A new group key management scheme based on keys tree, XOR operation and one-way function

By introducing XOR operation and one-way function chains to group key management schemes based on the keys tree, a new group key management scheme based on the keys tree, XOR operation and one-way function chains is proposed. Initialization, member adding and member evicting operations are introduced. The new scheme is compared with three other group key management schemes which are based on the keys tree： SKDC, LKH, and OFF. As far as transmission, computation and storage costs are concerned, the performance of the new group key management scheme is the best. The security problem of the new scheme is analyzed. This new scheme provides backward and forward security, i.e.. newly admitted group members cannot read previous multicast messages and evicted members cannot read future multicast messages, even with collusion by many arbitrarily evicted members.

Multivariate Broadcast Encryption with Group Key Algorithm for Secured IoT

The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.

Physical-Layer Secret Key Generation for Dual-Task Scenarios

Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only group communication.For a commonly dual-task scenario,where both GK and pairwise key(PK)are required,traditional methods are less suitable for direct extension.For the first time,we discover a security issue with traditional methods in dual-task scenarios,which has not previously been recognized.We propose an innovative segment-based key generation method to solve this security issue.We do not directly use PK exclusively to negotiate the GK as traditional methods.Instead,we generate GK and PK separately through segmentation which is the first solution to meet dual-task.We also perform security and rate analysis.It is demonstrated that our method is effective in solving this security issue from an information-theoretic perspective.The rate results of simulation are also consistent with the our rate derivation.

Provable Efficient Certificateless Group Key Exchange Protocol

Certificateless public key cryptography （CL-PKC） avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.

Key-insulated encryption based group key management for wireless sensor network

The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.

EBS-Based Collusion Resistant Group Key Management Using Attribute-Based Enc ryption

The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Ciphertext-Policy Attribute-Based Encryption （CP-ABE） is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key rmnagement scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of conmnication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios.

Extended Asymmetric Group Key Agreement for Dynamic Groups and Its Applications

Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-party GKA protocol.Wu et al.recently proposed the concept of asymmetric group key agreement(ASGKA)and realized a one-round ASGKA protocol,which affirmatively answers the above open problem in a relaxed way.However,the ASGKA protocol only applies to static groups.To fill this gap,this paper proposes an extended ASGKA protocol based on the Wu et al.protocol.The extension allows any member to join and leave at any point,provided that the resulting group size is not greater than n.To validate the proposal,extensive experiments are performed and the experimental results show that our protocol is more effective than a plain realization of the Wu et al.protocol for dynamic groups.The extended protocol is also more efficient than the up-to-date dynamic GKA protocol in terms of communication and computation.

Identity Based Group Key Agreement in Multiple PKG Environment

Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated group key agreement in multiple private key generators （PKG） environment. It is inspired on a new two-party identity-based key agreement protocol first proposed by Hoonjung Lee et al. In our scheme, although each member comes from different domain and belongs to different PKGs which do not share the common system parameters, they can agree on a shared secret group key. We show that our scheme satisfies every security requirements of the group key agreement protocols.

Performance study on Gossip-based group key distribution protocal

Group key distribution is faced with two important problems, i.e. reliability and scalability, to support security multicast for large and dynamic groups. With group member increasing, traditional reliable multicast protocol can not deal with them fully. Gossip-based group key distribution idea for wide-area dissemination was provided. It is based on an gossip-based loss recovery control mechanism. It can provide a probabilistic reliable guarantee for a information dissemination to reach every group member, which can achieve scalability and reliability. To achieve full reliability, three layers protocol model in group key distribution was provided. One is best effect layer, which provides unreliable dissemination. Other is gossip-based loss recovery layer, which provides probabilistic reliable guarantee. Last is vsync-based layer, which provide deterministic loss recovery. We integrate probabilistic loss recovery method with deterministic one. The model possess scalability that probabilistic method has and full reliability prosthesis by vsync-based. To evaluate the effectiveness of gossip technique in scalable and reliable multicast protocols. We have compared gossip protocol with other reliable multicast protocols. Experimental result shows that gossip protocol has better scalability than other.

A Practical Group Key Management Algorithm for Cloud Data Sharing with Dynamic Group

Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.

Identity Based Group Key Agreement from Bilinear Pairing

We present a provably secure authenticated tree based key agreement scheme for multicast. There is a wide variety of applications that can benefit from using our scheme, e. g. , pay-Tv, teleconferencing, software updates. Compared with the previous published schemes, our scheme provides group member authentication without introducing additional mechanism. Future, we give the security proof of our scheme under the random oracle model.

