On the security of group communication schemes

Secure group communications are a mechanism facilitating protected transmission of messages from a sender to multiple receivers, and many emerging applications in both wired and wireless networks need the support of such a mechanism. There have been many secure group communication schemes in wired networks, which can be directly adopted in, or appropriately adapted to, wireless networks such as mobile ad hoc networks (MANETs) and sensor networks. In this paper we show that the popular group communication schemes that we have examined are vulnerable to the following attack: An outside adversary who compromises a certain legitimate group member could obtain all past and present group keys (and thus all the messages protected by them); this is in sharp contrast to the widely-accepted belief that a such adversary can only obtain the present group key (and thus the messages protected by it). In order to understand and deal with the attack, we formalize two security models for stateful and stateless group communication schemes. We show that some practical methods can make a subclass of existing group communication schemes immune to the attack. An extended abstract of this paper appeared as [29].

[1]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[2]  Sushil Jajodia,et al.  Kronos: a scalable group re-keying approach for secure multicast , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3]  Guevara Noubir,et al.  Secure multicast groups on ad hoc networks , 2003, SASN '03.

[4]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[5]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[6]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[7]  Radha Poovendran,et al.  Cross-layer design for energy-efficient secure multicast communications in ad hoc networks , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[8]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[9]  Radha Poovendran,et al.  Power proximity based key management for secure multicast in ad hoc networks , 2007, Wirel. Networks.

[10]  Dong Hoon Lee,et al.  One-Way Chain Based Broadcast Encryption Schemes , 2005, EUROCRYPT.

[11]  Xiaozhou Li,et al.  Batch rekeying for secure group communications , 2001, WWW '01.

[12]  Shouhuai Xu On the security of group communication schemes based on symmetric key cryptosystems , 2005, SASN '05.

[13]  Radha Poovendran,et al.  VP3: using vertex path and power proximity for energy efficient key distribution , 2004, IEEE 60th Vehicular Technology Conference, 2004. VTC2004-Fall. 2004.

[14]  Matthew K. Franklin,et al.  Lower Bounds for Multicast Message Authentication , 2001, EUROCRYPT.

[15]  D. Micciancio,et al.  Optimal Communication Complexity of Generic Multicast Key Distribution , 2004, IEEE/ACM Transactions on Networking.

[16]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[17]  T ShermanAlan,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003 .

[18]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[19]  Ahmed Obied,et al.  Broadcast Encryption , 2008, Encyclopedia of Multimedia.

[20]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[21]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[22]  Jonathan Katz,et al.  Complete characterization of security notions for probabilistic private-key encryption , 2000, STOC '00.

[23]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[24]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.

[25]  S. Zhu,et al.  GKMPAN: an efficient group rekeying scheme for secure multicast in ad-hoc networks , 2004, The First Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004..

[26]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[27]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[28]  Nathalie Weiler,et al.  The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..

[29]  Mihir Bellare,et al.  Forward-Security in Private-Key Cryptography , 2003, CT-RSA.

[30]  Radha Poovendran,et al.  Energy-aware secure multicast communication in ad-hoc networks using geographic location information , 2003, 2003 IEEE International Conference on Acoustics, Speech, and Signal Processing, 2003. Proceedings. (ICASSP '03)..

[31]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.