Group key agreement for secure group communication in dynamic peer systems

Self-organizing group key agreement protocols without a centralized administrator are essential to secure group communication in dynamic peer systems. In this paper, we propose a generic construction of a one-round self-organizing group key agreement protocol based on the Chinese Remainder Theorem. In the proposed construction, all group members contribute their own public keys to negotiate a shared encryption public key, which corresponds to all different decryption keys. Using his/her own secret key, each group member is able to decrypt any ciphertext encrypted by the shared encryption key. Following the generic construction, we instantiate a one-round self-organizing group key agreement protocol using the efficient and computationally inexpensive public key cryptosystem NTRU. Both the public key and the message in this protocol are secure against the known lattice attacks. Furthermore, we also briefly describe another concrete scheme with our generic idea, based on the ElGamal public key cryptosystem.     

Provably secure identity-based authenticated key agreement protocols with malicious private key generators

Identity-based authenticated key agreement is a useful cryptographic primitive and has received a lot of attention. The security of an identity-based system relies on a trusted private key generator (PKG) that generates private keys for users. Unfortunately, the assumption of a trusted PKG (or a curious-but-honest PKG) is considered to be too strong in some situations. Therefore, achieving security without such an assumption has been considered in many cryptographic protocols. As a PKG knows the private keys of its users, man-in-the-middle attacks (MIMAs) from a malicious PKG is considered as the strongest attack against a key agreement protocol. Although securing a key agreement process against such attacks is desirable, all existent identity-based key agreement protocols are not secure under such attacks. In this paper, we, for the first time, propose an identity-based authenticated key agreement protocol resisting MIMAs from malicious PKGs that form a tree, which is a commonly used PKG structure for distributing the power of PKGs. Users are registered at a PKG in the tree and each holds a private key generated with all master keys of associated PKGs. This structure is much more efficient, in comparison with other existing schemes such as threshold-based schemes where a user has to register with all PKGs. We present our idea in two protocols. The first protocol is not secure against MIMAs from some kinds of malicious PKGs but holds all other desirable security properties. The second protocol is fully secure against MIMAs. We provide a complete security proof to our protocols.     

Provably secure and efficient identification and key agreement protocol with user anonymity

Many authentication and key agreement protocols were proposed for protecting communicated messages. In previous protocols, if the user?s identity is transmitted in plaintext, an adversary can tap the communications and employ it to launch some attacks. In most protocols with user anonymity, they focus on satisfaction of several security requirements. From a client?s point of view, those protocols are not admired since the cost of storage, computation and communication is high. In pervasive computing, a client usually uses a limited-resource device to access multiple servers. The storage and computation are very important issues especially in this kind of environments. Also, for a convenience of designing protocol, most protocols use timestamps to prevent the replay attack. As we know, the serious time synchronization problem exists in timestamp-based protocols. Finally, most protocols do not have formal proofs for the security. In this paper, we propose a secure and efficient identification and key agreement protocol with user anonymity based on the difficulty of cracking the elliptic curve Diffie–Hellman assumption. In addition, we also propose an augmented protocol for providing the explicit mutual authentication. Compared with the related protocols, the proposed protocols? computation cost is lower and the key length is shorter. Therefore, our protocols are suitable even for applications in low power computing environments. Finally, we formally prove the security of the proposed protocols by employing the random oracle model.     

A secure blockchain-based group key agreement protocol for IoT

The Journal of Supercomputing - Since most Internet of things (IoT) devices are energy-limited, increasingly more manufacturers have chosen to develop IoT applications based on group communication....     

Efficient and provably secure password-based group key agreement protocol

This paper considers the issue on authenticated group key agreement protocol among n users broadcasting communication over an insecure public network. Many authenticated group Diffie-Hellman key agreement protocols have been proposed to meet the challenges. However, existing protocols are either limited by the use of public key infrastructure or by their scalability, requiring O(n) rounds. To overcome these disadvantages, we propose an efficient password-based group key agreement protocol resistant to the dictionary attacks by adding password-authentication services to a non-authenticated multi-party key agreement protocol proposed by Horng. The proposed protocol is very efficient since it only requires constant rounds to agree upon a session key, and each user broadcasts a constant number of messages and only requires four exponentiations. Under the Decisional Diffie-Hellman assumption, we will show the proposed protocol is provably secure in both the ideal-cipher model and the random-oracle model.     

