# Provably secure group key management scheme based on proxy re-encryption with constant public bulletin size and key derivation time

- 34 Downloads

## Abstract

Users share a group key to decrypt encryptions for the group using a group key management scheme. In this paper, we propose a re-encryption-based group key management scheme, which uses a unidirectional proxy re-encryption scheme with special properties to enable group members share the updated group key with minimum storage and computation overhead. In particular, we propose a proxy re-encryption scheme that supports direct re-encryption key derivation using intermediate re-encryption keys. Unlike multi-hop re-encryption, the proposed proxy re-encryption scheme does not involve repeated re-encryption of the message. All the computations are done on the re-encryption key level and only one re-encryption is sufficient for making the group key available to the users. The proposed scheme is the first for group key management based on proxy re-encryption that is secure against collusion. The individual users store just one individual secret key with group key derivation requiring O\((\log N)\) computation steps for a group of *N* users. Size of the public bulletin maintained to facilitate access to the most recent group key for off-line members is O(*N*) and remains constant with respect to the number of group updates. The proposed group key management scheme confronts attacks by a non-member and even a collusion attack under standard cryptographic assumptions.

## Keywords

Group key management collusion-secure proxy re-encryption logical key hierarchy re-encryption key derivation multi-cast security## Notes

### Acknowledgements

This work is supported by the Ministry of Human Resource Development, Government of India.

## References

- 1.Wong C K, Gouda M and Lam S S 2000 Secure group communications using key graphs.
*IEEE/ACM Trans. Netw.*8(1): 16–30CrossRefGoogle Scholar - 2.Chen Y R, Tygar J D and Tzeng W G 2011 Secure group key management using uni-directional proxy re-encryption schemes. In:
*Proceedings of the 2011 IEEE International Conference on Computer Communications, INFOCOM’11*, pp. 1952–1960Google Scholar - 3.Ateniese G, Fu K, Green M and Hohenberger S 2006 Improved proxy re-encryption schemes with applications to secure distributed storage.
*ACM Trans. Inf. Syst. Secur.*9(1): 1–30CrossRefzbMATHGoogle Scholar - 4.Blaze M, Bleumer G and Strauss M 1998 Divertible protocols and atomic proxy cryptography. In:
*Advances in Cryptology—EUROCRYPT’98*, pp. 127–144Google Scholar - 5.Chen Y R and Tzeng W G 2012 Efficient and provably-secure group key management scheme using key derivation. In:
*Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications*, pp. 295–302Google Scholar - 6.Atallah M J, Blanton M, Fazio N and Frikken K B 2009 ACM Transactions on Information and System Security.
*ACM Trans. Inf. Syst. Secur.*12(3): 18:1–18:43CrossRefGoogle Scholar - 7.Shao J, Liu P, Cao Z and Wei G 2011 Multi-use unidirectional proxy re-encryption. In:
*Proceedings of the IEEE International Conference on Communications (ICC)*, pp. 1–5Google Scholar - 8.Wang H, Cao Z and Wang L 2010 Multi-use and unidirectional identity-based proxy re-encryption schemes.
*Inf. Sci.*180(20): 4042–4059MathSciNetCrossRefzbMATHGoogle Scholar - 9.Sherman A T and McGrew D A 2003 Key establishment in large dynamic groups using one-way function trees.
*IEEE Trans. Softw. Eng.*29(5): 444–458CrossRefGoogle Scholar - 10.Canetti R, Garay J, Itkis G, Micciancio D, Naor M and Pinkas B 1999 Multicast security: a taxonomy and some efficient constructions. In:
*Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’99)*, vol. 2, pp. 708–716Google Scholar - 11.Chiu Y P, Lei C L and Huang C Y 2005 Secure multicast using proxy encryption. In:
*Proceedings of the 7th International Conference on Information and Communications Security, ICICS 2005*, pp. 280–290Google Scholar - 12.Han Y, Gui X, Wu X and Yang X 2011 Proxy encryption based secure multicast in wireless mesh networks.
*J. Netw. Comput. Appl.*34(2): 469–477CrossRefGoogle Scholar - 13.Huang C Y, Chiu Y P, Chen K T and Lei C L 2007 Secure multicast in dynamic environments.
*Comput. Netw.*51(10): 2805–2817CrossRefzbMATHGoogle Scholar - 14.Hur J, Shin Y and Yoon H 2007 Decentralized group key management for dynamic networks using proxy cryptography. In:
*Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks*, pp. 123–129Google Scholar - 15.Mittra S 1997 Iolus: a framework for scalable secure multicasting. In:
*Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM’ 97*, pp. 277–288Google Scholar - 16.Mukherjee R and Atwood J W 2007 Scalable solutions for secure group communications.
*Comput. Netw.*51(12): 3525–3548CrossRefzbMATHGoogle Scholar - 17.Li X S, Yang Y R, Gouda M G and Lam S S 2001 Batch rekeying for secure group communications. In:
*Proceedings of the Tenth International Conference on World Wide Web*, pp. 525–534Google Scholar - 18.Sun Y and Liu K J R 2007 Hierarchical group access control for secure multicast communications.
*IEEE/ACM Trans. Netw.*15(6): 1514–1526CrossRefGoogle Scholar - 19.Penrig A, Song D and Tygar D 2001 Elk, a new protocol for efficient large-group key distribution. In:
*Proceedings of the 2001 IEEE Symposium on Security and Privacy*, pp. 247–262Google Scholar - 20.Hur J, Shin Y and Yoon H 2007 Decentralized group key management for dynamic networks using proxy cryptography. In:
*Proceedings of the Third ACM Workshop on QoS and Security for Wireless and Mobile Networks*, pp. 123–129Google Scholar - 21.Ivan A and Dodis Y 2003 Proxy cryptography revisited. In:
*Proceedings of the Network and Distributed System Security Symposium (NDSS)*Google Scholar - 22.Ku W C and Chen S M 2003 An improved key management scheme for large dynamic groups using one-way function trees. In:
*Proceedings of the International Conference on Parallel Processing Workshops*, pp. 391–396Google Scholar - 23.Dan B and Franklin M 2001 Identity-based encryption from the weil pairing. In:
*Advances in Cryptology-CRYPTO’01*, pp. 213–229Google Scholar - 24.Dan B and Franklin M 2003 Identity-based encryption from the weil pairing.
*SIAM J. Comput.*32(3): 586–615MathSciNetCrossRefzbMATHGoogle Scholar - 25.Dodis Y and Yampolskiy A 2005 A verifiable random function with short proofs and keys. In:
*Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography*, pp. 416–431Google Scholar