extended from the Diffie-Hellman key distribution system (KDS), we propose an efficient CKDS with user anonymity based on the algebraic approach. The main feature of the proposed CKDS is that, except for the chairperson, all the attending principals of the conference are anonymous to each other, and even the unattending principals do not know who the attending ones are. With proper precomputation of the common secret keys shared between each pair of principals (each requires one modular exponentiation), the proposed CKDS can be performed efficiently, because only one-way hash functions and simple algebraic operations are required. The authors also show that, based on the Diffie-Hellman (DH) and the one-way hash (OWH) assumptions, the proposed CKDS is secure against impersonation and conspiracy attacks.

On the security of Wu and Yeh's conference key distribution system

In 1993, Wu and Yeh proposed a conference key distribution system based on cross-product operation on row vectors over the Galois Field GF( P). In this research note, we show that an opponent who knows the ID of a member in the conference can compute the conference key without knowing any secret from the system. Furthermore, we suggest a modified scheme to avoid this attack.

Cryptanalysis and improvement on a conference key distribution system

Abstract In 1993, Wu and Yeh proposed a conference key distribution system based on cross product. In this paper, we will show that Wu and Yeh's system is breakable. We also propose a modified scheme for the conference key distribution system under the same assumption, which can achieve better security.

A conference key distribution system based on cross-product

Extended from the Diffie-Hellman public key distribution system (PKDS), we propose a conference key distribution system (CKDS) based on the cross-product operations on row vectors over a Galois field GF( P), where P is a prime number. In our CKDS, the chairperson computes a conference key CK and then embeds it to some public interpolating polynomials to let only the legal intended principals recover CK, while the illegal intended principals can not. From the public parameters, an intruder or any intended principal in the network does not know how many and who are the legal intended principals in the conference. Furthermore, since the construction of the CK does not interfere with the secret keys of the intended principals, any intended principals in the network has no useful information for revealing any other principals' secret keys. Besides, our CKDS can be implemented practically.

Identity‐based conference key distribution systems

AbstractThis paper proposes identity‐based key distribution systems for generating a common secret conference key for two or more users. Users are connected in a ring, a complete graph, or a star network. Messages among them are authenticated using each user's identification information. The security of the proposed systems is based on the difficulty of both factoring large numbers and computing discrete logarithms over large finite fields.