Results 1  10
of
11
PerfectlySecure Key Distribution for Dynamic Conferences
, 1995
"... A key distribution scheme for dynamic conferences is a method by which initially an (offline) trusted server distributes private individual pieces of information to a set of users. Later, each member of any group of users of a given size (a dynamic conference) can compute a common secure group key. ..."
Abstract

Cited by 210 (5 self)
 Add to MetaCart
A key distribution scheme for dynamic conferences is a method by which initially an (offline) trusted server distributes private individual pieces of information to a set of users. Later, each member of any group of users of a given size (a dynamic conference) can compute a common secure group key. In this paper we study the theory and applications of such perfectly secure systems. In this setting, any group of t users can compute a common key by each user computing using only his private initial piece of information and the identities of the other t \Gamma 1 users in the group. Keys are secure against coalitions of up to k users, that is, even if k users pool together their pieces they cannot compute anything about a key of any tsize conference comprised of other users. First we consider a noninteractive model where users compute the common key without any interaction. We prove a lower bound on the size of each user's piece of information of \Gamma k+t\Gamma1 t\Gamma1 \Delta t...
Authenticated MultiParty Key Agreement
, 1996
"... We examine multiparty key agreement protocols that provide (i) key authentication, (ii) key confirmation and (iii) forward secrecy. Several minor (repairable) attacks are presented against previous twoparty key agreement schemes and a model for key agreement is presented that provably provides the ..."
Abstract

Cited by 73 (2 self)
 Add to MetaCart
We examine multiparty key agreement protocols that provide (i) key authentication, (ii) key confirmation and (iii) forward secrecy. Several minor (repairable) attacks are presented against previous twoparty key agreement schemes and a model for key agreement is presented that provably provides the properties listed above. A generalization of the BurmesterDesmedt model (Eurocrypt '94) for multiparty key agreement is given, allowing a transformation of any twoparty key agreement scheme into a multiparty scheme. Multiparty schemes (based on the general model and two specific 2party schemes) are presented that reduce the number of rounds required for key computation compared to the specific BurmesterDesmedt scheme. It is also shown how the specific BurmesterDesmedt scheme fails to provide key authentication. 1991 AMS Classification: 94A60 CR Categories: D.4.6 Key Words: multiparty, key agreement, key authentication, key confirmation, forward secrecy. Carleton University, Sc...
On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption
 Designs, Codes and Cryptography
, 1996
"... This paper provides an exposition of methods by which a trusted authority can distribute keys and/or broadcast a message over a network, so that each member of a privileged subset of users can compute a specified key or decrypt the broadcast message. Moreover, this is done in such a way that no coal ..."
Abstract

Cited by 54 (8 self)
 Add to MetaCart
(Show Context)
This paper provides an exposition of methods by which a trusted authority can distribute keys and/or broadcast a message over a network, so that each member of a privileged subset of users can compute a specified key or decrypt the broadcast message. Moreover, this is done in such a way that no coalition is able to recover any information on a key or broadcast message they are not supposed to know. The problems are studied using the tools of information theory, so the security provided is unconditional (i.e., not based on any computational assumption). We begin by surveying some useful schemes schemes for key distribution that have been presented in the literature, giving background and examples (but not too many proofs). In particular, we look more closely at the attractive concept of key distribution patterns, and present a new method for making these schemes more efficient through the use of resilient functions. Then we present a general approach to the construction of broadcast sch...
Tradeoffs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution
, 1996
"... . In 1993, Beimel and Chor presented an unconditionally secure interactive protocol which allows a subset of users in a network to establish a common key. This scheme made use of a key predistribution scheme due to Blom. In this paper, we describe some variations and generalizations of the BeimelCh ..."
Abstract

Cited by 45 (2 self)
 Add to MetaCart
. In 1993, Beimel and Chor presented an unconditionally secure interactive protocol which allows a subset of users in a network to establish a common key. This scheme made use of a key predistribution scheme due to Blom. In this paper, we describe some variations and generalizations of the BeimelChor scheme, including broadcast encryption schemes as well as interactive key distribution schemes. Our constructions use the key predistribution scheme of Blundo et al, which is a generalization of the Blom scheme. We obtain families of schemes in which the amount of secret information held by the network users can be traded off against the amount of information that needs to be broadcast. We also discuss lower bounds on the storage and communcation requirements of protocols of these types. Some of our schemes are optimal (or close to optimal) with respect to these bounds. 1 Introduction When a subset of users in a network wishes to communicate privately in conference, encryption algorithms...
SelfHealing Key Distribution with Revocation
 In Proceedings of IEEE Symposium on Security and Privacy, The Claremont Resort
, 2002
"... We address the problem of establishing a group key amongst a dynamic group of users over an unreliable, or Iossy, network. We term our key distribution mechanisms selfhealing because users' are capable of recovering lost group keys on their own, without requesting additional transmissions from ..."
Abstract

