A new strong security model for stateful authenticated group key exchange
Tóm tắt
Stateful authenticated group key exchange (stAGKE) represents an important class of authenticated group key exchange (AGKE) such as tree-based AGKE. The computation of either ephemeral public key or session key in a new stAGKE session may be based on the ephemeral secret state from some previously established session. We notice that earlier AGKE models may be not able to provide appropriate security arguments for stAGKE. In this work, a new model is proposed for stAGKE to formulate security properties in particular for resistance to the leakage attacks on ephemeral key. To be of independent interest, the new model is also flexible, which can be used for analyzing either stateless or stateful AGKE protocols. We show the validity of our model by introducing a new tree-based protocol construction for stAGKE. The proposed scheme is proven secure in our new proposed model without random oracles.
Tài liệu tham khảo
Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Proceedings of the 6th Theory of Cryptography Conference, pp. 474–495 (2009)
Alawatugoda, J., Boyd, C., Stebila, D.: Continuous after-the-fact leakage-resilient key exchange. In: Proceedings of the 19th Australasian Conference on Information Security and Privacy, pp. 258–273 (2014)
Alawatugoda, J., Stebila, D., Boyd, C.: Modelling after-the-fact leakage for key exchange. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, pp. 207–216 (2014)
Barua, R., Dutta, R., Sarkar, P.: Extending joux’s protocol to multi party key agreement. In: Proceedings of the 4th International Conference on Cryptology in India—INDOCRYPT 2003, pp. 205–217 (2003)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Proceedings of Advances in Cryptology—CRYPTO’93, pp. 232–249 (1994)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques—EUROCRYPT’06, pp. 409–426 (2006)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Proceedings of Advances in Cryptology—EUROCRYPT’07, pp. 37–51 (1997)
Brakerski, Z., Kalai, Y.T., Katz, J., Vaikuntanathanm, V.: Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. In: Proceedings of the 51st Annual Symposium on Foundations of Computer Science, pp. 501–510 (2010)
Brecher, T., Bresson, E., Manulis, M.: Fully robust tree-diffie-hellman group key exchange. In: Proceedings of the 8th International Conference on Cryptology and Network Security, pp. 478–497 (2009)
Bresson, E., Chevassut, O., Pointcheval, D.: Provably authenticated group Diffie-Hellman key exchange—the dynamic case. In: Proceedings of Advances in Cryptology—ASIACRYPT, vol. 2001, pp. 290–309 (2001)
Bresson, E., Chevassut, O., Pointcheval, D., Quisquater, J.-J.: Provably authenticated group Diffie-Hellman key exchange. In: Proceedings of the 8th Conference on Computer and Communications Security, pp. 255–264 (2001)
Bresson, E., Manulis, M.: Securing group key exchange against strong corruptions. In: Proceedings of the 3th ACM Symposium on Information, Computer and Communications Security, pp. 249–260 (2008)
Burmester, M., Desmedt, Y.: A secure and efficient conference key distribution system. In: Proceedings of Advances in Cryptology—EUROCRYPT’94, pp. 275–286 (1995)
Chen, Y.R., Tzeng, W.G.: Group key management with efficient rekey mechanism: a semi-stateful approach for out-of-synchronized members. Comput. Commun. 98, 31–42 (2017)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Proceedings of Advances in Cryptology—EUROCRYPT, vol. 2001, pp. 453–474 (2001)
Cremers, C., Feltz, M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. In: Proceedings of the 17th European Symposium on Research in Computer Security, pp. 734–751 (2012)
Desmedt, Y., Lange, T., Burmester, M.: Scalable authenticated tree based group key exchange for ad-hoc groups. In: Proceedings of the 11th International Conference on Financial Cryptography and Data Security, pp. 104–118 (2007)
Dutta, R., Barua, R.: Dynamic group key agreement in tree-based setting. In: Proceedings of the 10th Australasian Conference on Information Security and Privacy, pp. 101–112 (2005)
Fortino, G., Russo, W., Mastroianni, C., Palau, C.E., Esteve, M.: CDN-supported collaborative media streaming control. IEEE MultiMedia 14(2), 60–71 (2007)
Fujioka, A., Manulis, M., Suzuki, K., Ustaoglu, B.: Sufficient condition for ephemeral key-leakage resilient tripartite key exchange. In: Proceedings of the 17th Australasian Conference on Information Security and Privacy, pp. 15–28 (2012)
Gorantla, M.C., Boyd, C., Nieto, J.M.G.: Modeling key compromise impersonation attacks on group key exchange protocols. In: Proceedings of the 12th International Conference on Theory and Practice of Public Key Cryptography, pp. 105–123 (2009)
He, S., Wu, Q., Qin, B., Liu, J., Li, Y.: Efficient group key management for secure big data in predictable large-scale networks. Concurr. Comput. Pract. Exp. 28(4), 1174–1192 (2016)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)
Jiang, S.: Group key agreement with local connectivity. IEEE Trans. Dependable Secur. Comput. 13(3), 326–339 (2016)
Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Proceedings of Advances in Cryptology—CRYPTO, vol. 2003, pp. 110–125 (2003)
Kim, Y., Perrig, A., Tsudik, G.: Communication-efficient group key agreement. In: Proceedings of IFIP International Conference on Trusted Information, pp. 229–244 (2001)
Kim, Yongdae, Perrig, Adrian, Tsudik, Gene: Tree-based group key agreement. ACM Trans. Inf. Syst. Secur. 7(1), 60–96 (2004)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of Advances in Cryptology—CRYPTO’99, pp. 388–397 (1999)
Krawczyk, H.: HMQV: a high-performance secure diffie-hellman protocol. In: Proceedings of Advances in Cryptology—CRYPTO, vol. 2005, pp. 546–566 (2005)
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Proceedings of the 1st International Conference on Provable Security, pp. 1–16 (2007)
Li, Y., Yang, Z.: Strongly secure one-round group authenticated key exchange in the standard model. In: Proceedings of the 12th International Conference on Cryptology and Network Security, pp. 122–138 (2013)
Liao, L., Manulis, M.: Tree-based group key agreement framework for mobile ad-hoc networks. Future Gener. Comput. Syst. 23(6), 787–803 (2007)
Manulis, M., Suzuki, K., Ustaoglu, B.: Modeling leakage of ephemeral secrets in tripartite/group key exchange. In: Proceedings of the 12th International Conference on Information Security and Cryptology, pp. 16–33 (2010)
Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive: http://eprint.iacr.org/2004/332
Sun, Y., Chen, M., Bacchus, A., Lin, X.: Towards collusion-attack-resilient group key management using one-way function tree. Comput. Netw. 104, 16–26 (2016)
Vijayakumar, P., Naresh, R., Deborah, L.J., Islam, S.H.: An efficient group key agreement protocol for secure P2P communication. Secur. Commun. Netw. 9(17), 3952–3965 (2016)
Yang, Z.: Towards modelling perfect forward secrecy for one-round group key exchange. Int. J. Netw. Sec. 18, 304–315 (2016)
Yang, Z.: On constructing practical multi-recipient key-encapsulation with short ciphertext and public key. Secur. Commun. Netw. 8(18), 4191–4202 (2015)