As a result of the increased popularity of grouporiented applications and protocols, group communication occurs in many different settings: from network multicasting to application layer tele- and video-conferencing. Regardless of the application environment, security services are necessary to provide communication privacy and integrity. This paper considers the problem of key agreementindynamic peer groups. (Key agreement, especially in a group setting, is the steeping stone for all other security services.) Dynamic peer groups require not only initial key agreement (IKA) but also auxiliary key agreement (AKA) operations such as member addition, member deletion and group fusion. We discuss all group key agreement operations and present a concrete protocol suite, CLIQUES, which offers complete key agreement services. CLIQUES is based on multi-party extensions of the well-known Diffie-Hellman key exchange method. The protocols are efficient and provably secure against passiveadversari...

Secure group communication is an increasingly popular research area having received much attention in recent years. The fundamental challenge revolves around secure and efficient group key management. While centralized methods are often appropriate for key distribution in large groups, many collaborative group settings require distributed key agreement techniques. This work investigates a novel approach to group key agreement by blending binary key trees with Diffie-Hellman key exchange. The resultant protocol suite is very simple, secure and fault-tolerant. Moreover, its efficiency surpasses that of prior art.

Abstract not found

We encounter new types of security problems in ad-hoc networks because such networks have little or no support infrastructure. In this paper we consider one such problem: A group of people in a meeting room do not have access to public key infrastructure or third party key management service, and they do not share any other prior electronic context. How can they set up a secure session among their computers? We examine various alternatives and propose new protocols for password-based multi-party key agreement in this scenario. Our protocols may be applicable in other scenarios, too. We also present a fault-tolerant version of a multiparty Die-Hellman key agreement protocol which can be of independent interest. Keywords: ad-hoc network, key agreement, password authentication. 1 Introduction 1.1 A new key agreement scenario Consider a small group of people at a conference coming together in a room for an ad-hoc meeting. They would like to set up a wireless network session among their ...

We consider the fundamental problem of authenticated group key exchange among n parties within a larger and insecure public network. A number of solutions to this problem have been proposed; however, all provably-secure solutions thus far are not scalable and, in particular, require O(n) rounds. Our main contribution is the first scalable protocol for this problem along with a rigorous proof of security in the standard model under the DDH assumption; our protocol uses a constant number of rounds and requires only O(1) "full" modular exponentiations per user. Toward this goal and of independent interest, we first present a scalable compiler that transforms any group key-exchange protocol secure against a passive eavesdropper to an authenticated protocol which is secure against an active adversary who controls all communication in the network. This compiler adds only one round and O(1) communication (per user) to the original scheme. We then prove secure --- against a passive adversary --- a variant of the two-round group key-exchange protocol of Burmester and Desmedt.

Abstract. Secure and reliable group communication is an active area of research. Its popularity is caused by the growing importance of group-oriented and collaborative applications. The central research challenge is secure and efficient group key management. While centralized methods are often appropriate for key distribution in large multicast-style groups, many collaborative group settings require distributed key agreement techniques. This work investigates a novel group key agreement approach which blends so-called key trees with Diffie-Hellman key exchange. It yields a secure protocol suite (TGDH) that is both simple and fault-tolerant. Moreover, the efficiency of TGDH appreciably surpasses that of prior art. 1

authenticated Di#e-Hellman key exchange allows two principals communicating over a public network, and each holding public /private keys, to agree on a shared secret value. In this paper we study the natural extension of this cryptographic problem to a group of principals. We begin from existing formal security models and refine them to incorporate major missing details (e.g., strong-corruption and concurrent sessions). Within this model we define the execution of a protocol for authenticated dynamic group Di#e-Hellman and show that it is provably secure under the decisional Di#e-Hellman assumption. Our security result holds in the standard model and thus provides better security guarantees than previously published results in the random oracle model.

Abstract. Becker and Wille derived a lower bound of only one round for multi-party contributory key agreement protocols. Up until nowno protocol meeting this bound has been proven secure. We present a protocol meeting the bound and prove it is secure in Bellare and Rogaway’s model. The protocol is much more efficient than other conference key agreement protocols with provable security, but lacks forward secrecy. 1

This paper is based on a course Syverson taught at the 1st International School on Foundations of Security Analysis and Design (FOSAD'00) in Bertinoro, Italy in September 2000. Cervesato was a student there. The work of the first author was supported by ONR. The work of the second author was supported by NSF grant INT98-15731 "Logical Methods for Formal Verification of Software" and by NRL under contract N00173-00-C-2086

In recent years, collaborative and group-oriented applications and protocols are gaining popularity. These applications typically involve communication over open net-works, security thus is naturally an important requirement. Group key management is one of the basic building blocks in securing group communication. Most prior research in group key management focused on minimizing computation overhead, in particular minimizing expensive cryptographic operations. However, the continued advances in computing power have not been matched by a decrease in network communication delay. Thus, communication latency, especially in high-delay long-haul networks, is increasingly dominating the key setup latency, replacing computation delay as the main latency contributor. Hence, there is a need to minimize the size of messages and especially the number of rounds in cryptographic protocols. Since most previously proposed group key management techniques optimize com-putational (cryptographic) overhead, they are particularly impacted by high commu-nication delay. In this work, we discuss and analyze a specific group key agreement technique which supports dynamic group membership and handles network failures, such as group partitions and merges. This technique is very communication-efficient and provably secure against hostile eavesdroppers as well as various other attacks specific to group settings. Furthermore, it is simple, fault-tolerant and well-suited for high-delay networks. Index Terms security, group key agreement, group communication, communication complexity, cryptographic protocols 3 I.