Group Session Key Research Articles

A secure and efficient password‐authenticated group key exchange protocol for mobile ad hoc networks

SUMMARYPassword‐authenticated group key exchange protocols enable communication parties to establish a common secret key (a session key) by only using short secret passwords. Such protocols have been receiving significant attention. This paper shows some security weaknesses in some recently proposed password‐authenticated group key exchange protocols. Furthermore, a secure and efficient password‐authenticated group key exchange protocol in mobile ad hoc networks is proposed. It only requires constant round to generate a group session key under the dynamic scenario. In other words, the overhead of key generation is independent of the size of a total group. Further, the security properties of our protocol are formally validated by a model checking tool called AVISPA. Security and performance analyses show that, compared with other related group key exchange schemes, the proposed protocol is also efficient for real‐world applications in enhancing the security over wireless communications. Copyright © 2011 John Wiley & Sons, Ltd.

A loss-tolerant group key management scheme with revocation capability for wireless sensor network

A new group key management scheme against the unreliable wireless communication channel and unsafe environment was proposed for wireless sensor network (WSN). In the proposed scheme, broadcast polynomial, generated over finite field Fq based on the secret sharing, was employed to revoke compromised sensor nodes. In order to tolerate key-update message loss, group session keys were generated as one-way hash chain sequence and distributed in advance. The analysis showes that the scheme has better performance in terms of the computation and communication overhead.

Recursive protocol for group-oriented authentication with key distribution

The authors propose a recursive protocol for group-oriented authentication with key exchange, in which a group of n entities can authenticate with each other and share a group session key. The proposed protocol has the following characteristics: First, it requires O( n) rounds of messages, O(log n) completion time, O(log n) waiting time, and O( n log n) communication overhead in average for the completion of the recursion. Second, it not only meets the five principles suggested by Diffie et al. [Diffie, W., van Oorschot, P.C., Wiener, M.J., 1992. Authentication and authenticated key exchange. Designs, Codes, and Cryptography 2 (2), 107–125] on the design of a secure key exchange protocol, but also achieves the properties of nondisclosure, independency, and integrity addressed by Janson and Tsudik [Janson, P., Tsudik, G., 1995. Secure and minimal protocols for authenticated key distribution. Computer Communications 18 (9), 645–653] for the authentication of the group session key. Third, we describe the beliefs of trustworthy entities involved in our authentication protocol and the evolution of these beliefs as a consequence of communication by using BAN logic. Finally, it is practical and efficient, because only one-way hash function and exclusive-or (XOR) operations are used in implementation.

Key establishment in large dynamic groups using one-way function trees

We present, implement, and analyze a new scalable centralized algorithm, called OFT, for establishing shared cryptographic keys in large, dynamically changing groups. Our algorithm is based on a novel application of one-way function trees. In comparison with the top-down logical key hierarchy (LKH) method of Wallner et al., our bottom-up algorithm approximately halves the number of bits that need to be broadcast to members in order to rekey after a member is added or evicted. The number of keys stored by group members, the number of keys broadcast to the group when new members are added or evicted, and the computational efforts of group members, are logarithmic in the number of group members. Among the hierarchical methods, OFT is the first to achieve an approximate halving in broadcast length, an idea on which subsequent algorithms have built. Our algorithm provides complete forward and backward security: Newly admitted group members cannot read previous messages, and evicted members cannot read future messages, even with collusion by arbitrarily many evicted members. In addition, and unlike LKH, our algorithm has the option of being member contributory in that members can be allowed to contribute entropy to the group key. Running on a Pentium II, our prototype has handled groups with up to 10 million members. This algorithm offers a new scalable method for establishing group session keys for secure large-group applications such as broadcast encryption, electronic conferences, multicast sessions, and military command and control.

Group-oriented authentication mechanism with key exchange

Most of the previously proposed authentication mechanisms are based on the individual-oriented approach and hence may be inefficient and not suitable for group-oriented applications. In this paper, we propose a group-oriented authentication mechanism with key exchange that can effectively resolve the security requirements of group-oriented communications. The proposed mechanism consists of three basics: the entity-to-entity (EE), the entity-to-group (EG) and the group-to-group (GG) subprotocols. All these subprotocols meet the authentication and secure key exchange requirements separately addressed by other authors. By the proposed mechanism, a set of temporal authenticated subgroups can be recursively formed in a divide-and-conquer manner and finally all entities in the target group can authenticate each other and exchange a group session key. Experimental analyses show that the proposed mechanism requires O( n log n) rounds of messages ( n is the number of entities in the target group) for achieving the authentication and key exchange among the entities in the target group, which outperforms the naive approach that is based on iteratively running either two-parties or three-parties authentication protocols for achieving the same purposes. Moreover, the proposed mechanism can be practically implemented in a large-scaled group-oriented application since only one-way hashing functions and exclusive-or operations are involved.

Availability of networks subject to scheduled-maintenance: J. M. Kontoleon. IEEE Trans. Reliab., R-28, (1) 90 (April 1979)

The authors propose a recursive protocol for group-oriented authentication with key exchange, in which a group of n entities can authenticate with each other and share a group session key. The proposed protocol has the following characteristics: First, it requires O(n) rounds of messages, O(log n) completion time, O(log n) waiting time, and O(n log n) communication overhead in average for the completion of the recursion. Second, it not only meets the five principles suggested by Diffie et al. [Diffie, W., van Oorschot, P.C., Wiener, M.J., 1992. Authentication and authenticated key exchange. Designs, Codes, and Cryptography 2 (2), 107–125] on the design of a secure key exchange protocol, but also achieves the properties of nondisclosure, independency, and integrity addressed by Janson and Tsudik [Janson, P., Tsudik, G., 1995. Secure and minimal protocols for authenticated key distribution. Computer Communications 18 (9), 645–653] for the authentication of the group session key. Third, we describe the beliefs of trustworthy entities involved in our authentication protocol and the evolution of these beliefs as a consequence of communication by using BAN logic. Finally, it is practical and efficient, because only one-way hash function and exclusive-or (XOR) operations are used in implementation.