Conference Paper

The Design of a Conference Key Distribution System.

Authors:
To read the full-text of this research, you can request a copy directly from the authors.

Abstract

In this paper, we propose a conference key distribution system for generating a common secret key for two or more users. In our system, each user possesses a secret key and a public key. Initially, the chairperson constructs a conference key associated with his secret key and the conference members' public keys. Then each member can obtain and authenticate the conference key by using his secret key. Further, we have shown that the security of our proposed system is based on the difficulty of breaking the Diffie-Hellman key distribution system.

No full-text available

Request Full-text Paper PDF

To read the full-text of this research,
you can request a copy directly from the authors.

... The conference key is a common secret key with which one can encrypt and decrypt messages to communicate with others in the group. The first type of conference key protocol allows a chairman to select a conference key and distribute it to all participants (Berkovits, 1991;Beller et al., 1993;Chang et al., 1992;Hwang and Yang, 1995;Hwang, 1999;Tseng and Jan, 1999;Yi et al., 2003). The second type of conference key protocol allows all participants to compute a common key together without a chairman (Ingemarsson et al., 1982;Steer et al., 1990;Tzeng, 2002). ...
... On the other hand, compare to the transmission via hard wires, wireless communications transmit conversations via radio which are more susceptible to eavesdropping and unauthorized access. The traditional conference key scheme isn't suitable for wireless mobile participants (Berkovits, 1991;Chang et al., 1992;Ingemarsson et al., 1982;Tseng and Jan, 1999;Tzeng, 2002). Because a mobile user's portable devices are usually low powered, low cost, and limited to computing capability, it is crucial to ensure confidentiality and authenticity in mobile teleconferences. ...
Article
Technological advances have allowed all conferees to hold a mobile conference via wireless communication. When designing a conference scheme for mobile communications it should be taken into account that the mobile users are typically using portable devices with limited computing capability. Moreover, wireless communications are more susceptible to eavesdropping and unauthorized access than conversations via wires. Based on elliptic curve cryptography, this article proposes a secure mobile conference scheme which allows a participant to join or quit a teleconference dynamically. Without any interactive protocol among participants are required to construct the common key. This can save on communication overhead.
... This system [3] uses a discrete logarithm setting with prime modulus p and primitive element g. Each party Uj, j = 1,2, . . . ...
Conference Paper
Chang-Wu-Chen presented at Auscrypt 92 a conference key distribution system based on public keys. We show that this scheme is insecure and discuss ways to fix it.
... There have been intensive research on conference key protocols. Conference key distribution protocols (with a chairman) have been studied in [3,9,10,19]. Pre-distributed conference key protocols have been studied in [4,5,22]. ...
Conference Paper
A conference key protocol allows a group of participants to establish a secret communication (conference) key so that all their com- munications thereafter are protected by the key. In this paper we consider the distributed conference key (conference key agreement) protocol. We present two round-efficient conference key agreement protocols, which achieve the optimum in terms of the number of rounds. Our protocols are secure against both passive and active adversaries under the random oracle model. They release no useful information to passive adversaries and achieve fault tolerance against any coalition of malicious partici- pants. We achieve the optimal round by transferring an interactive proof system to a non-interactive version, while preserving its security capa- bility.
... There are two kinds of multi-party key establishment protocols: multi-party key distribution and multi-party key agreement. In multi-party key distribution protocols2345, there is a chairman who is responsible for generating a common key and then securely distributing that key to the other participants involved in a conference. A multi-party key agreement protocol involves all participants cooperatively establishing a common key without a chairman. ...
Article
By its very nature, a non-authenticated multi-party key agreement protocol cannot provide participant and message authentication, so it must rely on an authenticated network channel. This paper presents the inability of two famous multi-party key agreement protocols to withstand malicious participant attacks, even though their protocols are based on the authenticated network channel. This attack involves a malicious participant disrupting the multi-party key agreement among honest participants. In this case, other honest participants do not correctly agree on a common key. Obviously, the malicious participant cannot obtain the common key either, and the communication confidentiality among participants is not breached. However, in some emergency situations or applications, a multi-party key agreement protocol design that is resistant to malicious participants is useful. Therefore, in this paper, a non-authenticated multi-party key agreement protocol resistant to malicious participants is proposed. The proposed robust protocol requires constant rounds to establish a common key. Each participant broadcasts a constant number of messages. Under the assumption of the Decision Diffie-Hellman problem and the random oracle model, we will show that the proposed protocol is provably secure against passive adversaries and malicious participants. © The Author 2005. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved.
... A general method to assure confidentiality of a conference is encryption of messages with a shared key among participants. Two types of key sharing schemes exist: key distribution schemes (Chang et al., 1992;Hirose and Ikeda, 1997;Hwang and Yang, 1995;Tseng, 2002) and key agreement schemes (Ateniese et al., 2002;Boyd and Nieto, 2003;Bresson et al., 2001Bresson et al., , 2002Burmester and Desmedt, 1994;Katz and Yung, 2003). In the key distribution scheme, a key distributor establishes a key and then securely distributes it to every participant. ...
