Skip to main content
SpringerLink
Log in

Proving the (In)Security of CRT Based Key Management Schemes Under SAOA Model

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

There have been several proposed methods in the literature for securely distributing group keys and managing group dynamics for secure group communications. While these methods claim to be secure against passive adversaries, our focus has been on a more powerful adversary known as a strong active outsider adversary. This adversary has the ability to corrupt legitimate users, which can result in the leakage of crucial secret information to the adversary. Such information can enable the adversary to recover both current and past group keys. One commonly utilized approach for ensuring secure group communication is group key management schemes based on the Chinese remainder theorem (CRT). In this paper, we evaluate prominent CRT-based key management schemes in the presence of an active adversary. Our findings indicate that the adversary can exploit the leaked information of the corrupted user to break backward secrecy. As a result, we demonstrate that the CRT-based schemes found in the literature are insecure against strong active adversaries and are therefore unsuitable for practical applications.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Data Availability

Not Applicable.

References

  1. Anand, A., Conti, M., Kaliyar, P., & Lal, C. (2019). Tare: Topology adaptive re-keying scheme for secure group communication in IOT networks. Wireless Networks. https://doi.org/10.1007/s11276-019-01975-y

    Article  Google Scholar 

  2. Zhang, Q., & Wang, Y. (2004). A centralized key management scheme for hierarchical access control. GLOBECOM–IEEE Global Telecommunications Conference, 4, 2067–2071. https://doi.org/10.1109/glocom.2004.1378375

    Article  Google Scholar 

  3. Sharma, S., Krishna, C. R. (2015) An efficient distributed group key management using hierarchical approach with elliptic curve cryptography. In 2015 IEEE international conference on computational intelligence communication technology, (pp. 687–693) . https://doi.org/10.1109/CICT.2015.116

  4. Abdmeziem, M. R., Tandjaoui, D., Romdhani, I. (2015) A decentralized batch-based group key management protocol for mobile internet of things (dbgk). In 2015 IEEE International conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing, (pp. 1109–1117) . https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.166

  5. Wu, Q., Qin, B., Zhang, L., Domingo-Ferrer, J., Farras, O., & Manjon, J. A. (2016). Contributory broadcast encryption with efficient encryption and short ciphertexts. IEEE Transactions on Computers, 65, 466–479. https://doi.org/10.1109/TC.2015.2419662

    Article  MathSciNet  Google Scholar 

  6. Xu, S. (2007). On the security of group communication schemes. Journal of Computer Security, 15, 129–169. https://doi.org/10.3233/JCS-2007-15106

    Article  Google Scholar 

  7. Quy, V. K., Chehri, A., Quy, N. M., Han, N. D., & Ban, N. T. (2023). Innovative trends in the 6g era: A comprehensive survey of architecture, applications, technologies, and challenges. IEEE Access, 11, 39824–39844. https://doi.org/10.1109/ACCESS.2023.3269297

    Article  Google Scholar 

  8. Quy, V. K., Ban, N. T., Van Anh, D., Quy, N. M., & Nguyen, D. C. (2023). An adaptive gateway selection mechanism for manet-IOT applications in 5g networks. IEEE Sensors Journal, 23(19), 23704–23712. https://doi.org/10.1109/JSEN.2023.3307617

    Article  Google Scholar 

  9. Vu Khanh, Q., Nguyen, V.-H., Minh, Q. N., Van Dang, A., Le Anh, N., & Chehri, A. (2023). An efficient edge computing management mechanism for sustainable smart cities. Sustainable Computing: Informatics and Systems, 38, 100867. https://doi.org/10.1016/j.suscom.2023.100867

    Article  Google Scholar 

  10. Rawat, A., & Deshmukh, M. (2020). Tree and elliptic curve based efficient and secure group key agreement protocol. Journal of Information Security and Applications, 55, 102599. https://doi.org/10.1016/j.jisa.2020.102599

    Article  Google Scholar 

  11. Hamsha, K., & Nagaraja, G. S. (2019). Threshold cryptography based light weight key management technique for hierarchical WSNS. In N. Kumar & R. Venkatesha Prasad (Eds.), Ubiquitous Communications and Network Computing (pp. 188–197). Cham: Springer.

