Group Rekeying Algorithm Using Pseudo-random Functions and Modular Reduction

Pegueroles, Josep; Wang, Bin; Soriano, Miguel; Rico-Novella, Francisco

doi:10.1007/978-3-540-24679-4_148

Cited by 9 publications

(8 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, the proposed method of cryptanalysis can balance time complexity |T | < 2 B /M and requirement on exposure probability P (SUCC) by choosing an appropriate M . By considering a case study of h = 20 thus N being around one million (which is a reasonable assumption for practical large-scale multicast applications), we have constructed very interesting magic numbers concerning [8] [9] and got some satisfactory T -P (SUCC) results to support the above tradeoff theory, i.e., both values being fairly acceptable. Due to limit of space, numerical analysis is not included in this article.…”

Section: B Weakness In the Remainder Approach -Variantmentioning

confidence: 73%

“…This lies in that the collision M | h i=0 R i tends to be less likely to occur than that of M | N i=1 f i , due to the number of large random multipliers involved (h + 1 compared with N ). However, we note that the outsider attack presented in Section II-A is still applicable to [8] [9] considering large multicast groups with a not too small h. This is owing to the scenario's t-M tradeoff (actually, T -P (SUCC) tradeoff) feature lying in a relationship similar to (7), herein cs =cs + tM .…”

Section: B Weakness In the Remainder Approach -Variantmentioning

confidence: 90%

“…We consider very small groups (e.g., N < 100) and compute P (SUCC) according to (9), and then enumerate the probabilities for different N in Table I. We note that even for a very small G with only 65 members, there is a considerable P (SUCC) of almost 80%.…”

Section: A Weakness In the Remainder Approach -Variantmentioning

confidence: 99%

“…In a large number of BE applications ranging from DVD encryption [1]- [3] to multicast access control [4]- [9] and teleconference [10] [11], the application data are protected by a symmetric cipher with the (short-term) group key; only legitimate users hold confidential information to first derive the common secret and then decrypt the data:…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

General Weakness in Certain Broadcast Encryption Protocols Employing the Remainder Approach

Zhu¹

2008

2008 IEEE International Conference on Communications

View full text Add to dashboard Cite

We address the problem of distributing a grouporiented secret from a centralized key server to a number of privileged recipients, known as broadcast encryption. In a set of existent schemes, this common shared secret is distributed as an arithmetic remainder embedded in a broadcast keying message, such that upon receiving the message, a legitimate recipient only needs to perform one modular operation upon the keying information to derive the secret. In this article, however, we point out a generic weakness in these protocols and demonstrate efficient methods for cryptanalysis. The presented approaches follow a collision attack paradigm and can work in a manner that even a completely passive outsider may somehow acquire the secret. Numerical analysis shows that in practical scenarios, our technique can compromise the common shared secret with a significant probability, implying that these broadcast encryption schemes are highly vulnerable.Index Terms-Data and communication security, broadcast encryption, common secret, remainder, collision, passive outsider attack, magic number. I. INTRODUCTIONThe broadcast encryption (BE) problem [1] [2] involves distributing a common shared secret, typically in the form of a short-term group key, from a centralized key server (KS) to a large number of intended receivers forming a possibly dynamic subscriber group, such that at any give time instance only the privileged group members are able to actually utilize certain application data that are publicly available, e.g., from a broadcast communication channel.In a large number of BE applications ranging from DVD encryption [1]-[3] to multicast access control [4]-[9] and teleconference [10] [11], the application data are protected by a symmetric cipher with the (short-term) group key; only legitimate users hold confidential information to first derive the common secret and then decrypt the data:• In BE solutions, cost-efficient manipulations like arithmetic operations, one-way (hash) functions, and symmetric encryptions / decryptions are preferred in distributing the common secret itself [1]. As an approach for content protection, broadcast encryption is envisioned to promise more flexible and resilient security compared with traditional public-key cryptography techniques [2]. • Moreover, in many cases the receivers are assumed to be stateless [3], i.e., they hold certain static cryptographic information like a pairwise key shared with the KS, and they do not update their rekey states from session to

show abstract

Section: B Weakness In the Remainder Approach -Variantmentioning

confidence: 73%

Section: B Weakness In the Remainder Approach -Variantmentioning

confidence: 90%

Section: A Weakness In the Remainder Approach -Variantmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

General Weakness in Certain Broadcast Encryption Protocols Employing the Remainder Approach

Zhu¹

2008

2008 IEEE International Conference on Communications

View full text Add to dashboard Cite

show abstract

“…Using key trees, the number of messages to be sent are reduced to the order of the logarithm of the number of VPG nodes, so the VPG-SA reduces the rekeying time. A specially suitable algorithm for Grid environments was proposed by some of the authors in [12] and more detailed explanation about this topic can be found in [2].…”

Section: Vpg Security Architecturementioning

confidence: 99%

Security Issues in Virtual Grid Environments

Muñoz

Pegueroles

Forné

et al. 2004

Computational Science - ICCS 2004

Self Cite

View full text Add to dashboard Cite

Abstract. Computational Grids (or simply Grids) enable access to a large number of resources typically including processing, memory, and storage devices. Usually, Grids are used for running very specific applications (most of them related to some kind of scientific hard problem); however, not much attention has been paid to commercial Grid applications. The massive use of such commercial services will depend on fulfilling their special security, usability and quality of service requirements. In this sense, Virtual Private Grid (VPG) provides a way of dynamically create a virtual grid environment with dedicated network resources. In this paper VPG is compared with related work such as the Grid over VPN (GoVPN), the Grid Community (GC) and the Ad-hoc Grid (AG) and the security challenges for VPGs are analyzed.

show abstract