Identity-based fault-tolerant conference key agreement

Lots of conference key agreement protocols have been suggested to secure computer network conference. Most of them operate only when all conferees are honest, but do not work when some conferees are malicious and attempt to delay or destruct the conference. Recently, Tzeng proposed a conference key agreement protocol with fault tolerance in terms that a common secret conference key among honest conferees can be established even if malicious conferees exist. In the case where a conferee can broadcast different messages in different subnetworks, Tzeng's protocol is vulnerable to a "different key attack" from malicious conferees. In addition, Tzeng's protocol requires each conferee to broadcast to the rest of the group and receive n - 1 message in a single round (where n stands for the number of conferees). Moreover, it has to handle n simultaneous broadcasts in one round. In this paper, we propose a fault-tolerant conference key agreement protocol, in which each conferee only needs to send one message to a "semitrusted" conference bridge and receive one broadcast message. Our protocol is an identity-based key agreement, built on elliptic curve cryptography. It is resistant to the different key attack from malicious conferees and needs less communication cost than Tzeng's protocol.

[1]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[2]  Chee Kheong Siew,et al.  A secure and efficient conference scheme for mobile communications , 2003, IEEE Trans. Veh. Technol..

[3]  Gene Tsudik,et al.  New multiparty authentication services and key agreement protocols , 2000, IEEE Journal on Selected Areas in Communications.

[4]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[5]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[6]  Whitfield Diffie,et al.  A Secure Audio Teleconference System , 1988, CRYPTO.

[7]  Xun Yi,et al.  An identity-based signature scheme from the Weil pairing , 2003, IEEE Communications Letters.

[8]  James H. Burrows,et al.  Secure Hash Standard , 1995 .

[9]  Gene Tsudik,et al.  Group key agreement efficient in communication , 2004, IEEE Transactions on Computers.

[10]  Yvo Desmedt,et al.  Efficient and Secure Conference-Key Distribution , 1996, Security Protocols Workshop.

[11]  Wen-Guey Tzeng,et al.  A Secure Fault-Tolerant Conference-Key Agreement Protocol , 2002, IEEE Trans. Computers.

[12]  Min-Shiang Hwang Dynamic participation in a secure conference scheme for mobile communications , 1999 .

[13]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[14]  Darren Reed A Discussion on Computer Network Conferencing , 1992, RFC.

[15]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[16]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Yongdae Kim,et al.  Secure group communication in asynchronous networks with failures: integration and experiments , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[19]  Yiming Ye,et al.  A secure conference scheme for mobile communications , 2003, IEEE Trans. Wirel. Commun..

[20]  Michael K. Reiter,et al.  Fair Exchange with a Semi-Trusted Third Party (extended abstract) , 1997, CCS.

[21]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[22]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..