Research On Cross-domain Group Authentication Key Exchange Protocol And Its Applications

With the rapid development of distributed computing, wireless network, multicast technique, millions of group-oriented network applications have emerged, such as network video conferences, network video teaching, network TV on-demand and live, video phone, cloud storage, ubiquitous computing, paid news and network game, etc. With the popularity of smart mobile terminals and network applications, there is a pressing public need for communication whenever and wherever. Therefore, there are increasing potential security problems of group communications, especially the security problems for the cross-domain group communications, which have attracted extensive attentions. In an open and unauthenticated network environment, it needs to establish a secure cross-domain group channel for remote stranger participants to provide efficient and reliable services of encryption and authentication for cross-domain group communications. It’s a critical technical factor for the group-oriented cross-domain communication that should be solved urgently.Cross-domain group authenticated key exchange is one of the key technologies for realizing secure cross-domain group communications. It allows participants to establish a common secret which they can then use in different applications to achieve both privacy and authenticity. This scheme can resist on different kind of attacks, which are initiated by non-group members, such as eavesdropping, tampering, forgery and replay attacks. Hence, although this topic has been developed for several years, it’s not clear how these schemes can be directly applied to establish a secure cross-domain group communication channel. Furthermore, group authenticated key exchange protocol is unable to withstand malicious participants’ insider attacks, thus it cannot provide source authentication service for the member of group. This is an important safety issue related to the cross-domain group authenticated key exchange protocol.In order to solve the above problems, we study and analyze in this thesis deeply. The main results are concluded as follows:(1) A novel cross-domain group password-based authenticated key exchange protocol is proposed. This scheme can help the participants who are from the different domains to generate a common session key, which they can use to establish a secure cross-domain group channels. Otherwise, we design a compile in the scheme, which can transform any secure cross-domain group key exchange protocol to a secure cross-domain group authenticated key exchange protocol. After the theoretic proof and experiment analysis, this scheme is more flexible and efficient, and requires much fewer computation and communication load.(2) A novel cross-domain group password-based authenticated key exchange protocol with adaptive security and contributiveness is proposed. It can not only provide(,)-2n n contributory, which means that the adversary cannot bias the distribution of the session key if there are at least half honest participants, but can also provide explicitauthentication and adaptive security. Moreover, we analyze the security of the scheme in the stronger security model, and achieve efficiency in both communication and computation load in the random-or-real and ideal tweakable cipher models based on the CDH assumption. The experimental analysis has also demonstrated that our scheme has much higher security, few computation and communication load.(3) A privacy-preserving and efficient cross-domain group authentication key exchange and traffic information sharing scheme is proposed. Based on the above schemes, the proposal achieves both privacy preservation and efficiency at the same time, and the bandwidth consumption significantly decreases. It also fulfills several security properties, such as authentication, Do S resistant, identity privacy preserving, unlinkability and conditional traceability. Extensive simulation reveals that the novel scheme is feasible and has much better performance than previously suggested counterparts in terms of message loss ratio and delay. The experimental analysis has also demonstrated that our scheme not only has a higher security and timeliness, but also has much less computation and communication loads.(4) A novel secure cross-domain group RFID authentication protocol is proposed. In this scheme, all the tags can be scanned simultaneously. It provides services of authentication and privacy-preserving, and solves the problem of vulnerability to the compromised tag attack. When needing to transfer the ownership of tags, our scheme is designed to allow authority-crossing ownership transfer in a mobile RFID environment. Furthermore, compare with another two traditional protocols, the performance analysis shows that our protocol has much lower tag’s communication cost and reader’s computation cost.