A secure user anonymity-preserving biometric-based multi-server authenticated key agreement scheme using smart cards

Advancement in communication technology provides a scalable platform for various services, where a remote user can access the server from anywhere without moving from its place. It provides a unique opportunity for online services such that a user does not need to be physically present at the service center. These services adopt authentication and key agreement protocols in order to ensure authorized and secure access to the resources. Most of the authentication schemes proposed in the literature support a single-server environment, where the user has to register with each server. If a user wishes to access multiple application servers, he/she requires to register with each server. The multi-server authentication introduces a scalable platform such that a user can interact with any server using single registration. Recently, Chuang and Chen proposed an efficient multi-server authenticated key agreement scheme based on a user’s password and biometrics (Chuang and Chen, 2014). Their scheme is a lightweight, which requires the computation of only hash functions. In this paper, we first analyze Chuang and Chen’s scheme and then identify that their scheme does not resist stolen smart card attack which causes the user’s impersonation attack and server spoofing attack. We also show that their scheme fails to protect denial-of-service attack. We aim to propose an efficient improvement on Chuang and Chen’s scheme to overcome the weaknesses of their scheme, while also retaining the original merits of their scheme. Through the rigorous informal and formal security analysis, we show that our scheme is secure against various known attacks including the attacks found in Chuang and Chen’s scheme. Furthermore, we simulate our scheme for the formal security verification using the widely-accepted AVISPA (Automated Validation of Internet Security Protocols and Applications) tool and show that our scheme is secure against the replay and man-in-the-middle attacks. In addition, our scheme is comparable in terms of the communication and computational overheads with Chuang and Chen’s scheme and other related existing schemes.     

A study of application platform for smart contract visualization based blockchain

The Journal of Supercomputing - In recent years, blockchain, which is the base technology of the 4th industrial revolution, is rapidly emerging as an alternative to the centralized data management...     

A conceptual framework for blockchain smart contract adoption to manage real estate deals in smart cities

Neural Computing and Applications - Blockchains-based smart contracts are disrupting the smart real estate sector of the smart cities. The current study explores the literature focused on...     

SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks

To support Evolved Packet System (EPS) in the Long Term Evolution (LTE) networks, the 3rd Generation Partnership Project (3GPP) has proposed an authentication and key agreement (AKA) protocol, named EPS-AKA, which has become an emerging standard for fourth-generation (4G) wireless communications. However, due to the requirement of backward compatibility, EPS-AKA inevitably inherits some defects of its predecessor UMTS-AKA protocol that cannot resist several frequent attacks, i.e., redirection attack, man-in-the-middle attack, and DoS attack. Meanwhile, there are additional security issues associated with the EPS-AKA protocol, i.e., the lack of privacy-preservation and key forward/backward secrecy (KFS/KBS). In addition, there are new challenges with the emergence of group-based communication scenarios in authentication. In this paper, we propose a secure and efficient AKA protocol, called SE-AKA, which can fit in with all of the group authentication scenarios in the LTE networks. Specifically, SE-AKA uses Elliptic Curve Diffie-Hellman (ECDH) to realize KFS/KBS, and it also adopts an asymmetric key cryptosystem to protect users’ privacy. For group authentication, it simplifies the whole authentication procedure by computing a group temporary key (GTK). Compared with other authentication protocols, SE-AKA cannot only provide strong security including privacy-preservation and KFS/KBS, but also provide a group authentication mechanism which can effectively authenticate group devices. Extensive security analysis and formal verification by using proverif have shown that the proposed SE-AKA is secure against various malicious attacks. In addition, elaborate performance evaluations in terms of communication, computational and storage overhead also demonstrates that SE-AKA is more efficient than those existing protocols.     

