정보보호학회논문지 (Journal of the Korea Institute of Information Security & Cryptology)

  • 제14권4호
  • /
  • Pages.163-181
  • /
  • 2004
  • /
  • 1598-3986(pISSN)
  • /
  • 2288-2715(eISSN)
한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지
DOI QR코드

DOI QR Code

안전성이 증명 가능한 효율적인 동적 그룹 키 교환 프로토콜

Provably-Secure and Communication-Efficient Protocol for Dynamic Group Key Exchange

  • 발행 : 2004.08.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

그룹 키 동의 프로토콜은 일련의 그룹을 형성하는 다수의 통신 참여자들이 공개된 통신망을 통해 안전하고 효율적인 방법으로 그룹의 세션키를 설정하기 위한 목적으로 설계된다. 하지만, 기존에 제안된 그룹 키 동의 프로토콜들은 모두 상당한 양의 통신 부하를 유발하기 때문에 전송 지연이 긴 WAN 환경에는 적합하지 않다. 이러한 네트워크 환경에서는 특히 라운드 복잡도와 메시지 복잡도가 프로토콜의 수행 시간을 결정하는 핵심 요소들로서, 무엇보다 이들을 줄이는 것이 효율적인 그룹 키 동의 프로토콜의 설계를 위해 중요하다고 할 수 있다. 따라서 본 논문에서는 라운드 수와 메시지 수 측면에서 효율적인 그룹 키 동의 프로토콜을 제안하고, 이의 안전성을 소인수 분해 문제에 기반 하여 랜덤 오라클 모델에서 증명한다. 제안된 프로토콜은 완전한 전방향 안전성과 최적의 메시지 복잡도를 제공하면서도 상수 라운드만에 그룹멤버의 변경에 따른 세션키 갱신을 수행한다.

Group key agreement protocols are designed to solve the fundamental problem of securely establishing a session key among a group of parties communicating over a public channel. Although a number of protocols have been proposed to solve this problem over the years, they are not well suited for a high-delay wide area network; their communication overhead is significant in terms of the number of communication rounds or the number of exchanged messages, both of which are recognized as the dominant factors that slow down group key agreement over a networking environment with high communication latency. In this paper we present a communication-efficient group key agreement protocol and prove its security in the random oracle model under the factoring assumption. The proposed protocol provides perfect forward secrecy and requires only a constant number of communication rounds for my of group rekeying operations, while achieving optimal message complexity.

