Secure group key management using uni-directional proxy re-encryption schemes

Chen, Yi-Ruei; Tygar, J. D.; Tzeng, Wen-Guey

doi:10.1109/infcom.2011.5934999

Cited by 37 publications

(34 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Each participating member holds the proxy re-encryption keys from the root to the leaf member. In two of the aforementioned studies [16,17], to construct a logical tree of keys, the parent members are computed from child members; consequently, members must be synchronized, otherwise any delay can cause an interruption in a protocol run. Additionally, during the setup time, both protocols depend upon a leader; in other words, a single-point failure may still arise in the system.…”

Section: Related Workmentioning

confidence: 99%

“…This section analyzes the efficiency of SGRS in terms of computational and message complexity against earlier works [13][14][15][16][17]. We consider that encryption should protect all types of keying materials exchanged among group members.…”

Section: B Efficiency Analysismentioning

confidence: 99%

“…In another study [17], an asymmetric group key agreement protocol based on a proxy re-encryption technique was proposed. The keys are arranged in a tree format, where the members represent the key pairs and the edges represent the proxy re-encryption keys.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

A secure key agreement protocol for dynamic group

Bilal

Kang

2017

Cluster Comput

View full text Add to dashboard Cite

Abstract-To accomplish secure group communication, it is essential to share a unique cryptographic key among group members. The underlying challenges to group key agreement are scalability, efficiency, and security. In a dynamic group environment, the rekeying process is more frequent; therefore, it is more crucial to design an efficient group key agreement protocol. Moreover, with the emergence of various group-based services, it is becoming common for several multicast groups to coexist in the same network. These multicast groups may have several shared users; a join or leave request by a single user can trigger regeneration of multiple group keys. Under the given circumstances the rekeying process becomes a challenging task. In this work, we propose a novel methodology for group key agreement which exploits the state vectors of group members. The state vector is a set of randomly generated nonce instances which determine the logical link between group members and which empowers the group member to generate multiple cryptographic keys independently. Using local knowledge of a secret nonce, each member can generate and share a large number of secure keys, indicating that SGRS inherently provides a considerable amount of secure subgroup multicast communication using subgroup multicasting keys derived from local state vectors. The resulting protocol is secure and efficient in terms of both communication and computation.Index Terms-Group key agreement, resource sharing, multicast security, dynamic system, scalability, confidentiality, rekeying I. INTRODUCTIONN the recent past with the advent of fast networking technologies, there has been a profound increase in the speed of the Internet and the degree of connectivity. In addition, with the emergence of new Internet applications such as video conferencing, online joint workspaces, group chat, multi-user games and online social networking applications, numerous possibilities for group communications have been created. Group participants share common interests and share the responsibility of secure group communication. In group communication, agreement regarding a secure group key is one of the most important and challenging tasks. Specifically, to maintain a secure group key in a dynamic environment This work was supported by the ICT R&D program of MSIP/IITP. [R-20160302-003082 becomes more difficult as the reestablishment of the group key should be rapid and lightweight with regard to complexity. Secure rekeying becomes an even more challenging task in resource-limited networks such as wireless sensor networks (WSNs) [1] and body-area networks (WBAN) [2], as most conventional cryptographic mechanisms and security protocols are not suitable for resource-limited WSNs or WBANs. For example, very efficient public key algorithms, such as ECC [3], need a fraction of a second to execute encryption/decryption procedures, while a symmetric key algorithm such as RC5 [3] needs only a fraction of a millisecond to perform encryption and decryption procedures [4][5]. For computa...

show abstract

Section: Related Workmentioning

confidence: 99%

Section: B Efficiency Analysismentioning

confidence: 99%

See 1 more Smart Citation

A secure key agreement protocol for dynamic group

Bilal

Kang

2017

Cluster Comput

View full text Add to dashboard Cite

show abstract

“…The number of users is often large in cloud-based services. One solution to deal with this issue is to apply a treebased group key management (GKM) scheme [10,11,28] to maintain the common distribution-key among a dynamic set of users at each class. The GKM scheme reduces the computation and communication cost from O(n i ) to O(lg n i ), where n i is the number of users in SC i .…”