Article
A fault-tolerant conference-key agreement protocol establishes a shared key among participants of a conference even when some malicious participants disrupt key agreement processes. Recently, Tseng proposed a new fault-tolerant conference-key agreement protocol that only requires a constant message size and a small number of rounds. In this paper, we show that the Tseng’s protocol cannot provide forward and backward confidentiality during a conference session for the proposed attack method. We also show that a simple countermeasure—re-randomizing short-term keys of some participants—to avoid the proposed attack can be broken by extending the proposed attack method.
Conference Paper
Multi-receiver cryptosystem enables any sender to encrypt a message and broadcast the cipher-text to a group of authorized users, while no one out this group can decrypt the message. Multi-receiver encryption is of great importance in many sectors such as broadcast communication, cloud computing, wireless communications, networking applications, and medical applications. This paper proposes an efficient multi-receiver public key encryption scheme based on third order linear sequences. The results of the computational analysis show that, the proposed scheme is better against renown attacks and prevailing anonymous multi-receiver algorithms.
Article
A conference key distribution system is a scheme to generate a conference key, and then to distribute this key to only participants attending the conference in order to communicate with each other securely. In this paper, an efficient conference key distribution system is presented by employing a symmetric balanced incomplete block design (SBIBD), one class of block designs. Through techniques for creating a conference key and for performing authentication based on identification information, the communication protocol is designed. The protocol presented minimizes the message overhead for generating a conference key. In a special class of SBIBD the message overhead is , where v is the number of participants. The security of the protocol, which is a significant problem in the construction of a secure system, can be proved as computationally difficult to calculate as factoring and discrete logarithms.
Article
A group key distribution protocol can enable members of a group to share a secret group key and use it for secret communications. In 2010, Harn and Lin proposed an authenticated group key distribution protocol using polynomial-based secret sharing scheme. Recently, Guo and Chang proposed a similar protocol based on the generalized Chinese remainder theorem. In this paper, we point out that there are some security problems of Guo and Chang's protocol and propose a simpler authenticated group key distribution protocol based on the Chinese remainder theorem. The confidentiality of our proposed protocol is unconditionally secure. Copyright © 2013 John Wiley & Sons, Ltd.
Article
The group key distribution protocol is a mechanism for distributing a group key that is used to encrypt the communication data transmitted in an open group. Recently, a novel group key distribution protocol based on secret sharing was proposed. In their protocol, the group key information is broadcast in an open network environment, and only authorized group members can obtain the group key. However, their protocol requires each group member to broadcast a random challenge to the rest of the group members in the construction of the group key, and this may increase communication cost and cause network traffic congestion. In this paper, we propose an authenticated group key distribution protocol based on the generalized Chinese remainder theorem that drastically reduces communication costs while maintaining at least the same degree of security. Our protocol is built on the secret sharing scheme based on Chinese remainder theorem, which requires fewer computation operations than the previous work. Copyright © 2012 John Wiley & Sons, Ltd.
Article
In order to hold secure electronic conference in communication networks via insecure channels, a conference key distribution system should be constructed. The conference key distribution system (CKDS) is used for distributing a conference key shared among the participants of the conference and hence secure communications are achieved. In this paper, by using the secret sharing scheme based on the MDS code and the Diffie-Hellman key exchange scheme as the basic component, we propose an efficient and anonymous conference-key distribution scheme that supports conference membership changes dynamically. We also show that, based on the Diffie-Hellman (DH) and the one-way assumption, the proposed CKDS is secure against impersonation and conspiracy attacks, and the unattended ones reveal no useful knowledge about the conference key. In addition, the proposed CKDS allows for user anonymity.
Conference Paper
When a group of people wants to communicate securely over an open network, they run a conference-key protocol to establish a common conference key K such that all their communications thereafter are encrypted with the key K. In this paper we propose a practical and provably secure fault-tolerant conference-key agreement protocol under the authenticated broadcast channel model. The adversary that attacks our protocol can be either active or passive. An active adversary (malicious participant) tries to disrupt establishment of a common conference key among the honest participants, while a passive adversary tries to learn the conference key by listening to the communication of participants. We show that a passive adversary gets no information (zero knowledge) about the conference key established by the honest participants under the assumption of a variant Diffie-Hellman decision problem. We also show that the honest participants can agree on a common conference key no matter how many participants are malicious.
Conference Paper
