1 / 12

A three round authenticated group key agreement protocol for ad hoc networks

A three round authenticated group key agreement protocol for ad hoc networks. Authors: Daniel Augot, Raghav Bhaskar, Val é rie Issarny, and Daniele Sacchetti Sources: Pervasive and Mobile Computing, 3(1), pp. 36-52, 2007. Reporter: Chun-Ta Li ( 李俊達 ). Outline. Motivation

regina
Download Presentation

A three round authenticated group key agreement protocol for ad hoc networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A three round authenticated group key agreement protocol for ad hoc networks Authors: Daniel Augot, Raghav Bhaskar, Valérie Issarny, and Daniele Sacchetti Sources: Pervasive and Mobile Computing, 3(1), pp. 36-52, 2007. Reporter: Chun-Ta Li (李俊達)

  2. Outline • Motivation • The proposed protocol • IKA (Initial Key Agreement) • Join • Leave • Comparisons • Comments 2 2

  3. Motivation • Group key agreement • Dynamism in ad hoc networks • Merge and partition • Simple and efficient • Group leader election • Security goals • Key secrecy • Key independence • Forward secrecy

  4. The proposed protocol • Notations

  5. The proposed protocol (cont.) • IKA (Initial Key Agreement) Round 1: 2 3 U1 broadcasts {msg1,1 = {INIT, U1, N1, H(gr1)}, σ1,1} 3. msg1,2 1. msg1,1 1 Round 2: 2. msgi Ui=2,3,4,5 verifies msg1,1 ?= σ1,1 4 5 Ui sends {msgi = {IREPLY, U1, N1, Ui, Ni, gri},σi} to U1 Key computation: Round 3: Ui=2,3,4,5 verifies msg1,2 ?= σ1,2 Ui=2,3,4,5 verifies gri and H(gr1) U1 verifies msgi ?= σi Key = gr1 * Πgrir1 = gr1(1+Σri) U1 broadcasts {msg1,2 = {IGROUP, U1, N1,{Ui, Ni, gri, grir1}, σ1,2}

  6. The proposed protocol (cont.) • IKA (Initial Key Agreement) Round 1: 2 U1 broadcasts {msg1,1 = {INIT, U1, N1, H(gr1)}, σ1,1} 3 Round 2: 3. msg1,2 1. msg1,1 1 U3 generates N3, gr3 to U1 U2 generates N2, gr2 to U1; 2. msgi U5 generates N5, gr5 to U1 U4 generates N4, gr4 to U1; 4 5 Round 3: U1 broadcasts {gr2, gr3, gr4, gr5, (gr2)r1, (gr3)r1, (gr4)r1, (gr5)r1} Key computation: Key = gr1(1+r2+r3+r4+r5)

  7. The proposed protocol (cont.) • Join (U6) Old Key = gr1(1+r2+r3+r4+r5) Round 1: 2 U6 broadcasts {msg6 = {JOIN, U6, N6, gr6}, σ6} 3 Round 2: 1 U1 generates a new secret r1* and sends {gr1*, gr2, gr3, gr4, gr5} to U6 JOIN JOIN 4 5 Round 3: 6 U6 broadcasts {gr1*, gr2, gr3, gr4, gr5, (gr1*)r6, (gr2)r6, (gr3)r6, (gr4)r6, (gr5)r6} to the group New group leader New Key = gr6(1+r1*+r2+r3+r4+r5)

  8. The proposed protocol (cont.) • Leave (U5) Old Key = gr1(1+r2+r3+r4+r5) Round 1: 2 3 U5 sends {msg5 = {DEL, U5, N5}, σ5} to U1 1 Round 2: LEAVE U1 generates a new secret r1” and broadcasts {gr2, gr3, gr4, (gr2)r1”, (gr3)r1”, (gr4)r1”} to the group 4 5 New Key = gr1”(1+r2+r3+r4)

  9. Comparisons • Efficiency comparison of GKA protocols

  10. Comments • Security attack (A dishonest member Eve in a group; DoS attack) • Eve first collects the LEAVE message that broadcasts from Bob before. • Then Eve could masquerade as Bob to send the LEAVE message to the group leader. • Finally, every member in a group would compute the new key except Bob.

  11. Comments (cont.) • Example Old Key = gr1(1+r2+r3+r4+rEve+rBob) Round 1: 2 Eve sends {msgBob = {DEL, UBob, NBob}, σBob} to U1 3 Group leader Round 2: 1 U1 generates a new secret r1*and broadcasts {gr2, gr3, gr4, grEve, (gr2)r1*, (gr3)r1*, (gr4)r1*, (grEve)r1*} to the group LEAVE 4 Bob Eve New Key = gr1*(1+r2+r3+r4+rEve)

  12. Comments (cont.) • Improvement Old Key = gr1(1+r2+r3+r4+r5) Round 1: 2 3 U5 sends {msg5 = E{Old Key{DEL, U5, N5}}, σ5} to U1 1 Round 2: LEAVE U1 generates a new secret r1” and broadcasts {gr2, gr3, gr4, (gr2)r1”, (gr3)r1”, (gr4)r1”} to the group 4 5 New Key = gr1”(1+r2+r3+r4)

More Related