Efficient and Provably-Secure Group Key Management Scheme Using Key Derivation

With the rapid development of the Internet, many commercial and network-based services, such as pay-TV and on-line games, have become popular. To control access to these services for legal members only, a common way is to use a cryptographic key to protect the communication and disclose the key only to the group of legal members. The group key management (GKM) is for a group manager to maintain a common cryptographic (group) key for a dynamic group of legal members through a network channel. A GKM scheme can also be used to provide communication privacy and transmitted message integrity. In this paper, we first demonstrate a collusion attack against Chen, et al.'s concrete RSA-based GKM scheme [1]. Then, we propose an efficient and provably-secure GKM scheme using the key derivation method. Our GKM scheme has some attractive features. Firstly, the proposed scheme are very efficient since the key derivation method uses simple keyed hash plus XOR operations. Secondly, the proposed scheme have an efficient rekey mechanism for a member who may become off-line and miss group key updates in his off-line period. Finally, the proposed scheme can be proved secure based on the pseudorandom function family assumption and one-way property of a hash function.

[1]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[2]  Wen-Guey Tzeng,et al.  Public Key Broadcast Encryption with Low Number of Keys and Constant Decryption Time , 2008, Public Key Cryptography.

[3]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[4]  Douglas R. Stinson Cryptography: Theory and Practice, Third Edition , 2005 .

[5]  Wen-Guey Tzeng,et al.  Secure group key management using uni-directional proxy re-encryption schemes , 2011, 2011 Proceedings IEEE INFOCOM.

[6]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[7]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  Matthew Green,et al.  Improved proxy re-encryption schemes with applications to secure distributed storage , 2006, TSEC.

[9]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[10]  Amr M. Youssef,et al.  Preventing Collusion Attacks on the One-Way Function Tree (OFT) Scheme , 2007, ACNS.

[11]  Matt Blaze,et al.  Divertible Protocols and Atomic Proxy Cryptography , 1998, EUROCRYPT.

[12]  Xiaozhou Li,et al.  Batch rekeying for secure group communications , 2001, WWW '01.

[13]  Hugo Krawczyk,et al.  Keying Hash Functions for Message Authentication , 1996, CRYPTO.

[14]  D. Micciancio,et al.  Optimal Communication Complexity of Generic Multicast Key Distribution , 2004, IEEE/ACM Transactions on Networking.

[15]  Feipei Lai,et al.  Secure and efficient group key management with shared key derivation , 2009, Comput. Stand. Interfaces.

[16]  Wei-Chi Ku,et al.  An Improved Key Management Scheme for Large Dynamic Groups Using One-Way Function Trees , 2003, ICPP Workshops.

[17]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[18]  Gwoboa Horng,et al.  Cryptanalysis of a Key Management Scheme for Secure Multicast Communications , 2002 .

[19]  Bo Yang,et al.  Collusion-Resistant Multicast Key Distribution Based on Homomorphic One-Way Function Trees , 2011, IEEE Transactions on Information Forensics and Security.

[20]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.