Efficient group authenticated key agreement protocol for dynamic group s
This presentation is the property of its rightful owner.
Sponsored Links
1 / 33

Efficient Group Authenticated Key Agreement Protocol for Dynamic Group s PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on
  • Presentation posted in: General

WISA 2004 (23-25, Aug). Efficient Group Authenticated Key Agreement Protocol for Dynamic Group s. Kui Ren * , Hyunrok Lee*, Kwangjo Kim * , and Taewhan Yoo** * IRIS, Information and Communications University , Daej e on, Korea

Download Presentation

Efficient Group Authenticated Key Agreement Protocol for Dynamic Group s

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Efficient group authenticated key agreement protocol for dynamic group s

WISA 2004 (23-25, Aug)

Efficient GroupAuthenticated Key Agreement Protocol for Dynamic Groups

Kui Ren*, Hyunrok Lee*, Kwangjo Kim*, and Taewhan Yoo**

* IRIS, Information and Communications University, Daejeon, Korea

** Electronics and Telecommunications Research Institute, Daejeon, Korea


Contents

Contents

  • Introduction

  • EGAKA Overview

  • Notation and Primitives

  • EGAKA

    • EGAKA-KE (Key Establishment)

    • EGAKA-KU (Key Update)

  • Complexity & Security Analysis

  • Conclusion

  • Q & A


Introduction 1 3

Introduction(1/3)

  • Secure group communication

    • A (large) group of users communicate with one another in a secure way

      • Ex) Teleconferencing, Collaborative work, Multiple interactive game, VPN (Virtual Private Networks),Wireless Ad-hoc Networks

  • Dynamic Peer Groups

    • Relatively small (~ 100 of members)

    • No hierarchy

    • Frequent membership changes

    • Any member can be sender and receiver


Introduction 2 3

Introduction(2/3)

  • Group Key Management

    • A group key

      • Shared only by current group members

      • Communication encrypted/decrypted by the group key

    • Difficult aspect Dynamics

      • Join

        • Backward secrecy

        • Allow the joining member(s) to decrypt future messages, but not previous messages

      • Leave:

        • Forward secrecy

        • Prevent the leaving member(s) from decrypting future messages

      • Burst behavior:

        • Multiple joins and/or multiple leavessimultaneously.


Introduction 3 3

Introduction(3/3)

  • Classification

    • Group Key Distribution

      • One party generates a secret key anddistributes to others

      • Not suitable for dynamic groups

    • Group Key Agreement

      • Secret key is derived jointly by two ormore parties

      • Key is a function of informationcontributed byeach member

      • No party can pre-determine the key

  • Motivation

    • Need Group Key Agreement

      • Strong security

      • Dynamic membership management

      • Adapt to heterogeneous environments

      • Efficiency in communication and computation


Egaka overview 1 2

EGAKA Overview(1/2)

  • EGAKA

    • Efficient Group Authenticated Key Agreement protocol

    • Important Properties

      • Distributed

      • Fault-tolerant

      • Efficient dynamic group membership management

      • Mutual authentication among group members

      • Secure against both passive and active attacks

    • Can be built on any two-party authenticated key exchange protocols

      • E.g. Diffie-Hellman protocol, password based protocol

    • Achieves scalability and robustnessin heterogeneous environments

    • provides efficient member join services

      • Low communicationand computation costs, and they are constant to the group size.


Egaka overview 2 2

EGAKA Overview(2/2)

  • Trust Model

    • Any singlecurrent member can authenticate the newmembers and accept them.

  • Assumption

    • Do not consider insider attacks

      • The secrecy of group keys and the integrity of group membership

    • The size of dynamics group < 200

    • Group members in dynamic groups have different security primitives

    • For generating the group key

      • Use Common two-party key exchange protocol


Notation and primitives 1 4

Notation and Primitives(1/4)


Notation and primitives 2 4

Notation and Primitives(2/4)

Root node

Interior node

Isolated Leaf node

Leaf node

Key pair: Kij & Bij


Notation and primitives 3 4

Notation and Primitives(3/4)

CP5*= {N31, N22, N12}

KP5*= {N32, N21, N11}


Notation and primitives 4 4

Notation and Primitives(4/4)

M2’s view of the group which could be divided into lsubgroups


Egaka

EGAKA

  • Two basic sub-protocol

    • EGAKA-KE : Key Establishment Protocol

    • EGAKA-KU : Key Update Protocol

    • Both sub-protocols are subtle integrations of above mentioned binarykey tree structure, one way functions and two-party key agreement protocol, as well as symmetric encryption algorithm.


