Novel Authentication & Authorization Management for Sensitive Information Privacy Protection Using Dynamic Key Based Group Key Management

This paper presents a secure authentication and authorization management mechanism for protecting privacy in sensitive information systems. It allows involved individuals and group participants to achieve high security levels and tight authorization control. The need of sharing long term secrets to authenticate individuals and group users is eradicated in the proposed protocol by dynamic keys. It overcomes the secrets compromising during authentication via open networks. Furthermore, it also offers an ability allowing information owners to have fine-gained control of their critical information. Finally, the paper gives a formal analysis to demonstrate how secure the proposed work together with discussions of security issues. It is argued that the proposed work achieves strong authentication and authorization, and solves the involved participants’ plausible deniability issues.

[1]  Malibu Canyon RdMalibu Keystone: a Group Key Management Service , 2000 .

[2]  Cristina Nita-Rotaru,et al.  Framework for Authentication and Access Control of Client-Server Group Communication Systems , 2001, Networked Group Communication.

[3]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[4]  William A. Arbaugh,et al.  Real 802.11 Security: Wi-Fi Protected Access and 802.11i , 2003 .

[5]  Gene Tsudik,et al.  Tree-based group key agreement , 2004, TSEC.

[6]  Bala Srinivasan,et al.  A Limited-Used Key Generation Scheme for Internet Transactions , 2004, WISA.

[7]  Bala Srinivasan,et al.  A new Dynamic Key Generation Scheme for Fraudulent Internet Payment Prevention , 2007, Fourth International Conference on Information Technology (ITNG'07).

[8]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[9]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[10]  Rebecca N. Wright,et al.  Off-Line Generation of Limited-Use Credit Card Numbers , 2001, Financial Cryptography.

[11]  D. Kahn The codebreakers : the story of secret writing , 1968 .

[12]  Matthew J. Moyer,et al.  A survey of security issues in multicast communications , 1999, IEEE Network.

[13]  Simon S. Lam,et al.  Keystone: A Group Key Management Service , 2000 .

[14]  Dominic J. A. Welsh,et al.  Complexity and cryptography - an introduction , 2006 .

[15]  Ravi S. Sandhu,et al.  Configuring role-based access control to enforce mandatory and discretionary access control policies , 2000, TSEC.

[16]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[17]  Yingjiu Li,et al.  A security-enhanced one-time payment scheme for credit card , 2004, 14th International Workshop Research Issues on Data Engineering: Web Services for e-Commerce and e-Government Applications, 2004. Proceedings..

[18]  Colin Boyd,et al.  On Strengthening Authentication Protocols to Foil Cryptanalysis , 1994, ESORICS.

[19]  J. J. Garcia-Luna-Aceves,et al.  KHIP—a scalable protocol for secure multicast routing , 1999, SIGCOMM '99.

[20]  Stephen Smalley,et al.  The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments , 2000 .

[21]  Richard L. Scheaffer,et al.  Introduction to Probability and Its Applications. , 1991 .

[22]  Rolf Oppliger,et al.  Authentication systems for secure networks , 1996 .

[23]  J. Gates Introduction to Probability and its Applications , 1992 .

[24]  Huy Hoang Ngo,et al.  A Group Authentication Model for Wireless Network Services Based on Group Key Management , 2008, ICEIS.

[25]  Yacine Challal,et al.  Group Key Management Protocols: A Novel Taxonomy , 2008 .

[26]  Emmanuel Bresson,et al.  Mutual authentication and group key agreement for low-power mobile devices , 2003, Comput. Commun..

[27]  Peter Loscocco,et al.  Meeting Critical Security Objectives with Security-Enhanced Linux , 2001 .