Passwords-Based Authentication Group Key Exchange Protocol

A password-authenticated group key exchange protocol (PAGKE) allows a group of users to agree on a high entropy session key over a public network using low entropy human-memorable passwords. The password is held by the users secretly and the session key can later be used to communicate securely through an insecure channel.Up to now, many secure and authenticated group key exchange protocols have been proposed, but the most classical way to add authentication to these protocols is to sign the message flows transmitted among the users. Unfortunately, such techniques depend on the PKI to handle public keys and certificates, which are complex.Password-authenticated group key exchange protocols do not need the support of the public key infrastructure and low-entropy passwords are easy to remember, not needing any additional devices, such as smart cards or hardware tokens, to store it, so password-based key agreement protocols can be useful for highly mobile environment, such as emergency rescue, military operations, personal networking and et al.In this paper, we present a new provable-secure password-authenticated group key exchange protocol based on the scheme of Burmester and Desmedt, and prove the security of our protocol in the standard model. Compared to existing password-authenticated group key exchange protocols, our protocl has following characteristics:(1) Every user of the group holds different passwords. In most password-authenticated group key agreement protocols, the passoword of all usrers is the same one, which is clear that the method is not practical. When the group dynamically changes, all members have to update the shared key at the same time. Besides, if one member discloses his key, all the key information will be disclosed, reducing the security of protocol.(2) The protocol proposed in this paper satisfies the secure property of key privacy with respect to server. Byun and Lee have suggested password-based group key exchange protocols in which every user of the group used different password. But their schemes didn't consider the secure property of key privacy with respect to the server which means that the server cannot obtain the session key although it knows the passwords of all the users. (3) Based Bellare, Pointcheval and Rogaway's model, the security of our protocol will be proved in the standard model under the Decisional Diffie-Hellman assumption. Compared with the protocol which is provably-security in the random oracle, our protocol avoids the potential insecurity factors from the concrete realization.Due to network failure, member voluntary or other reasons, the members of a group may join and leave the group at any time. A complete group key agreement should have the ability to adjust to the dynamic scenario, so in the last we will perform the Join and Remove algorithm in order to deal with situation above.