    Chapter  Google Scholar 

  12. Piao, Y., Kim, J., Tariq, U., & Hong, M. (2013). Polynomial-based key management for secure intra-group and inter-group communication. Computers and Mathematics with Applications, 65, 1300–1309. https://doi.org/10.1016/j.camwa.2012.02.008

    Article  MathSciNet  Google Scholar 

  13. Zhang, J., Li, H., & Li, J. (2018). Key establishment scheme for wireless sensor networks based on polynomial and random key predistribution scheme. Ad Hoc Networks, 71, 68–77. https://doi.org/10.1016/j.adhoc.2017.12.006

    Article  Google Scholar 

  14. Nafi, M., Bouzefrane, S., & Omar, M. (2021). Efficient and lightweight polynomial-based key management scheme for dynamic networks. In S. Bouzefrane, M. Laurent, S. Boumerdassi, & E. Renault (Eds.), Mobile, Secure, and Programmable Networking (pp. 110–122). Cham: Springer.

    Chapter  Google Scholar 

  15. Kumar, V., Kumar, R., & Pandey, S. K. (2020). A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications. International Journal of Communication Systems, 33, 1–22. https://doi.org/10.1002/dac.4465

    Article  Google Scholar 

  16. Hsiao, T. C., Huang, Y. T., Huang, Y. M., Chen, T. L., Chen, T. S., & Wang, S. D. (2018). Efficient and scalable access management scheme based on Chinese remainder theorem. Sensors and Materials, 30, 413–422. https://doi.org/10.18494/SAM.2018.1751

    Article  Google Scholar 

  17. Koti, N. (2015) Security analysis of tree and non-tree based group key management schemes under strong active outsider attack model. In 2015 International conference on advances in computing, communications and informatics (ICACCI), (pp. 1825–1829). https://doi.org/10.1109/ICACCI.2015.7275882

  18. Chaudhari, A., Pareek, G., Purushothama, B. R. (2017) Security analysis of centralized group key management schemes for wireless sensor networks under strong active outsider adversary model. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI),(pp. 1576–1581). https://doi.org/10.1109/ICACCI.2017.8126066

  19. Chaudhari, A., Pareek, G., Purushothama, B. R. (2017) Security analysis of centralized group key management schemes for wireless sensor networks under strong active outsider adversary model. In 2017 international conference on advances in computing, communications and informatics, ICACCI (pp. 1576–1581). https://doi.org/10.1109/ICACCI.2017.8126066

  20. Vijayakumar, P., Bose, S., & Kannan, A. (2014). Chinese remainder theorem based centralised group key management for secure multicast communication. IET Information Security, 8(3), 179–187. https://doi.org/10.1049/iet-ifs.2012.0352

    Article  Google Scholar 

  21. SathiyaBalan, V.K., Zavarsky, P., Lindskog, D., Butakov, S. (2015) Study of applicability of Chinese remainder theorem based group key management for cloud environment. In 2015 10th International conference for internet technology and secured transactions (ICITST), (pp. 114–119). IEEE

  22. Kumar, V., Kumar, R., & Pandey, S. K. (2021). A computationally efficient and scalable key management scheme for access control of media delivery in digital pay-tv systems. Multimedia Tools and Applications, 80(1), 1–34. https://doi.org/10.1007/s11042-020-08904-8

    Article  MathSciNet  Google Scholar 

  23. Mansour, A., Malik, K. M., Alkaff, A., & Kanaan, H. (2021). Alms: Asymmetric lightweight centralized group key management protocol for Vanets. IEEE Transactions on Intelligent Transportation Systems, 22(3), 1663–1678. https://doi.org/10.1109/TITS.2020.2975226

    Article  Google Scholar 

  24. Sun, B., Li, Q., & Tian, B. (2018). Local dynamic key management scheme based on layer-cluster topology in WSN. Wireless Personal Communications, 103(1), 699–714. https://doi.org/10.1007/s11277-018-5471-5

    Article  Google Scholar 

  25. Cui, J., Tao, X., Zhang, J., Xu, Y., & Zhong, H. (2018). Hcpa-gka: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for Vanets. Vehicular Communications, 14, 15–25. https://doi.org/10.1016/j.vehcom.2018.09.003

    Article  Google Scholar 

  26. Bhaskar, P. K., & Pais, A. R. (2015). A Chinese remainder theorem based key management algorithm for hierarchical wireless sensor network. In R. Natarajan, G. Barua, & M. R. Patra (Eds.), Distributed Computing and Internet Technology (pp. 311–317). Cham: Springer.

