Yi et al.’s Group Key Exchange Protocol : A Security Vulnerability and its Remediation (Yi et al.’s Group Key Exchange Protocol : A Security Vulnerability and its Remediation )

Youngsook Lee (이영숙); 김지연; WON, DONGHO (원동호)

Yi et al.’s Group Key Exchange Protocol : A Security Vulnerability and its Remediation

Journal of The Korea Society of Computer and Information
Abbr : JKSCI
2012, 17(4), pp.91-98
Publisher : The Korean Society Of Computer And Information
Research Area : Engineering > Computer Science

Youngsook Lee ¹, 김지연 ², WON, DONGHO ²

¹호원대학교
²성균관대학교

Accredited

ABSTRACT

A group key exchange (GKE) protocol is designed to allow a group of parties communicating over a public network to establish a common secret key. As group-oriented applications gain popularity over the Internet, a number of GKE protocols have been suggested to provide those applications with a secure multicast channel. Among the many protocols is Yi et al.’s password-based GKE protocol in which each participant is assumed to hold their individual password registered with a trusted server. A fundamental requirement for password-based key exchange is security against off-line dictionary attacks. However, Yi et al.’s protocol fails to meet the requirement. In this paper, we report this security problem with Yi et al.’s protocol and show how to solve it.

KEYWORDS

group key exchange, password, dictionary attack, identity-based cryptography

Citation status

* References for papers published after 2023 are currently being built.

[web] / Twitter / http://twitter.com

[web] / Facebook / http://www.facebook.com

[confproc] X. Yi / 2009 / ID-Based group password-authenticated key exchange / Advances in Information and Computer Security - 4th International Workshop on Security 5824 : 192~211

[confproc] J. Byun / 2005 / N-party encrypted Diffie-Hellman key exchange using different passwords / Proceedings of 3rd International Conference on Applied Cryptography and Network Security, LNCS 3531 : 75~90

[confproc] J. Byun / 2006 / Constant-round password-based group key generation for multi-layer ad-hoc networks / Proceedings of 3rd International Conference on Security in Pervasive Computing, LNCS 3934 : 3~17

[report] J. Kwon / 2006 / Password-authenticated multi-party keyexchange with different passwords / CryptologyePrint Archive

[confproc] D. Boneh / 2001 / Identity-based encryption from the weil pairing, in Proceedings of Crypto’01 / LNCS 2139 : 213~229

[journal] D. Boneh / 2003 / Identity based encryption from the Weil pairing / SIAM Journal of Computing 32(3) : 586~615

[confproc] B. Waters / 2005 / Efficient identity-based encryption without random oracles / Proceedings of Eurocrypt’05. LNCS 3494 : 114~127

[confproc] C. Gentry / 2006 / Practical identity-based encryption without random oracles / Proceedings of Eurocrypt’06 / LNCS 4004 : 445~464

[journal] S. Goldwasser / 1988 / A digital signature scheme secure against adaptive chosen-message attack / SIAM Journal of Computing 17(2) : 281~308

[confproc] D. Galindo / 2006 / On the generic construction of identity-based signatures with additional properties / Proceedings of Asiacrypt’06 / LNCS 4284 : 178~193

[confproc] K. Paterson / 2006 / Efficient identity-based signatures secure in the standard model / Proceedings of Acisp’06 / LNCS 4058 : 207~222

[confproc] U. Maurer / 1996 / Diffie-Hellman oracles / Proceedings of Crypto’96, LNCS 1109 : 268~282

[confproc] M. Burmester / 1998 / Equitable key escrow with limited time span, in Proceedings of Asiacrypt’98 / LNCS 1514 : 380~391

[confproc] F. Bao / 2003 / Variations of Diffie-Hellman problem, in Proceedings of ICICS’03 / LNCS 2836 : 301~312

[confproc] 임종인 / 2005 / Password-Based Group Key Exchange Secure Against Insider Guessing Attacks / Springer Verlag 3802 : 143~148

KJCKorea
Journal Central

Journal of The Korea Society of Computer and Information 2023 KCI Impact Factor : 0.65