On the (In)Security of Recent Group Key Distribution Protocols

Liu, Jing; Wu, Yiyun; Liu, Xuezheng; Zhang, Yunchun; Xue, Gang; Zhou, Wei; Yao, Shaowen

doi:10.1093/comjnl/bxw061

Cited by 8 publications

(13 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Indeed, there is no reason to believe that a secure scheme can be designed using the underlying approach adopted in all three cases. As observed in Section 1, many related polynomial-based group key distribution schemes have been shown to be flawed [2][3][4][5][6]. Again as observed above, there are many existing schemes which achieve the same objectives in an efficient way and which have rigorous proofs of security-see, e.g.…”

Section: Discussionmentioning

confidence: 99%

How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes

Mitchell

2021

IET Information Security

View full text Add to dashboard Cite

Three closely related polynomial-based group key pre-distribution schemes have recently been proposed, aimed specifically at wireless sensor networks. The schemes enable any subset of a predefined set of sensor nodes to establish a shared secret key without any communications overhead. It is claimed that these schemes are both secure and lightweight, that is, making them particularly appropriate for network scenarios where nodes have limited computational and storage capabilities. Further studies have built on these schemes, for example, to propose secure routing protocols for wireless sensor networks. Unfortunately, as shown by the author, all three schemes are completely insecure; whilst the details of their operation vary, they share common weaknesses. In two cases, we show that an attacker equipped with the information built into just one sensor node can compute all possible group keys, including those for which the attacked node is not a member; this breaks a fundamental design objective. In the other case, an attacker equipped with the information built into at most two sensor nodes can compute all possible group keys. In the latter case, the attack can also be achieved by an attacker armed with the information from a single node together with a single group key to which this sensor node is not entitled. Repairing the schemes appears difficult, if not impossible. The existence of major flaws is not surprising given the complete absence of any rigorous proofs of security for the proposed schemes. A further recent work proposes a group membership authentication and key establishment scheme based on one of the three key pre-distribution schemes analysed here; as the author demonstrates, this scheme is also insecure, as the attack we describe on the corresponding pre-distribution scheme enables the authentication process to be compromised. This is an open access article under the terms of the Creative Commons Attribution License, which permits use, distribution and reproduction in any medium, provided the original work is properly cited.

show abstract

Section: Discussionmentioning

confidence: 99%

How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes

Mitchell

2021

IET Information Security

View full text Add to dashboard Cite

show abstract

“…• insider attacks of various attacks appear impossible to prevent, as many authors have observed (see, for example, [11,12,13], and the papers cited therein).…”

Section: Introductionmentioning

confidence: 99%

Yet another insecure group key distribution scheme using secret sharing

Mitchell¹

2020

Preprint

View full text Add to dashboard Cite

show abstract

“…3,4 This is because most broadcast environments allow any user to receive the broadcast information. 2,6 A group key establishment protocol is secure if only authorized users are allowed to reconstruct the group key in question. That is, a sender broadcasts encrypted messages.…”

Section: Introductionmentioning

confidence: 99%

“…3,4 This is because most broadcast environments allow any user to receive the broadcast information. 5,6 A common way to ensure secure group communication is to encrypt the messages using a key, 5 called group key. That is, a sender broadcasts encrypted messages.…”

Section: Introductionmentioning

confidence: 99%

“…In group key distribution protocols, a trusted third party called group manager (GM) chooses a group key and securely distributes it to all the authorized group members. 2,6 A group key establishment protocol is secure if only authorized users are allowed to reconstruct the group key in question. 1 Wireless networks, especially mobile wireless ad hoc networks, are likely to be unreliable and highly dynamic in the sense that the nodes may move in and out of range frequently and sometimes be completely separate from the network.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A novel self‐healing key distribution scheme based on vector space access structure and MDS codes

Vadlamudi

Vadlamudi²

2019

Int J Communication

View full text Add to dashboard Cite

Self-healing group key distribution protocols are useful in applications that have a dynamic group structure. These include broadcast transmission systems and multicast networks such as pay-per-view television, embedded and sensor networks, and cellular and wireless networks. To cater to the requirements of these applications, several self-healing group key distribution protocols are proposed in the literature. Many of these schemes are vulnerable to polynomial factorization or insider replay attacks. Some other schemes impose constraints on the users joining the group or revoked from the group. Motivated by these and other shortcomings of the existing schemes, we hereby propose a novel self-healing group key distribution protocol. Some of the features of this scheme include that (a) the number and the set of revoked users is not constrained, (b) the communication group can consist of any set of users, and (c) a revoked user is allowed to rejoin the group in any of the later sessions. The scheme is analyzed for its security, and it is found to provide anywise forward and backward secrecy. It is also found to resist anywise collusion attack. Communication and computation complexity of the scheme is analyzed; while doing so, various possible realizations of the scheme is discussed. In addition to the theoretical analysis, the proposed scheme is experimentally verified for its correctness using OMNET++ network simulator. KEYWORDSgroup key distribution, MDS codes, self-healing, vector space access structure Int J Commun Syst. 2019;32:e4088.wileyonlinelibrary.com/journal/dac Wireless networks, especially mobile wireless ad hoc networks, are likely to be unreliable and highly dynamic in the sense that the nodes may move in and out of range frequently and sometimes be completely separate from the network. Also, an adversary may intentionally disrupt the wireless communication using various methods. 5 A good group key mechanism should be resilient to this dynamic nature of the network as well as to the said attacks of the adversary. So, a specialized group key distribution protocols, known as self-healing group key distribution protocols, have been proposed in the literature. 7-15 These are useful in several settings such as group keys needed to be used for a short period because of frequent changes in the group structure. 12,14,16 In these protocols, group lifetime is divided into epochs called sessions, 7,8,12,17 where each session has a unique group key. At the beginning of each session, the GM transmits a broadcast message in order to provide a common key, called the session key, to each member of the group. 12,16 Every user belonging to the group computes the group key using the message and some private information.Using self-healing key distribution schemes, users, in a large and dynamic group communication over an unreliable network, can recover lost session keys on their own, even if some previous key distribution messages are lost, without requesting additional transmissions from the GM. 7,8,14,16,18,19 That is,...

show abstract

On the (In)Security of Recent Group Key Distribution Protocols

Cited by 8 publications

References 37 publications

How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes

How not to secure wireless sensor networks: a plethora of insecure polynomial‐based key pre‐distribution schemes

Yet another insecure group key distribution scheme using secret sharing

A novel self‐healing key distribution scheme based on vector space access structure and MDS codes

Contact Info

Product

Resources

About