Authenticated Group Key Agreement for Multicast

Secure multicast communication provides an efficient way to deliver data to a large group of recipients. Scalability, efficiency and authenticity are the key challenges for secure multicast. In this paper, we propose a novel group key agreement scheme called logical identity hierarchy(LIH) for multicast to support secure communications for large and dynamic groups, which is based on bilinear pairing. Compared with the previous tree-based schemes, LIH provides dual authentication between group controller(GC) and group members and hierarchical authentication among group members. GC and all the users do not need to execute any encryption/decryption process during the rekeying operation. Moreover, in LIH, the group members can be stateless receivers, who do not need to update their state during the protocol execution. Using a public board, GC does not need to multicast any rekeying message when a user joins/leaves the communication group. Security analysis shows that LIH satisfies both backward secrecy and forward secrecy.

[1]  Deborah Estrin,et al.  The PIM architecture for wide-area multicast routing , 1996, TNET.

[2]  Gene Tsudik,et al.  CLIQUES: a new approach to group key agreement , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[3]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[4]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[5]  Jean-Jacques Quisquater,et al.  A new identity based signcryption scheme from pairings , 2003, Proceedings 2003 IEEE Information Theory Workshop (Cat. No.03EX674).

[6]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[7]  Xavier Boyen,et al.  Multipurpose Identity-Based Signcryption (A Swiss Army Knife for Identity-Based Cryptography) , 2003, CRYPTO.

[8]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[9]  YoungJu Choie,et al.  Implementation of Tate Pairing on Hyperelliptic Curves of Genus 2 , 2003, ICISC.

[10]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11]  Paulo S. L. M. Barreto,et al.  On the Selection of Pairing-Friendly Groups , 2003, Selected Areas in Cryptography.

[12]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[13]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[14]  Nathalie Weiler,et al.  The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..

[15]  Gene Tsudik,et al.  IP multicast security: Issues and directions , 2000, Ann. des Télécommunications.

[16]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[17]  Ratna Dutta,et al.  Provably Secure Authenticated Tree Based Group Key Agreement , 2004, ICICS.

[18]  Daniele Micciancio,et al.  Optimal Communication Complexity of Generic Multicast Key Distribution , 2004, EUROCRYPT.

[19]  Florian Hess,et al.  Efficient Identity Based Signature Schemes Based on Pairings , 2002, Selected Areas in Cryptography.

[20]  Deborah Estrin,et al.  An architecture for wide-area multicast routing , 1994, SIGCOMM 1994.

[21]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[22]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[23]  Victor S. Miller,et al.  The Weil Pairing, and Its Efficient Calculation , 2004, Journal of Cryptology.

[24]  Francesco Pappalardi,et al.  Review of the book "Elliptic Curves in Cryptography" by I. Blake, G. Seroussi, N. Smart. , 2001 .

[25]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[26]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[27]  Stephen E. Deering,et al.  Host extensions for IP multicasting , 1986, RFC.

[28]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[29]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[30]  Ben Lynn,et al.  Authenticated Identity-Based Encryption , 2002, IACR Cryptol. ePrint Arch..

[31]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[32]  Haibin Lu,et al.  A novel high-order tree for secure multicast key management , 2005, IEEE Transactions on Computers.

[33]  Gene Tsudik,et al.  Tree-based group key agreement , 2004, TSEC.

[34]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[35]  Stephen E. Deering,et al.  Multicast routing in internetworks and extended LANs , 1988, CCRV.

[36]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).