A fault-tolerant conference key distribution scheme based on mechanism of identity-based cryptography and (t,n) threshold secret sharing is proposed in this paper This scheme is much different to traditional ones, its secret shadows are not brought from the sponsor of conference, but from each server's private key signature. By getting together these n secret shadows, the sponsor can construct polynomial. Any of conferees invited by the sponsor can request these secret shadows from t of these n servers, and then restitute conference key by them. In all courses of conference key distribution and reconstruction, every member's identity can be easily validated, so it can be prevented from all kinds of cheat
Conference Paper
A conference key distribution system is a scheme to generate a conference key, and then to distribute this key to only participants attending at the conference in order to communicate with each other securely. In this paper, an efficient conference key distribution system is presented by employing a symmetric balanced incomplete block design(SBIBD), one class of block designs. Through techniques for creating a conference key and for performing authentication based on identification information, the communication protocol is designed. The protocol presented minimizes the message overhead for generating a conference key. In a special class of SBIBD the message overhead is O(vÖv)O(v\sqrt{v}), where v is the number of participants. The security of the protocol, which is a significant problem in the construction of secure system, can be proved as computationally difficult to calculate as factoring and discrete logarithms.
Conference Paper
A conference key distribution system is designed to establish a common secret key so that a group of people are able to hold a conference securely. However, the existing conference distribution schemes do not consider the situation that a user may be in a conference for only a period of time. If a user resigned from this session and premeditatedly eavesdropped on data transmissions, he could then also decrypt the data. Thus, all messages are likely to be compromised during the span of the system. In this paper, we propose a new conference key distribution scheme with re-keying protocol in which all conference keys in a conference are different for each time period. Our goal is to minimize the potential damages over a public network. Once the time period has elapsed the participants in a conference cannot access any messages with previously used common keys. Therefore, if a user resigns from a conference and premeditatedly eavesdrops on later messages, he cannot decrypt the message with his old keys. Moreover, in our proposed scheme, we do not require a chairman (or trusted center) and any interactive protocols among all participants in order to construct the common conference key for each time period. It can be easily implemented to a dynamic conference key distribution system because other participants’ information items of the system need not be immediately changed once a participant is added or deleted.
Article
A conference-key establishment protocol allows participants to construct a common session key that is used to encrypt/decrypt transmitted messages among the participants over an open channel. There are two kinds of conference-key establishment protocols: conference-key distribution and conference-key agreement. In a conference-key distribution protocol, a trusted or elected entity is responsible for generating and distributing the conference key. A conference-key agreement protocol involves all participants cooperatively establishing a conference key. This article designs a secure conference-key agreement protocol with constant round number and message size. Under the decision Diffie–Hellman problem assumption, the resulting protocol is demonstrated to be secure against passive adversaries. Under the random oracle model, the proposed protocol is demonstrated to be provable secure against impersonator attacks and withstand known-key attacks. Compared to previously proposed protocols with round-efficiency, the proposed protocol requires a constant message size for each participant. Furthermore, the proposed protocol possesses both fault tolerance and forward secrecy, while previously proposed protocols with round-efficiency lack one or both properties.
Conference Paper
The technology of digital conference has opened up a new area of research and application to computer networks in industry. It can be used in a board meeting, scientific discussion or in virtual classrooms, through the computers connected by IP networks. To protect conversations from eaves dropping common conference key agreement protocol is required. Conference key protocol secures the discussion session and data among multiple conferees engaged in common goal of communication. Numerous works have been carried out in providing secured conference, but most of the works concentrate on an efficient key exchange protocol to prevent malicious users to attempt to play the proxy role or delay or destruct the conference environment. This paper proposes a novel approach of unique dynamic ID based key exchange protocol which possesses the property of fault-tolerance secured session, dynamic ID key generation and key exchange methods.
Conference Paper
This paper describes a threshold multi conference-key distribution scheme based on a (t, n) secret sharing scheme. Whenever the number of participants from a. group is larger than or equal to a predetermined threshold value t, the legitimate participants can obtain the conference-keys after the reconstruction stage. In contrast to other conventional schemes such as those presented respectively by Shamir and Feldman where the necessary shares must be distributed secretly to the participants in the initialization stage, our proposed scheme relies on public-key infrastructure. In particular, the predetermined threshold can be modified easily without changing the predetermined conference keys. Furthermore, we show that our scheme is efficient and robust, and the passive and active adversaries neither gain information about the conference-key established by the honest participants nor disrupt conference-key establishment.
Article