An ID-based authenticated dynamic group key agreement with optimal round

Group key agreement protocols are crucial for achieving secure group communications.They are designed to provide a set of users with a shared secret key to achieve cryptographic goal over a public network.When group membership changes,the session key should be refreshed efficiently and securely.Most previous group key agreement protocols need at least two rounds to establish or refresh session keys.In this paper,a dynamic authenticated group key agreement(DAGKA) protocol based on identity-based cryptography is presented.By making use of the members’ values stored in previous sessions,our Join and Leave algorithms reduce the computation and communication costs of members.In the proposed protocol,Setup and Join algorithms need one round.The session key can be refreshed without message exchange among remaining users in Leave algorithm,which makes the protocol more practical.Its security is proved under decisional bilinear Diffie-Hellman(DBDH) assumption in random oracle model.     

A provably secure authenticated key agreement protocol for wireless communications

Designing elliptic curve password-based authenticated key agreement (ECPAKA) protocols for wireless mobile communications is a challenging task due to the limitation of bandwidth and storage of the mobile devices. Some well-published ECPAKA protocols have been proved to be insecure. We notice that until now none of the existing ECPAKA protocols for wireless mobile communication is provided any formal security analysis. In this paper, we propose a novel protocol and conduct a formal security analysis on our protocol. Compared with other ECPAKA protocol, our protocol meets all basic security properties and is the first ECPAKA protocol with formal security proof for wireless communication. We also explore the suitability of the novel protocol for 3GPP2 specifications and improve the A-Key (Authentication Key) distribution for current mobile cellular systems.     

Private key agreement and secure communication for heterogeneous sensor networks

Key management is an important building block for all security operations in sensor networks. Most existing key management schemes try to establish shared keys for all pairs of neighbor sensors; hence, a large number of keys need to be preloaded on each sensor, which necessitates a large key space for the nodes in the network. The recent trend in research is to mainly consider homogeneous sensor networks, and to a lesser degree heterogeneous sensor networks, for key management. In this paper, we propose a novel key agreement protocol which is based on pairing-based cryptography over an elliptic curve. Using this protocol, any two nodes that need to communicate can independently compute the same secret key by using pairing and identity-based encryption properties. The proposed protocol significantly reduces the key space of a node. Additionally, the security analysis of the proposed protocol shows that it is robust against a number of attacks including wormhole attack, masquerade attacks, reply attacks, and message manipulation attacks.     

A secure three-factor-based authentication with key agreement protocol for e-Health clouds

The Journal of Supercomputing - The rapid development of electronic healthcare (e-Health) has brought great convenience to people’s life. In order to guarantee the security of users, a large...     

A provably secure biometrics-based authenticated key agreement scheme for multi-server environments

Multimedia Tools and Applications - An authentication scheme handling multiple servers offers a feasible environment to users to conveniently access the rightful services from various servers using...     

动态对等环境中组密钥协商协议的健壮性研究

总结提出了一种健壮的安全组通信系统一般模型,比较分析了多种组密钥协商协议,基于安全性和效率的考虑,从中选择了三种作为研究对象,描述了它们对各种异步网络事件和组成员关系变化的处理过程。在此基础上,探讨了它们不同的健壮性,并阐明了利用它们来构建健壮、可靠和安全的组通信系统的基本思路。     

无线传感网动态可认证群组密钥交换协议

无线传感器网络中节点电池电量有限、节点计算能力及存储能力受限,使得现有的大部分群组密钥交换技术不适用于无线传感器网络。针对该问题,提出一种动态的可认证群组密钥交换协议。采用双线性映射技术实现无线传感器网络中节点之间的群组密钥交换。该协议具有可认证性,避免群组密钥交换过程中遭到欺骗攻击及中间人攻击;具有动态性,适用于无线传感器网络节点动态部署;在双线性计算Diffie-Hellman(bilinear computation Diffie-Hellman,BCDH)困难性假设下是可证安全的。分析结果表明,该协议具有较高的安全性和较好的性能。