Abstract
There have been several proposed methods in the literature for securely distributing group keys and managing group dynamics for secure group communications. While these methods claim to be secure against passive adversaries, our focus has been on a more powerful adversary known as a strong active outsider adversary. This adversary has the ability to corrupt legitimate users, which can result in the leakage of crucial secret information to the adversary. Such information can enable the adversary to recover both current and past group keys. One commonly utilized approach for ensuring secure group communication is group key management schemes based on the Chinese remainder theorem (CRT). In this paper, we evaluate prominent CRT-based key management schemes in the presence of an active adversary. Our findings indicate that the adversary can exploit the leaked information of the corrupted user to break backward secrecy. As a result, we demonstrate that the CRT-based schemes found in the literature are insecure against strong active adversaries and are therefore unsuitable for practical applications.
Similar content being viewed by others
Data Availability
Not Applicable.
References
Anand, A., Conti, M., Kaliyar, P., & Lal, C. (2019). Tare: Topology adaptive re-keying scheme for secure group communication in IOT networks. Wireless Networks. https://doi.org/10.1007/s11276-019-01975-y
Zhang, Q., & Wang, Y. (2004). A centralized key management scheme for hierarchical access control. GLOBECOM–IEEE Global Telecommunications Conference, 4, 2067–2071. https://doi.org/10.1109/glocom.2004.1378375
Sharma, S., Krishna, C. R. (2015) An efficient distributed group key management using hierarchical approach with elliptic curve cryptography. In 2015 IEEE international conference on computational intelligence communication technology, (pp. 687–693) . https://doi.org/10.1109/CICT.2015.116
Abdmeziem, M. R., Tandjaoui, D., Romdhani, I. (2015) A decentralized batch-based group key management protocol for mobile internet of things (dbgk). In 2015 IEEE International conference on computer and information technology; ubiquitous computing and communications; dependable, autonomic and secure computing; pervasive intelligence and computing, (pp. 1109–1117) . https://doi.org/10.1109/CIT/IUCC/DASC/PICOM.2015.166
Wu, Q., Qin, B., Zhang, L., Domingo-Ferrer, J., Farras, O., & Manjon, J. A. (2016). Contributory broadcast encryption with efficient encryption and short ciphertexts. IEEE Transactions on Computers, 65, 466–479. https://doi.org/10.1109/TC.2015.2419662
Xu, S. (2007). On the security of group communication schemes. Journal of Computer Security, 15, 129–169. https://doi.org/10.3233/JCS-2007-15106
Quy, V. K., Chehri, A., Quy, N. M., Han, N. D., & Ban, N. T. (2023). Innovative trends in the 6g era: A comprehensive survey of architecture, applications, technologies, and challenges. IEEE Access, 11, 39824–39844. https://doi.org/10.1109/ACCESS.2023.3269297
Quy, V. K., Ban, N. T., Van Anh, D., Quy, N. M., & Nguyen, D. C. (2023). An adaptive gateway selection mechanism for manet-IOT applications in 5g networks. IEEE Sensors Journal, 23(19), 23704–23712. https://doi.org/10.1109/JSEN.2023.3307617
Vu Khanh, Q., Nguyen, V.-H., Minh, Q. N., Van Dang, A., Le Anh, N., & Chehri, A. (2023). An efficient edge computing management mechanism for sustainable smart cities. Sustainable Computing: Informatics and Systems, 38, 100867. https://doi.org/10.1016/j.suscom.2023.100867
Rawat, A., & Deshmukh, M. (2020). Tree and elliptic curve based efficient and secure group key agreement protocol. Journal of Information Security and Applications, 55, 102599. https://doi.org/10.1016/j.jisa.2020.102599
Hamsha, K., & Nagaraja, G. S. (2019). Threshold cryptography based light weight key management technique for hierarchical WSNS. In N. Kumar & R. Venkatesha Prasad (Eds.), Ubiquitous Communications and Network Computing (pp. 188–197). Cham: Springer.
Piao, Y., Kim, J., Tariq, U., & Hong, M. (2013). Polynomial-based key management for secure intra-group and inter-group communication. Computers and Mathematics with Applications, 65, 1300–1309. https://doi.org/10.1016/j.camwa.2012.02.008
Zhang, J., Li, H., & Li, J. (2018). Key establishment scheme for wireless sensor networks based on polynomial and random key predistribution scheme. Ad Hoc Networks, 71, 68–77. https://doi.org/10.1016/j.adhoc.2017.12.006
Nafi, M., Bouzefrane, S., & Omar, M. (2021). Efficient and lightweight polynomial-based key management scheme for dynamic networks. In S. Bouzefrane, M. Laurent, S. Boumerdassi, & E. Renault (Eds.), Mobile, Secure, and Programmable Networking (pp. 110–122). Cham: Springer.