When a group of people want to communicate securely over an open network, they run a conference-key protocol to establish a common conference key K such that all their communications thereafter are encrypted with the key K. In this paper, we propose a provably secure fault-tolerant conference-key agreement protocol under the authenticated broadcast channel model. We show that a passive adversary gets zero knowledge about the conference key established by the honest participants under the assumption of a variant Diffie-Hellman (1976) decision problem. We also show that the honest participants can agree on a common conference key no matter how many participants are malicious. Furthermore, we show that even if the broadcast channel is not authenticated, our protocol is secure against impersonators under the random oracle model
Article
Full-text available
Ever since 2-party Diffie-Hellman key exchange was first proposed in 1976, there have been efforts to extend its simplicity and elegance to a group setting. Notable solutions have been proposed by Ingemarsson et al. (in 1982) and Burmester/Desmedt (in 1994). In this paper, we consider a class of protocols that we call natural extensions of DiffieHellman to the n-party case. After demonstrating the security of the entire class based on the intractability of the Diffie-Hellman problem we introduce two novel and practical protocols and compare them to the previous results. We argue that our protocols are optimal with respect to certain aspects of protocol complexity. 1 Introduction It has been almost twenty years since Diffie-Hellman (DH) 2-party key exchange was first proposed in [1]. In the meantime, there have been many attempts to extend its elegance and simplicity to the group setting. The main motivating factor is the increasing popularity of various types of groupware application...
Article
Full-text available
"Reprinted with corrections, January 1983" Incluye bibliografía e índice
Article
A key management protocol has been described that will allow the Data Encryption Standard (DES) to be integrated into electronic data processing systems for the purpose of obtaining communication security and file security. Several cryptographic keys have been defined that allow the desired key management protocol to be achieved. They are: • Host master key (KMO) • First variant of the host master key (KM1) • Second variant of the host master key (KM2) • Terminal master key (KMT) • Secondary communication key (KNC) • Secondary file key (KNF) • Primary communication key, or session key (KS) • Primary file key, or file key (KF).
Conference Paper
At Crypto-87 conference, we proposed identity-based key distribution systems for generating a common secret conference key for two or more users. Protocols were shown for three configurations: a ring, a complete graph, and a star. Yacobi has made an impersonation attack on the protocols for the complete graph and star networks. This paper proposes improved identity-based key distribution protocols to counter his attack.
Article
Encryption is used in a communication system to safeguard information in the transmitted messages from anyone other than the intended receiver(s). To perform the encryption and decryption the transmitter and receiver(s) ought to have matching encryption and decryption keys. A clever way to generate these keys is to use the public key distribution system invented by Diffie and Hellman. That system, however, admits only one pair of communication stations to share a particular pair of encryption and decryption keys, The public key distribution system is generalized to a conference key distribution system (CKDS) which admits any group of stations to share the same encryption and decryption keys. The analysis reveals two important aspects of any conference key distribution system. One is the multitap resistance, which is a measure of the information security in the communication system. The other is the separation of the problem into two parts: the choice of a suitable symmetric function of the private keys and the choice of a suitable one-way mapping thereof. We have also shown how to use CKDS in connection with public key ciphers and an authorization scheme.
Article
An encryption method is presented with the novel property that publicly re- vealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: 1. Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. 2. A message can be \signed" using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed en- cryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in \electronic mail" and \electronic funds transfer" systems. A message is encrypted by representing it as a number M, raising M to a publicly specied
Article
An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n , of two large secret prime numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d = 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n .
Article
We propose an identity-based key distribution system to generate a common secret conference key for three or more users. Users are connected in a ring so that each user sends messages to the neighbouring user to generate a conference key. These messages are authenticated using each user's identification information.
Article
A key distribution system (KDS) based on identification information (ID-based KDS) is presented. The system is founded on the Diffie-Hellman public key distribution scheme and has an identity authentication function. It uses an individual user's identification information instead of the public file used in the Diffie-Hellman scheme. It does not require any services of a center to distribute work keys or users to keep directories of key-encrypting keys. Therefore, key management in cryptosystems can be simplified by adopting the ID-based KDS. Two kinds of identity-based key distribution system are proposed and applied to actual communication networks. One uses two-way (interactive) communication to distribute work keys, while the other uses one-way communication. Modular exponentiations of large numbers, used in the systems, are implemented with digital signal processors.
Article
A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.
Article
Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Identity-based cryptosystems and signature schemes
  • A Shamir