• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.12
• /
• pp.3352-3365
• /
• 2012

Group key agreement (GKA) is a cryptographic primitive allowing two or more users to negotiate a shared session key over public networks. Wu et al. recently introduced the concept of asymmetric GKA that allows a group of users to negotiate a common public key, while each user only needs to hold his/her respective private key. However, Wu et al.'s protocol can not resist active attacks, such as fabrication. To solve this problem, Zhang et al. proposed an authenticated asymmetric GKA protocol, where each user is authenticated during the negotiation process, so it can resist active attacks. Whereas, Zhang et al.'s protocol needs a partially trusted certificate authority to issue certificates, which brings a heavy certificate management burden. To eliminate such cost, Zhang et al. constructed another protocol in identity-based setting. Unfortunately, it suffers from the so-called key escrow problem. In this paper, we propose the certificateless authenticated asymmetric group key agreement protocol which does not have certificate management burden and key escrow problem. Besides, our protocol achieves known-key security, unknown key-share security, key-compromise impersonation security, and key control security. Our simulation based on the pairing-based cryptography (PBC) library shows that this protocol is efficient and practical.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.6 no.12
• /
• pp.3338-3351
• /
• 2012

There is an intuitive connection between signcryption and key agreement. Such a connector may lead to a novel way to construct authenticated and efficient group key agreement protocols. In this paper, we present a primary approach for constructing an authenticated group key agreement protocol from signcryption. This approach introduces desired properties to group key agreement. What this means is that the signcryption gives assurance to a sender that the key is available only to the recipient, and assurance to the recipient that the key indeed comes from the sender. Following the generic construction, we instantiate a distributed two-round group key agreement protocol based on signcryption scheme given by Dent [8]. We also show that this concrete protocol is secure in the outsider unforgeability notion and the outsider confidentiality notion assuming hardness of the Gap Diffie-Hellman problem.

• Journal of Broadcast Engineering
• /
• v.13 no.1
• /
• pp.79-85
• /
• 2008

An authenticated group key agreement protocol allows a group of parties communicating over an insecure network to share a common secret key. In this paper, we show that Zhou et al.'s ID-based authenticated group key agreement schemes do not provide forward secrecy.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.1
• /
• pp.3-10
• /
• 2013

Several identity-based and authenticated key agreement protocols have been proposed. It remains at issue to design secure identity based and authenticated key agreement protocols. In this paper, we propose a one round authenticated group key agreement protocol which uses one more key pair as well as the public key and private key of typical IBE(Identity-Based Encryption) system. The proposed protocol modified Shi et al.'s protocol and He et al.'s protocol. The public and private keys and the signature process of our protocol are simpler than them of their protocols. Our protocol is secure and more efficient than their protocols in communication and computation costs.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.16 no.5
• /
• pp.1687-1707
• /
• 2022

With the development of multiuser online meetings, more group-oriented technologies and applications for instance collaborative work are becoming increasingly important. Authenticated Group Key Agreement (AGKA) schemes provide a shared group key for users with after their identities are confirmed to guarantee the confidentiality and integrity of group communications. On the basis of the Public Key Cryptography (PKC) system used, AGKA can be classified as Public Key Infrastructure-based, Identity-based, and Certificateless. Because the latter type can solve the certificate management overhead and the key escrow problems of the first two types, Certificateless-AGKA (CL-AGKA) protocols have become a popular area of research. However, most CL-AGKA protocols are vulnerable to Public Key Replacement Attacks (PKRA) due to the lack of public key authentication. In the present work, we present a CL-AGKA scheme that can resist PKRA in order to solve impersonation attacks caused by those attacks. Beyond security, improving scheme efficiency is another direction for AGKA research. To reduce the communication and computation cost, we present a scheme with only one round of information interaction and construct a CL-AGKA scheme replacing the bilinear pairing with elliptic curve cryptography. Therefore, our scheme has good applicability to communication environments with limited bandwidth and computing capabilities.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.10 no.2
• /
• pp.935-949
• /
• 2016