Section: Scalable Rekey Mechanism For Large Number Of Usersmentioning

confidence: 99%

“…The GKM scheme reduces the computation and communication cost from O(n i ) to O(lg n i ), where n i is the number of users in SC i . In particular, the GKM schemes in [10,11] have an efficient rekey mechanism for a user who may miss key update messages in his off-line period. The methods are suitable in handing frequent rekey operations.…”

Section: Scalable Rekey Mechanism For Large Number Of Usersmentioning

confidence: 99%

CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing

Chen

Chu

Tzeng

et al. 2013

Applied Cryptography and Network Security

Self Cite

View full text Add to dashboard Cite

Abstract. Cloud services are blooming recently. They provide a convenient way for data accessing, sharing, and processing. A key ingredient for successful cloud services is to control data access while considering the specific features of cloud services. The specific features include great quantity of outsourced data, large number of users, honest-but-curious cloud servers, frequently changed user set, dynamic access control policies, and data accessing for light-weight mobile devices. This paper addresses a cryptographic key assignment problem for enforcing a hierarchical access control policy over cloud data. We propose a new hierarchical key assignment scheme CloudHKA that observes the BellLaPadula security model and efficiently deals with the user revocation issue practically. We use CloudHKA to encrypt outsourced data so that the data are secure against honest-butcurious cloud servers. CloudHKA possesses almost all advantages of the related schemes, e.g., each user only needs to store one secret key, supporting dynamic user set and access hierarchy, and provably-secure against collusive attacks. In particular, CloudHKA provides the following distinct features that make it more suitable for controlling access of cloud data.(1) A user only needs a constant computation time for each data accessing. (2) The encrypted data are securely updatable so that the user revocation can prevent a revoked user from decrypting newly and previously encrypted data. Notably, the updates can be outsourced by using public information only. (3) CloudHKA is secure against the legal access attack. The attack is launched by an authorized, but malicious, user who pre-downloads the needed information for decrypting data ciphertexts in his authorization period. The user uses the pre-downloaded information for future decryption even after he is revoked. Note that the pre-downloaded information are often a small portion of encrypted data only, e.g. the headercipher in a hybrid encrypted data ciphertext. (4) Each user can be flexibly authorized the access rights of Write or Read, or both.

show abstract

EPREKM: ElGamal proxy re‐encryption‐based key management scheme with constant rekeying cost and linear public bulletin size

Sharma,

B. R.

2024

Concurrency and Computation

View full text Add to dashboard Cite

SummaryA vast body of literature is filled with many key management schemes constructed using different cryptographic primitives. They aim toward either security goals or improvement in performance efficiency. However, the key management schemes based on proxy re‐encryption suffer from massive communication and computational costs. We propose an ElGamal proxy re‐encryption‐based construction for the key management scheme to resolve this. The proposed scheme involves constant computational and communication costs in rekeying operations and linear public bulletin size. We achieve essential security requirements of forward and backward secrecy in this scheme. The scheme is also secure against the collusion attack. In addition, we address the importance of adequately managing missed rekeying updates for offline users. The existing schemes trivially keep track of each rekeying message on the public bulletin board, which increases the size of the public bulletin with every join/leave operation. However, the proposed scheme uses the public bulletin board so that the handling of offline users is built into the scheme itself, which manages it efficiently. Also, the public bulletin size in the proposed scheme is not dependent on the number of rekeying operations but linear in the number of users.

show abstract

Secure group key management using uni-directional proxy re-encryption schemes

Cited by 37 publications

References 24 publications

A secure key agreement protocol for dynamic group

A secure key agreement protocol for dynamic group

CloudHKA: A Cryptographic Approach for Hierarchical Access Control in Cloud Computing

EPREKM: ElGamal proxy re‐encryption‐based key management scheme with constant rekeying cost and linear public bulletin size

Contact Info

Product

Resources

About