Egaka ke

EGAKA-KE

  • EGAKA-KE includes two phases:

    • Phase I

      • To complete group entity authentication by applying anychosen two-party authenticated key agreement protocol

    • Phase II

      • The group key generationprocess.


Egaka ke phase i 1 6

EGAKA-KE: Phase I (1/6)

  • Tasks to accomplish

    • choose the two-party protocol in common

    • generate the key tree structure

    • perform mutual authentication according to generated tree structure

    • establish peer-to-peer session keys among members.


Egaka ke phase i 2 6

EGAKA-KE: Phase I (2/6)

M2

M3

Hello, here is the key tree structure

Hello, I want to use DH protocol, and M4 can be the one to generate the key tree structure

M1

M4

M7

M5

M6


Egaka ke phase i 3 6

EGAKA-KE: Phase I (3/6)

M2

M3

M1

M4

M7

M5

M6


Egaka ke phase i 4 6

EGAKA-KE: Phase I (4/6)

M2

M3

M1

M4

M7

M5

M6


Egaka ke phase i 5 6

EGAKA-KE: Phase I (5/6)

Session Key

Execution Results of EGAKA-KE: Phase I


Egaka ke phase i 6 6

EGAKA-KE: Phase I (6/6)

  • Rounds = 2 (except for protocol negotiation step)

  • Two-party key exchange protocol executes exactly n-1 times to finish the entity authentication among group members


Egaka ke phase ii 1 5

EGAKA-KE: Phase II (1/5)


Egaka ke phase ii 2 5

EGAKA-KE: Phase II (2/5)

KG

M1 needs to

compute

M1 yet to know

Round 1

M1 knows

M1’s view of the group


Egaka ke phase ii 3 5

EGAKA-KE: Phase II (3/5)

M1 needs to

compute

KG

Round 2

M1 yet to know

M1 knows

M1’s view of the group


Egaka ke phase ii 4 5

EGAKA-KE: Phase II (4/5)

KG

Round 3

M1 compute

M1 knows

M1’s view of the group


Egaka ke phase ii 5 5

EGAKA-KE: Phase II (5/5)

  • Rounds = d, where d equals to , n is the size of the group.

  • No computational expensive operation is needed in this phase.


Egaka ku member join protocol 1 5

EGAKA-KU: Member Join Protocol (1/5)


Egaka ku member join protocol 2 5

EGAKA-KU: Member Join Protocol (2/5)


Egaka ku member leave protocol 3 5

EGAKA-KU: Member Leave Protocol (3/5)


Egaka ku member leave protocol 4 5

EGAKA-KU: Member Leave Protocol (4/5)


Egaka ku 5 5

EGAKA-KU(5/5)

  • In Member Join Protocol: only fixed 6 exponential operations are needed for any member to be added to the group and update the group key. Moreover, this cost is constant to group size. This property is very useful in scenarios with frequent member additions.

  • Member Leave protocol is not as efficient as member join protocol, but it’s robust and fault-tolerant.


Complexity and security analysis

Complexity and Security Analysis

  • Complexity Analysis

    • Communication and computation costs

  • Comparison between EGAKA and other well known key establishment protocols

    • A-DH is used as the underlyingtwo-party authenticated key agreement protocol in order to provide a quantificational comparison.

  • Security Analysis

    • Provide informal security analysis. (Formal analysis is undergoing)

    • Secure against both passive and active attacks

    • Do not consider insider attacks

    • Provide forward and backward secrecy


Comparison

Comparison


Conclusion

Conclusion

  • In this paper, we propose EGAKA (Efficient Group Authenticated Key Agreement) protocol

    • Distributed

    • Fault-tolerant

    • Efficient dynamic group membership management

    • Mutual authentication among group members

    • Secure against both passive and active attacks

  • Can be built on any two-party authenticated key exchange protocols

    • E.g. Diffie-Hellman protocol, password based protocol

  • Achieves scalability and robustnessin heterogeneous environments

  • provides efficient member join services

    • Low communicationand computation costs, and they are constant to the group size.

  • Support fault-tolerant property to achieve robustness in member leave service


Efficient group authenticated key agreement protocol for dynamic group s

Thank you for your attentionQ&A


  • Login