Two Provable Secure ID-based Group Key Agreement Protocols

As group-oriented and collaborative applications is getting popularity, therequirement for the secure and reliable group communications increase. One of theimportant challenges in this research area is to design secure and efficient group keyagreement protocols. A group key agreement protocol which can provide mutualauthentication is called as authenticated group key agreement.In these years, combining with bilinear pairing technology to realize ID-basedgroup key agreement is a hot research topic. However, in many of these protocolssome secure drawbacks demonstrated, which are described as follows:●Cannot provide perfect forward secrecy. Most of group key agreement onlycan provide partial forward secrecy, in which compromise of the long-termkeys of one or more but not all the participants does not compromisepreviously established session keys. Perfect forward secrecy, in whichcompromise of the long-term private keys of the entire participants does notcompromise any session key previously established by these participants,requires more secure quality.●Cannot prevent KGC from escrowing the established session keys. In PKIsystems, some cryptographic protocols generate users' public/private keysby KGC(Key Generation Center). If KGC wants to derive (or escrow) theestablished session keys, he can implements all the intercepted messages totry to recover the established session keys.To make up previous secure problems, with elliptic curve discrete logarithmproblem, bilinear pairing technology and ID-based cryptosystem, we propose two newprotocols OR-AGKA and EOR-AGKA. Subsequently, using the security modelsproposed by Bellar and Rogaway we have secure analysis on these two protocols.Finally, we describe efficiency analysis about the proposed protocols.The following work is finished in Inha University. This research is included aGIS project, which was supported by the MIC (Ministry of Information and Communication), Korea.In this dissertation, we firstly introduce current research background of group keyagreement in a simply view, state some famous ones and describe proven drawbackon them. Subsequently, we come out ID-based group key agreement protocolsOR-AGKA and EOR-AGKA. With the popular security provable model we discussthe secure issue. Moreover, we show our protocols can provide more efficient quality.Main contributions in this dissertation are shown as follows:1) Improving one-round group key agreement. Most of proposed one-roundgroup key agreement protocols are short of authentication procession.OR-AGKA and EOR-AGKA are more secure because of realizing mutualauthentication.2) Having solved forward secrecy and Key escrow problems. In protocolsOR-AGKA and EOR-AGKA, group users generate the group not only withevery user's long-term private key but also with ephemeral private key. Usingephemeral private keys can solve these two security problems.3) Having a breakthrough on system flexibility. Lots of published group keyagreement protocols are based on two-user subgroup or three-user subgroup,which reduce system flexibility and increase computation cost. The protocolsOR-AGKA and EOR-AGKA have improvement on this. In protocolEOR-AGKA, the size of subgroup can be more than three and decidedrandomly in a restricted region, therefore have a good flexibility.4) Discussing system security with security model. To demonstrate security, mostof published literatures use heuristic way to explain system security. Howeverthis is not enough. Cryptographic systems are in hostile environment. Systemfailures are not from ordinary attacks, but some complicated and smartexceptions. To set up more strict secure conceptions, the first step we shoulddo is in a formative way to solve problems. In formal provable cryptographicsystems, we can propose lots of attack games to model attacks. To an attackmodel, even if attack gets enough "Cryptography analysis course" he alsocannot succeed, we think systems are secure. In the field of provable security,the security of cryptographic systems can be related with intractablecomputational theory. In the process of security analysis on protocolsOR-AGKA and EOR-AGKA, since the security of EOR-AGKA is based onOR-AGKA, we mainly analyze OR-AGKA. With the secure model proposedby Bellar and Rogaway, we first demonstrate the security of communication between two users, and then model common attacks to prove our protocols aresecure.In a word, two ID-based provable group key agreement protocols OR-AGKA andEOR-AGKA use the ECDLP and make sure the mutual authentication to solveforward secrecy and key escrow by KGC, enhance system flexibility and efficiency.Meanwhile, with advanced provable methods we discuss the security of system. Bythe test data we analyze system performance, and show our protocols can reducesystem computation cost effectively.