Abstract
Users share a group key to decrypt encryptions for the group using a group key management scheme. In this paper, we propose a re-encryption-based group key management scheme, which uses a unidirectional proxy re-encryption scheme with special properties to enable group members share the updated group key with minimum storage and computation overhead. In particular, we propose a proxy re-encryption scheme that supports direct re-encryption key derivation using intermediate re-encryption keys. Unlike multi-hop re-encryption, the proposed proxy re-encryption scheme does not involve repeated re-encryption of the message. All the computations are done on the re-encryption key level and only one re-encryption is sufficient for making the group key available to the users. The proposed scheme is the first for group key management based on proxy re-encryption that is secure against collusion. The individual users store just one individual secret key with group key derivation requiring O\((\log N)\) computation steps for a group of N users. Size of the public bulletin maintained to facilitate access to the most recent group key for off-line members is O(N) and remains constant with respect to the number of group updates. The proposed group key management scheme confronts attacks by a non-member and even a collusion attack under standard cryptographic assumptions.
Similar content being viewed by others
Notes
\(\log _d N\) for a d-ary key tree. Key-trees of degree 2 are the most common.
References
Wong C K, Gouda M and Lam S S 2000 Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8(1): 16–30
Chen Y R, Tygar J D and Tzeng W G 2011 Secure group key management using uni-directional proxy re-encryption schemes. In: Proceedings of the 2011 IEEE International Conference on Computer Communications, INFOCOM’11, pp. 1952–1960
Ateniese G, Fu K, Green M and Hohenberger S 2006 Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur. 9(1): 1–30
Blaze M, Bleumer G and Strauss M 1998 Divertible protocols and atomic proxy cryptography. In: Advances in Cryptology—EUROCRYPT’98, pp. 127–144
Chen Y R and Tzeng W G 2012 Efficient and provably-secure group key management scheme using key derivation. In: Proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 295–302
Atallah M J, Blanton M, Fazio N and Frikken K B 2009 ACM Transactions on Information and System Security. ACM Trans. Inf. Syst. Secur. 12(3): 18:1–18:43
Shao J, Liu P, Cao Z and Wei G 2011 Multi-use unidirectional proxy re-encryption. In: Proceedings of the IEEE International Conference on Communications (ICC), pp. 1–5
Wang H, Cao Z and Wang L 2010 Multi-use and unidirectional identity-based proxy re-encryption schemes. Inf. Sci. 180(20): 4042–4059
Sherman A T and McGrew D A 2003 Key establishment in large dynamic groups using one-way function trees. IEEE Trans. Softw. Eng. 29(5): 444–458
Canetti R, Garay J, Itkis G, Micciancio D, Naor M and Pinkas B 1999 Multicast security: a taxonomy and some efficient constructions. In: Proceedings of the IEEE International Conference on Computer Communications (INFOCOM’99), vol. 2, pp. 708–716
Chiu Y P, Lei C L and Huang C Y 2005 Secure multicast using proxy encryption. In: Proceedings of the 7th International Conference on Information and Communications Security, ICICS 2005, pp. 280–290
Han Y, Gui X, Wu X and Yang X 2011 Proxy encryption based secure multicast in wireless mesh networks. J. Netw. Comput. Appl. 34(2): 469–477
Huang C Y, Chiu Y P, Chen K T and Lei C L 2007 Secure multicast in dynamic environments. Comput. Netw. 51(10): 2805–2817
Hur J, Shin Y and Yoon H 2007 Decentralized group key management for dynamic networks using proxy cryptography. In: Proceedings of the 3rd ACM Workshop on QoS and Security for Wireless and Mobile Networks, pp. 123–129
Mittra S 1997 Iolus: a framework for scalable secure multicasting. In: Proceedings of the Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, SIGCOMM’ 97, pp. 277–288
Mukherjee R and Atwood J W 2007 Scalable solutions for secure group communications. Comput. Netw. 51(12): 3525–3548
Li X S, Yang Y R, Gouda M G and Lam S S 2001 Batch rekeying for secure group communications. In: Proceedings of the Tenth International Conference on World Wide Web, pp. 525–534
Sun Y and Liu K J R 2007 Hierarchical group access control for secure multicast communications. IEEE/ACM Trans. Netw. 15(6): 1514–1526
Penrig A, Song D and Tygar D 2001 Elk, a new protocol for efficient large-group key distribution. In: Proceedings of the 2001 IEEE Symposium on Security and Privacy, pp. 247–262
Hur J, Shin Y and Yoon H 2007 Decentralized group key management for dynamic networks using proxy cryptography. In: Proceedings of the Third ACM Workshop on QoS and Security for Wireless and Mobile Networks, pp. 123–129
Ivan A and Dodis Y 2003 Proxy cryptography revisited. In: Proceedings of the Network and Distributed System Security Symposium (NDSS)
Ku W C and Chen S M 2003 An improved key management scheme for large dynamic groups using one-way function trees. In: Proceedings of the International Conference on Parallel Processing Workshops, pp. 391–396
Dan B and Franklin M 2001 Identity-based encryption from the weil pairing. In: Advances in Cryptology-CRYPTO’01, pp. 213–229
Dan B and Franklin M 2003 Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3): 586–615
Dodis Y and Yampolskiy A 2005 A verifiable random function with short proofs and keys. In: Proceedings of the 8th International Workshop on Theory and Practice in Public Key Cryptography, pp. 416–431
Acknowledgements
This work is supported by the Ministry of Human Resource Development, Government of India.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Pareek, G., Purushothama, B.R. Provably secure group key management scheme based on proxy re-encryption with constant public bulletin size and key derivation time. Sādhanā 43, 137 (2018). https://doi.org/10.1007/s12046-018-0917-8
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s12046-018-0917-8