DOI QR코드

DOI QR Code

Security Weaknesses in Harn-Lin and Dutta-Barua Protocols for Group Key Establishment

  • Nam, Jung-Hyun (Department of Computer Engineering, Konkuk University) ;
  • Kim, Moon-Seong (Information and Communications Examination Bureau, Korean Intellectual Property Office) ;
  • Paik, Ju-Ryon (Department of Computer Engineering, Sungkyunkwan University) ;
  • Won, Dong-Ho (Department of Computer Engineering, Sungkyunkwan University)
  • Received : 2011.08.14
  • Accepted : 2012.01.19
  • Published : 2012.02.28

Abstract

Key establishment protocols are fundamental for establishing secure communication channels over public insecure networks. Security must be given the topmost priority in the design of a key establishment protocol. In this work, we provide a security analysis on two recent key establishment protocols: Harn and Lin's group key transfer protocol and Dutta and Barua's group key agreement protocol. Our analysis shows that both the Harn-Lin protocol and the Dutta-Barua protocol have a flaw in their design and can be easily attacked. The attack we mount on the Harn-Lin protocol is a replay attack whereby a malicious user can obtain the long-term secrets of any other users. The Dutta-Barua protocol is vulnerable to an unknown key-share attack. For each of the two protocols, we present how to eliminate their security vulnerabilities. We also improve Dutta and Barua's proof of security to make it valid against unknown key share attacks.

Keywords

References

  1. M. Burmester and Y. Desmedt, "A secure and efficient conference key distribution system," Advances in Cryptology - EUROCRYPT 1994, vol.950, pp.275-286, 1995.
  2. E. Bresson, O. Chevassut, D. Pointcheval and J.-J. Quisquater, "Provably authenticated group Diffie-Hellman key exchange," in Proc. of 8th ACM Conference on Computer and Communications Security, pp.255-264, 2001.
  3. J. Katz and M. Yung, "Scalable protocols for authenticated group key exchange," in Proc. of Advances in Cryptology - CRYPTO 2003, vol.2729, pp.110-125, 2003.
  4. J. Nam, S. Kim and D. Won, "Secure group communications over combined wired and wireless networks," in Proc. of 2nd International Conference on Trust, Privacy, and Security in Digital Business, vol.3592, pp.90-99, 2005.
  5. M. Abdalla, E. Bresson, O. Chevassut and D. Pointcheval, "Password-based group key exchange in a constant number of rounds," in Proc. of 9th International Workshop on Practice and Theory in Public Key Cryptography, vol.3958, pp.427-442, 2006.
  6. O. Pereira and J.-J. Quisquater, "A security analysis of the cliques protocols suites," in Proc. of 14th IEEE Computer Security Foundations Workshop, pp.73-81, 2001.
  7. H. Krawczyk, "HMQV: a High-Performance secure Diffie-Hellman protocol," Advances in Cryptology - CRYPTO 2005, vol.3621, pp.546-566, 2005.
  8. K.-K. Choo, C. Boyd and Y. Hitchcock, "Errors in computational complexity proofs for protocols," Advances in Cryptology - ASIACRYPT 2005, vol.3788, pp.624-643, 2005.
  9. J. Nam, S. Kim and D. Won, "Attack on the Sun-Chen-Hwang's three-party key agreement protocols using passwords," IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol.E89-A, no.1, pp.209-212, 2006. https://doi.org/10.1093/ietfec/e89-a.1.209
  10. J. Nam, J. Paik, U. Kim and D. Won, "Security enhancement to a password-authenticated group key exchange protocol for mobile ad-hoc networks," IEEE Communications Letters, vol.12, no.2, pp.127-129, 2008.
  11. B. S. Kaliski, "An Unknown Key-Share attack on the MQV key agreement Protocol," ACM Transactions on Information and System Security, vol.4, no.3, pp.275-288, 2001. https://doi.org/10.1145/501978.501981
  12. W. Diffie, P. Oorschot and M. Wiener, "Authentication and authenticated key exchanges," Designs, Codes, and Cryptography, vol.2, no.2, pp.107-125, 1992.
  13. S. Blake-Wilson and A. Menezes, "Unknown Key-Share attacks on the Station-to-Station (STS) protocol," in Proc. of 2nd International Workshop on Practice and Theory in Public Key Cryptography, vol.1560, pp.154-170, 1999.
  14. J. Baek and K. Kim, "Remarks on the unknown Key-Share attacks," IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, vol.E83-A, no.12, pp.2766-2769, 2000.
  15. K. Shim, "Cryptanalysis of mutual authentication and key exchange for low power wireless communications," IEEE Communications Letters, vol.7, no.5, pp.248-250, 2003.
  16. L. Harn and C. Lin, "Authenticated group key transfer protocol based on secret sharing," IEEE Transactions on Computers, vol.59, no.6, pp.842-846, 2010.
  17. R. Dutta and R. Barua, "Provably secure constant round contributory group key agreement in dynamic setting," IEEE Transactions on Information Theory, vol.54, no.5, pp.2007-2025, 2008.
  18. A. Shamir, "How to share a secret," Communications of the ACM, vol.22, no.11,pp. 612-613, 1979. https://doi.org/10.1145/359168.359176

Cited by

  1. Role-Balance Based Multi-Secret Images Sharing using Boolean Operations vol.8, pp.5, 2012, https://doi.org/10.3837/tiis.2014.05.016
  2. Cryptanalysis of olimid’s group key transfer protocol based on secret sharing vol.39, pp.5, 2012, https://doi.org/10.1080/02522667.2017.1292655