Abstract
In this paper, an efficient construction of multicast key distribution schemes based on semantically secure symmetric-key encryption schemes and cryptographically strong pseudo-random number generators is presented and analyzed. The proposed scheme is provably secure against adaptive adversaries leveraging the security amplification technique defined over the logical key hierarchy structures. Our protocol tolerates any coalition of revoked users; in particular, we do not assume any limit on the size or structure of the coalition. The proposed scheme is efficient as a performance of Join or Leave procedure requires 2 log(N) multicast activities defined over a sibling ancestor node set, 2 log(N) internal state updates of the underlying pseudo-random number generator and 2 log(N) symmetric-key encryption activities for N users in a session.
摘要
创新点
本文提出一种基于语义安全对称密钥加密算法和密码安全伪随机数发生器的快速组播密钥分发协议。 利用定义在逻辑密钥树结构的安全性放大技术, 我们证明了提出的方案能抵抗自适应攻击。 该组播密钥分发协议能抵抗撤销用户合作攻击; 同时在密钥更新时, 仅需更新逻辑密钥树每个节点中内置伪随机函数的状态。 因此该算法的计算复杂度为计算复杂度为 O(log(N)), 这里N是集群的用户数。
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Sakarindr P, Ansari N. Survey of security services on group communications. IET Inf Secur, 2010, 4: 258–272
Burmester M, Desmedt Y. A secure and efficient conference key distribution system (extended abstract). In: Advances in Cryptology—EUROCRYPT’94. Berlin: Springer, 1995. 275–286
Kim Y, Perrig A, Tsudik G. Group key agreement efficient in communication. IEEE Trans Comput, 2004, 53: 905–921
Kim Y, Perrig A, Tsudik G. Tree-based group key agreement. ACM Trans Inf Syst Secur, 2014, 7: 60–96
Wu Q, Qin B, Zhang L, et al. Fast transmission to remote cooperative groups: a new key management paradigm. IEEE/ACM Trans Netw, 2013, 21: 621–633
Fiat A, Naor M. Broadcast encryption. In: Advances in Cryptology—CRYPTO’93. Berlin: Springer, 1993. 480–491
Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Advances in Cryptology—CRYPTO. Berlin: Springer, 2005. 258–275
Gentry C, Waters B. Adaptive security in broadcast encryption systems (with short ciphertexts). In: Advances in Cryptology—EUROCRYPT. Berlin: Springer, 2009. 171–188
Phan D H, Pointcheval D, Shahandashti S F, et al. Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts. Int J Inf Sec, 2013, 12: 251–265
Wong C K, Gouda M G, Lam S S. Secure group communications using key graphs. In: Proceedings of the ACM SIGCOMM’98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication. New York: ACM, 1998. 68–79
Wong C K, Gouda M G, Lam S S. Secure group communications using key graphs. IEEE/ACM Trans Netw, 2000, 8: 16–30
Canetti R, Malkin T, Nissim K. Efficient communication-storage tradeoffs for multicast encryption. In: Advances in Cryptology—EUROCRYPT’99. Berlin: Springer, 1999. 459–474
Wallner D M, Harder E J, Agee R C. Key management for multicast: issues and architectures. National Security Agency, 1999. http://dx.doi.org/10.17487/RFC2627
Sherman A T, McGrew D A. Key establishment in large dynamic groups using one-way function trees. IEEE Trans Softw Eng, 2003, 29: 444–458
Goshi J, Ladner R E. Algorithms for dynamic multicast key distribution trees. In: Proceedings of the 22nd Annual Symposium on Principles of Distributed Computing. New York: ACM, 2003. 243–251
Goodrich M T, Sun J Z, Tamassia R. Efficient tree-based revocation in groups of low-state devices. In: Advances in Cryptology—CRYPTO. Berlin: Springer, 2004. 511–527
Lysyanskaya A, Tamassia R, Triandopoulos N. Multicast authentication in fully adversarial networks. In: Proceedings of IEEE Symposium on Security and Privacy, Okaland, 2004. 241–255
Yao D, Fazio N, Dodis Y, et al. Id-based encryption for complex hierarchies with applications to forward security and broadcast encryption. In: Proceedings of ACM Conference on Computer and Communications Security, Washington, 2004. 354–363