Cited by 43 (1 self)
 Add to MetaCart
(Show Context)
We address the problem of establishing a group key amongst a dynamic group of users over an unreliable, or Iossy, network. We term our key distribution mechanisms selfhealing because users' are capable of recovering lost group keys on their own, without requesting additional transmissions from the group manager, thus cutting back on network traffic, decreasing the load on the group manager, and reducing the risk of user exposure through traffic analysis. A user must be a member both before and after the session in which a particular key is sent in order to be able to recover the key through selfhealing. Binding the ability to recover keys' to membership status enables the group manager to use short broadcasts' to establish group keys', independent of the group size. In addition, the selfhealing approach to key distribution is stateless, meaning that a group member who has been offline for some time is able to recover new session keys' immediately after coming back online.
Generalized BeimelChor Schemes for Broadcast Encryption and Interactive Key Distribution
 Theoretical Computer Science
, 1998
"... In 1993, Beimel and Chor presented an unconditionally secure interactive protocol which allows a subset of users in a network to establish a common key. This scheme made use of a key predistribution scheme due to Blom. In this paper, we describe some variations and generalizations of the BeimelChor ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
In 1993, Beimel and Chor presented an unconditionally secure interactive protocol which allows a subset of users in a network to establish a common key. This scheme made use of a key predistribution scheme due to Blom. In this paper, we describe some variations and generalizations of the BeimelChor scheme, including broadcast encryption schemes as well as interactive key distribution schemes. Our constructions use the key predistribution scheme of Blundo et al, which is a generalization of the Blom scheme. We obtain families of schemes in which the amount of secret information held by the network users can be traded off against the amount of information that needs to be broadcast. We also consider lower bounds for protocols of these types, using the concept of entropy as our main tool. Some of our schemes are optimal (or close to optimal) with respect to the bounds we prove. keywords: broadcast encryption, interactive key distribution, communication, space, entropy A preliminary ve...
Linear Broadcast Encryption Schemes
, 2001
"... A new family of broadcast encryption schemes (BESs), which will be called linear broadcast encryption schemes (LBESs), is presented in this paper by using linear algebraic techniques. This family generalizes most previous proposals and provide a general framework to the study of broadcast encryption ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
A new family of broadcast encryption schemes (BESs), which will be called linear broadcast encryption schemes (LBESs), is presented in this paper by using linear algebraic techniques. This family generalizes most previous proposals and provide a general framework to the study of broadcast encryption schemes. We present a method to construct LBESs for a general specication structure in order to nd schemes that t in situations that have not been considered before. Key words: Distributed cryptography, Key distribution, Broadcast encryption, Key predistribution schemes. 1
Efficient Key Management for Secure Group Communications with Bursty Behavior
"... Secure group communication (SGC) is becoming more popular in the Internet. Burstiness is an important behavior in SGC. Performing bursty operation in one aggregate operation is important for efficiency and scalability. In this paper, we extend the wellknown keytree key management protocol for SGC ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Secure group communication (SGC) is becoming more popular in the Internet. Burstiness is an important behavior in SGC. Performing bursty operation in one aggregate operation is important for efficiency and scalability. In this paper, we extend the wellknown keytree key management protocol for SGC to situations with bursty user arrival and departure patterns. By using a binary representation technique for indexing the keys and the members on the key tree, we propose an efficient algorithm for bursty operation. The algorithm uses only binary right shift operation, which is extremely simple and efficient and could be embedded in standard secure multicast API packages. We also present experimental results from our algorithm.
A τRestricted Key Agreement Scheme
, 1999
"... A onerestricted key agreement is a method by which... In this paper we analyse τrestricted key agreement schemes. Such schemes allow the computation of up to τ common keys for τ distinct conferences. For certain values of the parameters the scheme that we propose distribute ..."
Abstract
 Add to MetaCart
A onerestricted key agreement is a method by which... In this paper we analyse &tau;restricted key agreement schemes. Such schemes allow the computation of up to &tau; common keys for &tau; distinct conferences. For certain values of the parameters the scheme that we propose distributes less information than the trivial one obtained by considering &tau; copies of a onerestricted scheme.