키워드

참고문헌

  1. K. Becker. and U. Wille. 'Communication complexity of group key distribution,' ACM CCCS'98. pp. 1-6. 1998
  2. E. Bresson. O. Chevassut. D. Pointcheval. and J.-J. Quisquater. 'Provably authenticated group Diffie-Hellman key exchange.' ACM CCCS'Ol. pp. 255-264. 2001
  3. J. Katz and M. Yung. 'Scalable protocols for authenticated group key exchange.' Crypto'03. LNCS 2729. pp. 110-125. August 2003
  4. C. Boyd and J.M.G. Nieto. 'Roundoptimalcontributory conference key agreement.'PKC'03. LNCS 2567. pp. 161-174. 2003
  5. E. Bresson and D. Catalano. 'Constant round authenticated group key agreement via distributed computation.' PKC'04. LNCS 2947. pp. 115-129. 2004
  6. M. Steiner. G. Tsudik. and M. Waidner. 'Key agreement in dynamic peer groups.' IEEE Trans. on Parallel and Distrib. Syst.. vol. 11. no. 8. pp. 769-780. August 2000 https://doi.org/10.1109/71.877936
  7. Y. Kim. A. Perrigo and G. Tsudik. 'Simple and fault-tolerant key agreement for dynamic collaborative groups.' ACM CCCS'00. pp. 235-244. 2000
  8. D.A. Agarwal. O. Chevassut. M.R. Thompson. and G. Tsudik. 'An integrated solution for secure group communication in wide-area networks.' In Proc. of 6th IEEE Symposium on Computers and Communications. pp. 22-28. 2001
  9. Y. Kim. A. Perrigo and G. Tsudik. 'Communication-efficient group key agreement.' IFIP SEC'01. pp. 229-244. June 2001
  10. E. Bresson. O. Chevassut. and D. Pointcheval. 'Provably authenticated group Diffie-Hellman key exchange the dynamic case.' Asiacrypt'01. LNCS 2248. pp. 290-309. 2001
  11. E. Bresson. O. Chevassut. and D. Pointcheval. 'Dynamic group Diffie Hellman key exchange under standard assumptions.' Eurocrypt'02. LNCS 2332. pp. 321-336. 2002
  12. S. Lee. J. Cheon. and Y. Kim. 'Treebased group key agreement protocol using pairing,' Journal of the Korea Institute of Information Security and Cryptology. vol.l3. no.3. pp. 101-110. 2003
  13. Y. Park. B. Chung. Y. Lee. H. Kim, J. Lee. and H. Yoon. "Scalable hierarchical group key establishment using Diffie-Hellman key exchange," Journal of the Korea Institute of Information Security and Cryptology. vol.13. no.5. pp. 3-15. 2003
  14. W. Diffie and M.E. Hellman. 'New Directions in cryptography,' IEEE Trans, on Information Theory. vol.22, pp. 644-654. 1976 https://doi.org/10.1109/TIT.1976.1055638
  15. I. Ingemarsson. D. Tang. and C. Wong. 'A conference key distribution system,' IEEE Trans. on Information Theory. vol.28. no.5. pp. 714-720. September 1982 https://doi.org/10.1109/TIT.1982.1056542
  16. D.G, Steer. L. Strawczynski, W, Diffie. and M. Wiener. 'A secure audio teleconference system.' Crypto '88. LNCS 403. pp. 520-528. 1988
  17. M. Burmester and Y. Desmedt, 'A secure and efficient conference key distribution system.' Eurocrypt'94, LNCS 950. pp. 275-286. 1994
  18. M. Just and S. Vaudenay. 'Authenticated multi-party key agreement,' Asiacrypt'96. LNCS 1163. pp. 36-9, 1996
  19. G. Ateniese. M. Steiner. and G.Tsudik. 'New multiparty authentication services and key agreementprotocols,' IEEE Journal on Selected Areas in Communications. vol.18. no.4. pp. 628-639. April 2000 https://doi.org/10.1109/49.839937
  20. W.-G. Tzeng and Z.-J. Tzeng. 'Round-efficient conference key agreement protocols with provable security,' Asiacrypt'00. LNCS 1976. pp. 614-627. 2000
  21. O. Pereira and J.-J. Quisquater. 'Asecurity analysis of the Cliques protocols suites,' In Proc. of 14th IEEE Computer Security Foundations Workshop. pp. 73-81. June 2001
  22. M. Bellare and P. Rogaway. 'Entity authentication and key distribution.' Crypto'93. LNCS 773. pp. 232-249, 1993
  23. M. Bellare and P. Rogaway. 'Provably secure session key distribution - the three party case,' ACM STOC'95, pp. 57-66. 1995
  24. M. Bellare. D. Pointcheval. and P. Rogaway. 'Authenticated key exchange secure against dictionary attacks.' Eurocrypt'00. LNCS 1807. pp. 139-155. 2000
  25. M. Bellare and P. Rogaway. 'Random oracles are practical: A paradigm for designing efficient protocols,' ACM CCCS'93. pp. 62-73. 1993
  26. T. EIGamal, 'A public key cryptosystem and a signature scheme based on discrete logarithms.' IEEE Trans. on Information Theory. vol.31. no.4. pp. 469-472, July 1985 https://doi.org/10.1109/TIT.1985.1057074
  27. A. Shamir. 'How to share a secret.' Communications of the ACM. vol.22. no.11, pp. 612-613. November 1979 https://doi.org/10.1145/359168.359176
  28. W. Diffie. P. van Oorschot, and M. Wiener, 'Authentication and authenticated key exchanges,' Designs, Codes. and Cryptography, vol.2. pp. 107-125. 1992 https://doi.org/10.1007/BF00124891
  29. M. Steiner. G. Tsudik. and M. Waidner. 'Diffie-Hellman key distribution extended to group communication,' ACM CCCS'96. pp. 31-37, 1996
  30. E. Biham, D. Boneh. and O. Reingold. 'Breaking generalized DiffieHellman modulo a composite is no easier than factoring,' Information Processing Letters (IPL). vol. 70. no.2. pp. 83-87. 1999 https://doi.org/10.1016/S0020-0190(99)00047-2
  31. E. Bresson. O. Chevassut. and D. Pointcheval. 'Group Diffie-Hellman key exchange secure against dictionary attacks.' Asiacrypt'02. LNCS 2501. pp, 497-514. 2002
  32. J. Hwang, K. Choi. D. Lee, and J. Baik, 'Efficient password-based group key exchange protocol.' Journal of the Korea Institute of Information Security and Cryptology, vol.l4, no.1. pp. 59-69, 2004
  33. S. Goldwasser, S. Micali, and R. Rivest, 'A digital signature scheme secure against adaptive chosenmessage attacks,' SIAM Journal of Computing, vol.l7, no,2, pp. 281-308. 1988 https://doi.org/10.1137/0217017