    Chapter  Google Scholar 

  27. Guo, C., & Chang, C.-C. (2014). An authenticated group key distribution protocol based on the generalized Chinese remainder theorem. International Journal of Communication Systems, 27(1), 126–134.

    Article  Google Scholar 

  28. Xu, G., Chen, X., Du, X. (2012) Chinese remainder theorem based dtn group key management. In: 2012 ieee 14th international conference on communication technology, (pp. 779–783) . https://doi.org/10.1109/ICCT.2012.6511309

  29. Sowjanya, K., Dasgupta, M., & Ray, S. (2021). A lightweight key management scheme for key-escrow-free ECC-based CP-ABE for IOT healthcare systems. Journal of Systems Architecture, 117, 102108. https://doi.org/10.1016/j.sysarc.2021.102108

    Article  Google Scholar 

  30. Perumal, A. M., & Nadar, E. R. S. (2020). Architectural framework of a group key management system for enhancing e-healthcare data security. Healthcare Technology Letters, 7(1), 13–17.

    Article  Google Scholar 

  31. Kanimozhi, S., Kannan, A., Suganya Devi, K., & Selvamani, K. (2019). Secure cloud-based e-learning system with access control and group key mechanism. Concurrency and Computation: Practice and Experience, 31(12), 4841.

    Article  Google Scholar 

  32. Abuhasel, K. A., & Khan, M. A. (2020). A secure industrial internet of things (IIOT) framework for resource management in smart manufacturing. IEEE Access, 8, 117354–117364. https://doi.org/10.1109/ACCESS.2020.3004711

    Article  Google Scholar 

  33. Li, J., Qiao, Z., & Peng, J. (2022). Asymmetric group key agreement protocol based on blockchain and attribute for industrial internet of things. IEEE Transactions on Industrial Informatics, 18(11), 8326–8335. https://doi.org/10.1109/TII.2022.3176048

    Article  Google Scholar 

  34. Prabhu kavin, B., & Ganapathy, S. (2019). A secured storage and privacy-preserving model using CRT for providing security on cloud and IOT-based applications. Computer Networks, 151, 181–190. https://doi.org/10.1016/j.comnet.2019.01.032

    Article  Google Scholar 

  35. Jiang, Y., Shen, Y., & Zhu, Q. (2020). A lightweight key agreement protocol based on Chinese remainder theorem and ECDH for smart homes. Sensors. https://doi.org/10.3390/s20051357

    Article  Google Scholar 

  36. Ghosal, A., & Conti, M. (2019). Key management systems for smart grid advanced metering infrastructure: A survey. IEEE Communications Surveys & Tutorials, 21(3), 2831–2848. https://doi.org/10.1109/COMST.2019.2907650

    Article  Google Scholar 

Download references

Funding

The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Goa, Farmagudi, Ponda, Goa, 403401, India

    Payal Sharma

  2. Department of Information Technology, National Institute of Technology Karnataka, Surathkal, Mangaluru, Karnataka, 575025, India

    B. R. Purushothama

Authors
  1. Payal Sharma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. B. R. Purushothama
    View author publications

    You can also search for this author in PubMed Google Scholar

Contributions

All authors contributed to the study conception and analysis of the work.

Corresponding author

Correspondence to Payal Sharma.

Ethics declarations

Conflict of interest

All authors state that there is no conflict of interest.

Human or Animal Rights

No animals and humans are involved in this research work.

Consent for Publication

All authors give their consent for publication.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sharma, P., Purushothama, B.R. Proving the (In)Security of CRT Based Key Management Schemes Under SAOA Model. Wireless Pers Commun 134, 1299–1321 (2024). https://doi.org/10.1007/s11277-024-10925-7

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-024-10925-7

Keywords

Search

Navigation