Zhu S, Setia S, Xu S, et al. Gkmpan: an efficient group rekeying scheme for secure multicast in ad-hoc networks. In: Proceedings of the 1st Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services, Boston, 2004. 42–51
Xu S. On the security of group communication schemes. J Comput Secur, 2007, 15: 129–169
Chen Y R, Tygar J D, Tzeng W G. Secure group key management using uni-directional proxy re-encryption schemes. In: Proceedings of IEEE International Conference on Computer Communications, Shanghai, 2011. 1952–1960
Chen Y R, Tzeng W G. Efficient and provably-secure group key management scheme using key derivation. In: Proceedings of IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications, Liverpool, 2012. 295–302
Cortier V, Steel G, Wiedling C. Revoke and let live: a secure key revocation api for cryptographic devices. In: Proceedings of ACM Conference on Computer and Communications Security, Raleigh, 2012. 918–928
Cho J H, Chan K S, Chen I R. Composite trust-based public key management in mobile ad hoc networks. In: Proceedings of the 28th Annual ACM Symposium on Applied Computing. New York: ACM, 2013. 1949–1956
Dong Q, Liu D, Ning P. Providing dos resistance for signature-based broadcast authentication in sensor networks. ACM Trans Embedded Comput Syst, 2013, 12: 73
Koskela T, Kassinen O, Harjula E, et al. P2P group management systems: a conceptual analysis. ACM Comput Surv, 2013, 45: 20
Kremer S, Künnemann R, Steel G. Universally composable key-management. In: Computer Security— ESORICS. Berlin: Springer, 2013. 327–344
Canetti R, Garay J A, Itkis G, et al. Multicast security: a taxonomy and some efficient constructions. In: Proceedings of the 18th Annual Joint Conference of the IEEE Computer and Communications Societies, New York, 1999. 708–716
Micciancio D, Panjwani S. Corrupting one vs corrupting many: the case of broadcast and multicast encryption. In: Automata, Languages and Programming. Berlin: Springer, 2006. 70–82
Bellare M, Desai A, Pointcheval D, et al. Relations among notions of security for public-key encryption schemes. In: Advances in Cryptology—CRYPTO’98. Berlin: Springer, 1998. 26–45
National Institute of Standards and Technology. Announcing the Advanced Encryption Standard (AES): Federal Information Processing Standards Publication 197. http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf. 2001
Canetti R, Rivest R L, Sudan M, et al. Amplifying collision resistance: a complexity-theoretic treatment. In: Advances in Cryptology—CRYPTO. Berlin: Springer, 2007. 264–283
Aggarwal D, Dodis Y, Jafargholi Z, et al. Amplifying privacy in privacy amplification. In: Advances in Cryptology—CRYPTO. Berlin: Springer, 2014. 183–198
Dodis Y, Li X, Wooley T D, et al. Privacy amplification and nonmalleable extractors via character sums. SIAM J Comput, 2014, 43: 800–830
Halevi S, Harnik D, Pinkas B, et al. Proofs of ownership in remote storage systems. In: Proceedings of the 18th ACM Conference on Computer and Communications Security. New York: ACM, 2011. 491–500
Dwork C, Naor M, Reingold O. Immunizing encryption schemes from decryption errors. In: Advances in Cryptology— EUROCRYPT. Berlin: Springer, 2004. 342–360
Goldreich O. The Foundations of Cryptography: Volume 2, Basic Applications. Cambridge: Cambridge University Press, 2004
Goldreich O. The Foundations of Cryptography: Volume 1, Basic Techniques. Cambridge: Cambridge University Press, 2001
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Zhu, H. An efficient protocol for secure multicast key distribution in the presence of adaptive adversaries. Sci. China Inf. Sci. 60, 52109 (2017). https://doi.org/10.1007/s11432-014-0911-8
Received:
Accepted:
Published:
DOI: https://doi.org/10.1007/s11432-014-0911-8
Keywords
- adaptive adversary
- multicast key distribution
- pseudo-random number generator
- semantic security
- symmetric-key encryption