Malicious Participants in Group Key Exchange: Key Control and Contributiveness in the Shadow of Trust

Group key exchange protocols allow their participants to compute a secret key which can be used to ensure security and privacy for various multiparty applications. The resulting group key should be computed through cooperation of all protocol participants such that none of them is trusted to have any advantage concerning the protocol's output. This trust relationship states the main difference between group key exchange and group key transport protocols. Obviously, misbehaving participants in group key exchange protocols may try to influence the resulting group key, thereby disrupting this trust relationship, and also causing further security threats. This paper analyzes the currently known security models for group key exchange protocols with respect to this kind of attacks by malicious participants and proposes an extended model to remove the identified limitations. Additionally, it proposes an efficient and provably secure generic solution, a compiler, to guarantee these additional security goals for group keys exchanged in the presence of malicious participants.

[1]  Marc Fischlin,et al.  Pseudorandom Function Tribe Ensembles Based on One-Way Permutations: Improvements and Applications , 1999, EUROCRYPT.

[2]  Emmanuel Bresson,et al.  Constant Round Authenticated Group Key Agreement via Distributed Computation , 2004, Public Key Cryptography.

[3]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.

[4]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[5]  Ratna Dutta,et al.  Extending Joux's Protocol to Multi Party Key Agreement (Extended Abstract) , 2003, INDOCRYPT.

[6]  Uta Wille,et al.  Communication complexity of group key distribution , 1998, CCS '98.

[7]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[8]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[9]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[10]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[11]  Michael Steiner,et al.  Secure group key agreement , 2002 .

[12]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[13]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[14]  Dong Hoon Lee,et al.  Efficient ID-based Group Key Agreement with Bilinear Maps , 2004, Public Key Cryptography.

[15]  Whitfield Diffie,et al.  A Secure Audio Teleconference System , 1988, CRYPTO.

[16]  Jean-Jacques Quisquater,et al.  Some Attacks Upon Authenticated Group Key Agreement Protocols , 2003, J. Comput. Secur..

[17]  Emmanuel Bresson,et al.  Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks , 2002, ASIACRYPT.

[18]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[19]  Oded Goldreich Foundations of Cryptography: Index , 2001 .

[20]  Mike Burmester,et al.  On the Risk of Opening Distributed Keys , 1994, CRYPTO.

[21]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[22]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[23]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[24]  Jonathan Katz,et al.  Modeling insider attacks on group key-exchange protocols , 2005, CCS '05.

[25]  Gene Tsudik,et al.  Authenticated group key agreement and friends , 1998, CCS '98.

[26]  Ratna Dutta,et al.  Constant Round Dynamic Group Key Agreement , 2005, ISC.

[27]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[28]  Ratna Dutta,et al.  Provably Secure Authenticated Tree Based Group Key Agreement , 2004, ICICS.

[29]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[30]  Rainer Steinwandt,et al.  Secure group key establishment revisited , 2007, International Journal of Information Security.

[31]  Zhang Ya-juan,et al.  An identity-based key-exchange protocol , 2008, Wuhan University Journal of Natural Sciences.

[32]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[33]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[34]  Oded Goldreich,et al.  Foundations of Cryptography: Basic Tools , 2000 .

[35]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[36]  Gene Tsudik,et al.  Group key agreement efficient in communication , 2004, IEEE Transactions on Computers.

[37]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[38]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[39]  Mark Manulis,et al.  Security-Focused Survey on Group Key Exchange Protocols , 2006, IACR Cryptol. ePrint Arch..

[40]  Chris J. Mitchell,et al.  Key control in key agreement protocols , 1998 .

[41]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[42]  Yacov Yacobi,et al.  On Key Distribution Systems , 1989, CRYPTO.

[43]  Emmanuel Bresson,et al.  Password-Based Group Key Exchange in a Constant Number of Rounds , 2006, Public Key Cryptography.

[44]  Gene Tsudik,et al.  Tree-based group key agreement , 2004, TSEC.

[45]  Robert H. Deng,et al.  Public Key Cryptography – PKC 2004 , 2004, Lecture Notes in Computer Science.

[46]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[47]  Oded Goldreich,et al.  Foundations of Cryptography: List of Figures , 2001 .

[48]  Jonathan Katz,et al.  Scalable Protocols for Authenticated Group Key Exchange , 2003, Journal of Cryptology.

[49]  Dong Hoon Lee,et al.  Constant-Round Authenticated Group Key Exchange for Dynamic Groups , 2004, ASIACRYPT.

[50]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[51]  Mark Manulis,et al.  Survey on Security Requirements and Models for Group Key Exchange , 2006, IACR Cryptol. ePrint Arch..

[52]  Ratna Dutta,et al.  Dynamic Group Key Agreement in Tree-Based Setting , 2005, ACISP.

[53]  Ran Canetti,et al.  Fast asynchronous Byzantine agreement with optimal resilience , 1993, STOC.

[54]  Adrian Perrig,et al.  Efficient Collaborative Key Management Protocols for Secure Autonomous Group Communication , 1999 .

[55]  Gabriel Bracha,et al.  An asynchronous [(n - 1)/3]-resilient consensus protocol , 1984, PODC '84.