Security Extension for Bresson-Chevassut-Pointcheval’s model

The Bresson-Chevassut-Pointcheval (BCP) model is a formalism for the analysis of authenticated group key exchange protocols. Also there are some desired security goals for a practical group key exchange protocol, which are necessary in achieving resistance to active attacks mounted by an increasingly powerful adversary. However, whether a proved secure protocol in the BCP model can meet these security goals remains unknown. Firstly, the relationship between the BCP model and the desired security goals is analyzed in this paper. And it is shown that a protocol proved authenticated key exchange (AKE) security in the BCP model can surely achieve some security goals such as key independence, resistance to all types of passive attacks, Perfect Forward Secrecy (PFS) and implicit key authentication, but can not provide key integrity and known-key security. It is the lack of group key consistency in the definition of AKE security that causes the security flaws. Then, we present new definition of group key (GK) security, and show that a proved GK secure protocol can guarantee all the desired security goals.