A novel approach to authenticated group key transfer protocol based on AG codes

Group key management technique is a fundamental building block for secure and reliable group communication systems.In order to successfully achieve this goal, group session key needs to be generated and distributed to all group members in a secure and authenticated manner.The most commonly used method is based on Lagrange interpolating polynomial over the prime field F p={0,1,2,…, p-1}. A novel approach to group key transfer protocol based on a category of algebraic-geometry code is presented over the infinite field GF(2 m). The attractive advantages are obvious. Especially, the non-repeatability, confidentiality, and authentication of group key transfer protocols are obtained easily. Besides, a more generalized and simple mathematical construction model is proposed which also can be applied perfectly to related fields of information security.

A More Efficient Group Key Distribution Scheme for Wireless Ad hoc Networks

As the wireless medium is characterized by its lossy nature, reliable communication cannot be assumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless applications. A new self-healing key distribution scheme was proposed, which is optimal in terms of user memory storage and efficient in terms of communication complexity.

SECURE GROUP COMMUNICATIONS FOR LARGE DYNAMIC MULTICAST GROUP

As the major problem in multicast security, the group key management has been the focus of research But few results are satisfactory. In this paper, the problems of group key management and access control for large dynamic multicast group have been researched and a solution based on SubGroup Secure Controllers (SGSCs) is presented, which solves many problems in IOLUS system and WGL scheme.

Password-Based Group Key Agreement Protocol for Client-Server Application

The security issue is always the most important concern of networked client-server application. On the putpose to build the secure group communication among of a group of client users and one server, in this paper, we will present a new password-based group key agreement protocol. Our protocol will meet simplicity, efficiency, and many desired security properties.

Universally Composable Symbolic Analysis of Group Key Exchange Protocol

Canetti and Herzog have already proposed universally composable symbolic analysis(UCSA) to analyze mutual authentication and key exchange protocols. However,they do not analyze group key exchange protocol. Therefore,this paper explores an approach to analyze group key exchange protocols,which realize automation and guarantee the soundness of cryptography. Considered that there exist many kinds of group key exchange protocols and the participants’ number of each protocol is arbitrary. So this paper takes the case of Burmester-Desmedt(BD) protocol with three participants against passive adversary(3-BD-Passive) . In a nutshell,our works lay the root for analyzing group key exchange protocols automatically without sacrificing soundness of cryptography.

Attribute-Based Authenticated Group Key Management Protocol for Mobile Peer-to-Peer Network

The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network （ MP2PN ）. The MP2PN contains some super peers and each super peer controls a subgroup composed of regular peers. An efficient attribute-based signature based on Cipertext-Policy Attribute-Based Encryption （CP-ABE） is proposed and used in this group-key rmnagement protocol to authenticate a peer＇s at- tributes and identity. A peer can be described by a set of attributes or one unique special identity at- tribute. Peers that have some attributes in common can form a group and conmmnicate with each other anonymously and securely. Any super peer can initiate a group and act as a group controller. The group controller can authenticate a peer＇s attributes and identity as well as remove malicious peers. Any peer with attributes that rmtches the access structure can join the group and provide its input to form the group key. The proposed protocol pro- vides backward and forward secrecy. The sinmlation results show that this protocol is applicable for mobile devices and can meet the MP2PN requirements of group communication.

ID-Based Authenticated Dynamic Group Key Agreement

Two ID-based authenticated group key agreement schemes, proposed by Choi et al and Du et al, are insecure against an impersonation attack and th ey only discussed the static group. This paper proposed a variant of BD protocol , which is fully authenticated by a proven-secure ID-based signature scheme. T he protocol can res ist the impersonation attack, and other security attributes are also satisfied. Compared with Choi et al and Du et al schemes, the proposed one is mor e efficient and applicable for dynamic groups.

HUFFMAN-BASED GROUP KEY ESTABLISHMENT SCHEME WITH LOCATION-AWARE

Time efficiency of key establishment and update is one of the major problems contributory key managements strive to address.To achieve better time efficiency in key establishment,we propose a Location-based Huffman(L-Huffman) scheme.First,users are separated into several small groups to minimize communication cost when they are distributed over large networks.Second,both user's computation difference and message transmission delay are taken into consideration when Huffman coding is employed to forming the optimal key tree.Third,the combined weights in Huffman tree are located in a higher place of the key tree to reduce the variance of the average key generation time and minimize the longest key generation time.Simulations demonstrate that L-Huffman has much better performance in wide area networks and is a little better in local area network than Huffman scheme.

Security Analysis of Broadcaster Group Key Exchange Protocols

Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.