In this paper, we present a novel authenticated group key distribution scheme for large and dynamic multicast groups without employing traditional symmetric and asymmetric cryptographic operations. The security of our scheme is mainly based on the basic theories for solving linear equations. In our scheme, a large group is divided into many subgroups, where each subgroup is managed by a subgroup key manager (SGKM) and a group key generation center (GKGC) further manages all SGKMs. The group key is generated by the GKGC and then propagated to all group members through the SGKMs, such that only authorized group members can recover the group key but unauthorized users cannot. In addition, all authorized group members can verify the authenticity of group keys by a public one-way function. The analysis results show that our scheme is secure and efficient, and especially it is very appropriate for secure multicast communications in large and dynamic client-server networks.

• Journal of Communications and Networks
• /
• v.14 no.1
• /
• pp.104-110
• /
• 2012

Group key agreement protocols allow a group of users, communicating over a public network, to establish a shared secret key to achieve a cryptographic goal. Protocols based on certificateless public key cryptography (CL-PKC) are preferred since CL-PKC does not need certificates to guarantee the authenticity of public keys and does not suffer from key escrow of identity-based cryptography. Most previous certificateless group key agreement protocols deploy signature schemes to achieve authentication and do not have constant rounds. No security model has been presented for group key agreement protocols based on CL-PKC. This paper presents a security model for a certificateless group key agreement protocol and proposes a constant-round group key agreement protocol based on CL-PKC. The proposed protocol does not involve any signature scheme, which increases the efficiency of the protocol. It is formally proven that the proposed protocol provides strong AKE-security and tolerates up to $n$-2 malicious insiders for weak MA-security. The protocol also resists key control attack under a weak corruption model.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.22 no.6
• /
• pp.1253-1263
• /
• 2012

As a result of the increased popularity of group oriented applications, the design of an efficient authenticated group key agreement protocol has received a lot of attention. Lee et al. proposed a tree-based group key agreement protocol, which applies a ternary key tree structure and pairing-based cryptography to the key agreement of Dynamic Peer Group. In their protocol, only the group sponsor knows all member's session random keys computes all blinded keys. In addition, when the group sponsor leaves a group, all nodes of the tree should be changed. In this paper, we present the modified protocol that has several sponsors. Since a secret value for each member isn't given to the group sponsor, the key renewing of our protocol is more secure and efficient than that of Lee et al.'s protocol in the previous case. Therefore, our protocol is suitable to Dynamic Peer Groups.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.12 no.2
• /
• pp.89-100
• /
• 2002

In this paper, we propose a group key management architecture for the secure group communications in mobile netwowrks and authenticated key agreement protocol for this system. Most of existing group key management schemes un certificates based on the public key for the purpose of user authentication and key agreement in secure fashion however, we use the ICPK(Implicitly Certified Public key) to reduce the bandwidth for a certificate exchanging and to improve a computational efficiency. In this architecture, we use two-tier approach to deal with key management where the whole group is divided into two parts; the first is a cell groups consisted of mobile hosts and another is a control group consisted of cell group managers. This approach can provide flexibility of key management such that the affection for a membership change is locally restricted to the cell group which is an autonomous area of the CGM(Cell Group Manager).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.5
• /
• pp.25-34
• /
• 2009

Many conference systems over the Internet require authenticated group key agreement (AGKA) for secure and reliable communication. After Shamir [1] proposed the ID-based cryptosystem in 1984, ID-based AGKA protocols have been actively studied because of the simple public key management. In 2006, Zhou et al. [12] proposed two-round ID-based AGKA protocol which is very efficient in communication and computation complexity. However, their protocol does not provide user identification and suffers from the impersonation attack by malicious participants. In this paper, we propose improved ID-based AGKA protocol to prevent impersonation attack from Zhou et al.'s protocol. In our protocol, the malicious insider cannot impersonate another participants even if he knows the ephemeral group secret value. Moreover, our protocol reduces the computation cost from Zhou et al.'s protocol.