Design and verification of cryptographic protocols has been under investigation for quite sometime. However, most of the attention has been paid for two parties protocols. In group key management and distribution protocols, keys are computed dynamically through cooperation of all protocol participants. Therefore regular approaches for two parties protocols verification cannot be applied on group key protocols. In this paper, we present a framework for formally verifying of group key management and distribution protocols based on the concept of rank functions. We define a class of rank functions that satisfy specific requirements and prove the soundness of these rank functions. Based on the set of sound rank functions, we provide a sound and complete inference system to detect attacks in group key management protocols. The inference system provides an elegant and natural proof strategy for such protocols compared to existing approaches. The above formalizations and rank theorems were implemented using the Prototype Verification System (PVS) theorem prover. We illustrate our approach by applying the inference system on a generic Diffie-Hellman group protocol and prove it in PVS.

Abstract — Group key establishment is an important mechanism to construct a common session key for group communications. Key transfer protocols rely on a mutually trusted key generation center (KGC) to select session keys and transport session keys to all communication entities secretly. Most often, KGC encrypts session keys under another secret key shared with each entity during registration. In this paper, we propose an authenticated key transfer protocol based on secret sharing scheme that KGC can broadcast group key information to all group members at once and only authorized group members can recover the group key; but unauthorized users cannot recover the group key. The confidentiality of this transformation is information theoretically secure. We also provide authentication for transporting this group key. Goals and security threats of our proposed group key transfer protocol will be analyzed in detail. Key words—Group key transfer protocol, session key, secret sharing, confidentiality, authentication. 1