Kumar, V., Kumar, R., & Pandey, S. K. (2020). A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications. International Journal of Communication Systems, 33, 1–22. https://doi.org/10.1002/dac.4465
Hsiao, T. C., Huang, Y. T., Huang, Y. M., Chen, T. L., Chen, T. S., & Wang, S. D. (2018). Efficient and scalable access management scheme based on Chinese remainder theorem. Sensors and Materials, 30, 413–422. https://doi.org/10.18494/SAM.2018.1751
Koti, N. (2015) Security analysis of tree and non-tree based group key management schemes under strong active outsider attack model. In 2015 International conference on advances in computing, communications and informatics (ICACCI), (pp. 1825–1829). https://doi.org/10.1109/ICACCI.2015.7275882
Chaudhari, A., Pareek, G., Purushothama, B. R. (2017) Security analysis of centralized group key management schemes for wireless sensor networks under strong active outsider adversary model. In 2017 International Conference on Advances in Computing, Communications and Informatics (ICACCI),(pp. 1576–1581). https://doi.org/10.1109/ICACCI.2017.8126066
Chaudhari, A., Pareek, G., Purushothama, B. R. (2017) Security analysis of centralized group key management schemes for wireless sensor networks under strong active outsider adversary model. In 2017 international conference on advances in computing, communications and informatics, ICACCI (pp. 1576–1581). https://doi.org/10.1109/ICACCI.2017.8126066
Vijayakumar, P., Bose, S., & Kannan, A. (2014). Chinese remainder theorem based centralised group key management for secure multicast communication. IET Information Security, 8(3), 179–187. https://doi.org/10.1049/iet-ifs.2012.0352
SathiyaBalan, V.K., Zavarsky, P., Lindskog, D., Butakov, S. (2015) Study of applicability of Chinese remainder theorem based group key management for cloud environment. In 2015 10th International conference for internet technology and secured transactions (ICITST), (pp. 114–119). IEEE
Kumar, V., Kumar, R., & Pandey, S. K. (2021). A computationally efficient and scalable key management scheme for access control of media delivery in digital pay-tv systems. Multimedia Tools and Applications, 80(1), 1–34. https://doi.org/10.1007/s11042-020-08904-8
Mansour, A., Malik, K. M., Alkaff, A., & Kanaan, H. (2021). Alms: Asymmetric lightweight centralized group key management protocol for Vanets. IEEE Transactions on Intelligent Transportation Systems, 22(3), 1663–1678. https://doi.org/10.1109/TITS.2020.2975226
Sun, B., Li, Q., & Tian, B. (2018). Local dynamic key management scheme based on layer-cluster topology in WSN. Wireless Personal Communications, 103(1), 699–714. https://doi.org/10.1007/s11277-018-5471-5
Cui, J., Tao, X., Zhang, J., Xu, Y., & Zhong, H. (2018). Hcpa-gka: A hash function-based conditional privacy-preserving authentication and group-key agreement scheme for Vanets. Vehicular Communications, 14, 15–25. https://doi.org/10.1016/j.vehcom.2018.09.003
Bhaskar, P. K., & Pais, A. R. (2015). A Chinese remainder theorem based key management algorithm for hierarchical wireless sensor network. In R. Natarajan, G. Barua, & M. R. Patra (Eds.), Distributed Computing and Internet Technology (pp. 311–317). Cham: Springer.
Guo, C., & Chang, C.-C. (2014). An authenticated group key distribution protocol based on the generalized Chinese remainder theorem. International Journal of Communication Systems, 27(1), 126–134.
Xu, G., Chen, X., Du, X. (2012) Chinese remainder theorem based dtn group key management. In: 2012 ieee 14th international conference on communication technology, (pp. 779–783) . https://doi.org/10.1109/ICCT.2012.6511309
Sowjanya, K., Dasgupta, M., & Ray, S. (2021). A lightweight key management scheme for key-escrow-free ECC-based CP-ABE for IOT healthcare systems. Journal of Systems Architecture, 117, 102108. https://doi.org/10.1016/j.sysarc.2021.102108
Perumal, A. M., & Nadar, E. R. S. (2020). Architectural framework of a group key management system for enhancing e-healthcare data security. Healthcare Technology Letters, 7(1), 13–17.
Kanimozhi, S., Kannan, A., Suganya Devi, K., & Selvamani, K. (2019). Secure cloud-based e-learning system with access control and group key mechanism. Concurrency and Computation: Practice and Experience, 31(12), 4841.
Abuhasel, K. A., & Khan, M. A. (2020). A secure industrial internet of things (IIOT) framework for resource management in smart manufacturing. IEEE Access, 8, 117354–117364. https://doi.org/10.1109/ACCESS.2020.3004711
Li, J., Qiao, Z., & Peng, J. (2022). Asymmetric group key agreement protocol based on blockchain and attribute for industrial internet of things. IEEE Transactions on Industrial Informatics, 18(11), 8326–8335. https://doi.org/10.1109/TII.2022.3176048
Prabhu kavin, B., & Ganapathy, S. (2019). A secured storage and privacy-preserving model using CRT for providing security on cloud and IOT-based applications. Computer Networks, 151, 181–190. https://doi.org/10.1016/j.comnet.2019.01.032
Jiang, Y., Shen, Y., & Zhu, Q. (2020). A lightweight key agreement protocol based on Chinese remainder theorem and ECDH for smart homes. Sensors. https://doi.org/10.3390/s20051357
Ghosal, A., & Conti, M. (2019). Key management systems for smart grid advanced metering infrastructure: A survey. IEEE Communications Surveys & Tutorials, 21(3), 2831–2848. https://doi.org/10.1109/COMST.2019.2907650
Funding
The authors declare that no funds, grants, or other support were received during the preparation of this manuscript.
Author information
Authors and Affiliations
Contributions
All authors contributed to the study conception and analysis of the work.
Corresponding author
Ethics declarations
Conflict of interest
All authors state that there is no conflict of interest.
Human or Animal Rights
No animals and humans are involved in this research work.
Consent for Publication
All authors give their consent for publication.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Sharma, P., Purushothama, B.R. Proving the (In)Security of CRT Based Key Management Schemes Under SAOA Model. Wireless Pers Commun 134, 1299–1321 (2024). https://doi.org/10.1007/s11277-024-10925-7
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-024-10925-7