Cross-domain Asymmetric Group Key Agreement

With the rapid development of cloud computing,wireless networks,computer networks,Internet of Things,collaborative computing,and other technologies,many group-oriented communication applications such as remote audio and video conferencing,telemedicine,video telephony,and network video teaching have emerged.These applications have brought great convenience to people's work and lives,but there are also some security issues about group communication,especially cross-domain group communication.Unfamiliar group users,who belong to different networks,regions,or institutions,need to establish a secure cross-domain group communication channel in a public,non-authenticated network environment.It has become a research hotspot in the field of information security.Cross-domain group key agreement technology is one of the key technologies to realize secure cross-domain group communication,which not only realizes encrypted communication within the group,but also allows external members to broadcast encrypted messages to the entire group.Therefore,this kind of technology has attracted extensive attention from academia and industry.However,the existing cross-domain asymmetric group key agreement protocol does not consider the aggregated authentication between cross-domain group members.In these protocols,group members can only verify the signatures one by one that leads to low efficiency.To mitigate the above efficiency problem,a cross-domain asymmetric group key agreement protocol that supports aggregation verification with the hierarchical identity cryptosystem is proposed in this paper.Group members' signatures can be aggregated into a signature verified in a batch manner.Subsequently,the identity cryptosystem has the key escrow problem because the domain PKG can calculate the private key of the corresponding users and impersonate valid users to participate in the group key agreement.Considering both the security and efficiency of the protocol,we designed a cross-domain asymmetric group key agreement protocol with the hierarchical certificateless cryptosystem.The proposed protocol is suitable for the scenario where PKG is not trusted and supports partial aggregate verification.Then,the specific research content is as follows:(1)To improve the efficiency problem that the existing cross-domain asymmetric group key agreement protocols do not consider the aggregated authentication,we proposed a distributed cross-domain authenticated asymmetric group key agreement(IB-CD-AAGKA)based on a hierarchical identity cryptosystem protocol.Compared with the existing protocols,the proposed protocol supports aggregated authentication between group users to improve the efficiency,so that the number of bilinear pairing operations has nothing to do with group size and it is suitable for large groups.In terms of security,the IB-CD-AAGKA protocol does not require a trusted third party to participate in the key negotiation process,which avoids the single point of failure problem.Moreover,the proofs are given that this protocol satisfies some basic security attributes,such as known key security,partial forward security,and chosen plaintext security.(2)Since the IB-CD-AAGKA protocol has the key escrow problem,it is only suitable for scenarios where PKG is completely trusted.To solve the above problem,we proposed a certificateless cross-domain authenticated asymmetric group key agreement(CL-CD-AAGKA)protocol based on a hierarchical certificateless cryptosystem,which not only realizes partial aggregated authentication between cross-domain users but also satisfies the distributed characteristics.The number of bilinear pairing operations involved in the partial aggregation authentication process has a linear relationship with the number of domains,so the efficiency of this protocol is lower than the IB-CD-AAGKA protocol.Nevertheless,as for security,the CL-CD-AAGKA protocol does not have key escrow problems,and it also meets some security attributes,such as known key security,partial forward security,and selected plaintext security.So it is more suitable for scenarios where PKG is not trusted.