Key Agreement in Dynamic Peer Groups

As a result of the increased popularity of group-oriented applications and protocols, group communication occurs in many different settings: from network multicasting to application layer tele- and videoconferencing. Regardless of the application environment, security services are necessary to provide communication privacy and integrity. This paper considers the problem of key agreement in dynamic peer groups. (Key agreement, especially in a group setting, is the stepping stone for all other security services.) Dynamic peer groups require not only initial key agreement (IKA) but also auxiliary key agreement (AKA) operations, such as member addition, member deletion, and group fusion. We discuss all group key agreement operations and present a concrete protocol suite, CLIQUES, which offers complete key agreement services. CLIQUES is based on multiparty extensions of the well-known Diffie-Hellman key exchange method. The protocols are efficient and provably secure against passive adversaries.

[1]  Gene Tsudik,et al.  CLIQUES: a new approach to group key agreement , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[2]  Nathalie Weiler,et al.  The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..

[3]  CORPORATE NIST The digital signature standard , 1992, CACM.

[4]  Li Gong,et al.  Enclaves: Enabling Secure Collaboration Over the Internet , 1996, IEEE J. Sel. Areas Commun..

[5]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[6]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.

[7]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[8]  Dahlia Malkhi,et al.  Secure reliable multicast protocols in a WAN , 2000, Distributed Computing.

[9]  Michael K. Reiter,et al.  A high-throughput secure reliable multicast protocol , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[10]  Michael K. Reiter A Secure Group Membership Protocol , 1996, IEEE Trans. Software Eng..

[11]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[12]  Hugo Krawczyk,et al.  SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[13]  Mike Burmester,et al.  On the Risk of Opening Distributed Keys , 1994, CRYPTO.

[14]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[15]  Danny Dolev,et al.  Optimized Rekey for Group Communication Systems , 2000, NDSS.

[16]  Gene Tsudik,et al.  Authenticated group key agreement and friends , 1998, CCS '98.

[17]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[18]  Yongdae Kim,et al.  Secure group communication in asynchronous networks with failures: integration and experiments , 2000, Proceedings 20th IEEE International Conference on Distributed Computing Systems.

[19]  Dan Boneh,et al.  Breaking Generalized Diffie-Hellmann Modulo a Composite is no Easier Than Factoring , 1999, Information Processing Letters.

[20]  Serge Vaudenay,et al.  Authenticated Multi-Party Key Agreement , 1996, ASIACRYPT.

[21]  Stefan A. Brands,et al.  An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[22]  Whitfield Diffie,et al.  A Secure Audio Teleconference System , 1988, CRYPTO.

[23]  Michael K. Reiter,et al.  A high-throughput secure reliable multicast protocol , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[24]  S. Brands An Efficient Off-line Electronic Cash System Based On The Representation Problem. , 1993 .

[25]  Danny Dolev,et al.  Optimized Group Rekey for Group Communications Systems , 1999 .

[26]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[27]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[28]  Robbert van Renesse,et al.  A security architecture for fault-tolerant systems , 1994, TOCS.

[29]  TsudikGene,et al.  Refinement and extension of encrypted key exchange , 1995 .

[30]  Yacov Yacobi,et al.  On Key Distribution Systems , 1989, CRYPTO.

[31]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[32]  Mike Just,et al.  Methods of multi-party cryptographic key establishment , 1994 .

[33]  Moni Naor,et al.  Number-theoretic constructions of efficient pseudo-random functions , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[34]  Michael K. Reiter,et al.  How to securely replicate services , 1992, TOPL.

[35]  Uta Wille,et al.  Communication complexity of group key distribution , 1998, CCS '98.

[36]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[37]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[38]  Gene Tsudik,et al.  New multiparty authentication services and key agreement protocols , 2000, IEEE Journal on Selected Areas in Communications.

[39]  Gene Tsudik,et al.  Di e-hellman key distribution extended to groups , 1996, CCS 1996.

[40]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[41]  Ernest F. Brickell,et al.  Secure Audio Teleconference , 1987, CRYPTO.

[42]  David Chaum,et al.  Zero-Knowledge Undeniable Signatures , 1991, EUROCRYPT.

[43]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[44]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.

[45]  Michael K. Reiter,et al.  Distributing trust with the Rampart toolkit , 1996, CACM.