Provably secure group key exchange
نویسنده
چکیده
The rapid and promising development of applications and communication systems designed for groups of participants like groupware, computer supported collaborative work systems, or digital conference systems implies exigence of mechanisms providing adequate security properties. These mechanisms can be designed based on the foundations of cryptography. Group key exchange protocols are multi-party cryptographic protocols those participants compute a shared secret key that can then be used in conjunction with other cryptographic constructions like encryption schemes and message authentication codes for the purpose of privacy, confidentiality and authentication. Security confidence of modern cryptographic constructions can be increased via adequate security proofs. The paradigm of provable security gains in importance for all kinds of cryptographic constructions, including group key exchange protocols those security issues represent the scope of this dissertation. We give an analytical overview of the state-of-the-art research in this area and identify strengths and weaknesses of many previous approaches. We suggest a new approach in form of a security model those stronger definitions provide background for more confident security analyzes and proofs. Additionally, we present a number of generic solutions (compilers) that can be applied to independently designed group key exchange protocols in order to enhance security thereof with respect to various goals considered by our security model. Finally, we present a concrete group key exchange protocol that provably satisfies the apparently strongest currently available formally specified security requirements. Abstract (in German)in German) Die schnelle und vielversprechende Entwicklung der für Gruppen von Teilnehmern konzipierten Anwendungen und Kommunikationssysteme, wie z.B. Groupware, Systeme für die computergestützte Gruppenarbeit oder digitale Konferenzsysteme, schafft die Notwendigkeit von Mechanismen zur Gewährleistung ausreichender Sicherheitseigenschaften. Der Entwurf dieser Mechanismen basiert größtenteils auf den Grundlagen der Kryptografie. Gruppen-SchlüsselAustauschprotokolle (engl. group key exchange protocols) sind kryptografische MehrparteienProtokolle, die es den Teilnehmern ermöglichen, sich auf einen gemeinsamen geheimen Schlüssel zu einigen, der in Verbindung mit weiteren kryptografischen Verfahren, wie z.B. Verschlüsselungsund Nachrichtenauthentisierungsverfahren, für die Geheimhaltung, Vertraulichkeit und Authentisierung eingesetzt werden kann. Das Vertrauen in die Sicherheit der modernen kryptografischen Verfahren kann heutzutage nur mittels eines ausreichenden Sicherheitsbeweises erzielt werden. Das Paradigma der beweisbaren Sicherheit gewinnt immer mehr an Bedeutung für alle kryptografischen Verfahren, einschließlich der Gruppen-Schlüssel-Austauschprotokollen, deren Sicherheitsaspekte den Hauptbestandteil dieser Dissertation darstellen. Wir geben einen analytischen Überblick über den aktuellen Stand der Forschung in diesem Bereich und heben Stärken und Schwächen vieler bekannter Ansätze hervor. Ausgehend von den durchgeführten Analysen und gefundenen Mängeln der vorhandenen Ansätze und Verfahren schlagen wir einen neuen Ansatz vor, in Form eines Sicherheitsmodells für Gruppen-SchlüsselAustauschprotokolle, das weitaus stärkere Sicherheitsanforderungen umfasst und die Basis für tiefere Sicherheitsanalysen und Beweise bereit stellt. Zusätzlich, stellen wir eine Reihe von allgemeinen Lösungen zur Verbesserung der Sicherheit (im Rahmen unseres Modells) von unabhängig konzipierten Gruppen-Schlüssel-Austauschprotokollen vor. Abschließend beschreiben wir ein neues Gruppen-Schlüssel-Austauschprotokoll, dessen beweisbare Sicherheit den derzeit stärksten formalen Anforderungen entspricht.
منابع مشابه
Provably secure and efficient identity-based key agreement protocol for independent PKGs using ECC
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...
متن کاملPassword-Based Group Key Exchange Secure Against Insider Guessing Attacks
Very recently, Byun and Lee suggested two provably secure group Diffie-Hellman key exchange protocols using n participant’s distinct passwords. Unfortunately, the schemes were found to be flawed by Tang and Chen. They presented two password guessing attacks such as off-line and undetectable on-line dictionary attacks by malicious insider attacker. In this paper, we present concrete countermeasu...
متن کاملPassword-Based Group Key Exchange in a Constant Number of Rounds
With the development of grids, distributed applications are spread across multiple computing resources and require efficient security mechanisms among the processes. Although protocols for authenticated group Diffie-Hellman key exchange protocols seem to be the natural mechanisms for supporting these applications, current solutions are either limited by the use of public key infrastructures or ...
متن کامل(Password) Authenticated Key Establishment: From 2-Party to Group
A protocol compiler is described, that transforms any provably secure authenticated 2-party key establishment into a provably secure authenticated group key establishment with 2 more rounds of communication. The compiler introduces neither idealizing assumptions nor high-entropy secrets, e. g., for signing. In particular, applying the compiler to a password-authenticated 2-party key establishme...
متن کاملStrongly secure authenticated key exchange in the standard model
Nowadays many crucial network applications rely on the existence of a confidential channel established by authenticated key exchange (AKE) protocols over public networks. With the rapid development of cyber technology, novel attacks to cryptosystem emerge in an endless stream. This has also led to the development of AKE solutions to provide increasingly stronger security guarantees. In this the...
متن کاملA Variant of the Cramer-Shoup Cryptosystem for Groups of Unknown Order
The Cramer-Shoup cryptosystem for groups of prime order is a practical public-key cryptosystem, provably secure in the standard model under standard assumptions. This paper extends the cryptosystem for groups of unknown order, namely the group of quadratic residues modulo a composed N . Two security results are: In the standard model, the scheme is provably secure if both the Decisional Diffie-...
متن کامل