The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dans cet article, nous proposons le premier protocole de distribution dynamique de clés multicast (ID-DMKD) basé sur l'identité qui est sécurisé contre une exposition maximale d'informations secrètes (par exemple, les clés secrètes et le caractère aléatoire spécifique à la session). Dans les protocoles DMKD, les utilisateurs partagent une clé de session commune sans révéler aucune information sur la clé de session au serveur semi-honnête, et peuvent rejoindre/quitter le groupe à tout moment, même après avoir établi la clé de session. La plupart des protocoles DMKD connus ne sont pas sécurisés si certaines informations secrètes sont exposées. Récemment, un protocole DMKD résistant à l'exposition a été introduit, cependant, chaque utilisateur doit gérer son certificat en utilisant l'infrastructure à clé publique. Nous résolvons ce problème en construisant le protocole DMKD authentifié par l'identifiant de l'utilisateur (c'est-à-dire sans certificat). Nous introduisons une définition formelle de sécurité pour ID-DMKD en étendant la définition précédente pour DMKD. Nous devons soigneusement considérer l'exposition de la clé secrète statique du serveur dans le paramètre ID-DMKD, car l'exposition de la clé secrète statique du serveur entraîne l'exposition des clés secrètes statiques de tous les utilisateurs. Nous prouvons que notre protocole est sécurisé dans notre modèle de sécurité dans le modèle standard. Un autre avantage de notre protocole est l'évolutivité : les coûts de communication et de calcul de chaque utilisateur sont indépendants du nombre d'utilisateurs. De plus, nous montrons comment étendre notre protocole pour obtenir une jointure non interactive en utilisant un cryptage sans certificat. Une telle extension est utile dans les applications que les membres du groupe modifient fréquemment, comme les services de discussion de groupe.
Kazuki YONEYAMA
Ibaraki University
Reo YOSHIDA
NTT Secure Platform Laboratories
Yuto KAWAHARA
NTT Secure Platform Laboratories
Tetsutaro KOBAYASHI
NTT Secure Platform Laboratories
Hitoshi FUJI
NTT Secure Platform Laboratories
Tomohide YAMAMOTO
NTT Secure Platform Laboratories
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
Kazuki YONEYAMA, Reo YOSHIDA, Yuto KAWAHARA, Tetsutaro KOBAYASHI, Hitoshi FUJI, Tomohide YAMAMOTO, "Exposure-Resilient Identity-Based Dynamic Multi-Cast Key Distribution" in IEICE TRANSACTIONS on Fundamentals,
vol. E101-A, no. 6, pp. 929-944, June 2018, doi: 10.1587/transfun.E101.A.929.
Abstract: In this paper, we propose the first identity-based dynamic multi-cast key distribution (ID-DMKD) protocol which is secure against maximum exposure of secret information (e.g., secret keys and session-specific randomness). In DMKD protocols, users share a common session key without revealing any information of the session key to the semi-honest server, and can join/leave to/from the group at any time even after establishing the session key. Most of the known DMKD protocols are insecure if some secret information is exposed. Recently, an exposure resilient DMKD protocol was introduced, however, each user must manage his/her certificate by using the public-key infrastructure. We solve this problem by constructing the DMKD protocol authenticated by user's ID (i.e., without certificate). We introduce a formal security definition for ID-DMKD by extending the previous definition for DMKD. We must carefully consider exposure of the server's static secret key in the ID-DMKD setting because exposure of the server's static secret key causes exposure of all users' static secret keys. We prove that our protocol is secure in our security model in the standard model. Another advantage of our protocol is scalability: communication and computation costs of each user are independent from the number of users. Furthermore, we show how to extend our protocol to achieve non-interactive join by using certificateless encryption. Such an extension is useful in applications that the group members frequently change like group chat services.
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E101.A.929/_p
Copier
@ARTICLE{e101-a_6_929,
author={Kazuki YONEYAMA, Reo YOSHIDA, Yuto KAWAHARA, Tetsutaro KOBAYASHI, Hitoshi FUJI, Tomohide YAMAMOTO, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Exposure-Resilient Identity-Based Dynamic Multi-Cast Key Distribution},
year={2018},
volume={E101-A},
number={6},
pages={929-944},
abstract={In this paper, we propose the first identity-based dynamic multi-cast key distribution (ID-DMKD) protocol which is secure against maximum exposure of secret information (e.g., secret keys and session-specific randomness). In DMKD protocols, users share a common session key without revealing any information of the session key to the semi-honest server, and can join/leave to/from the group at any time even after establishing the session key. Most of the known DMKD protocols are insecure if some secret information is exposed. Recently, an exposure resilient DMKD protocol was introduced, however, each user must manage his/her certificate by using the public-key infrastructure. We solve this problem by constructing the DMKD protocol authenticated by user's ID (i.e., without certificate). We introduce a formal security definition for ID-DMKD by extending the previous definition for DMKD. We must carefully consider exposure of the server's static secret key in the ID-DMKD setting because exposure of the server's static secret key causes exposure of all users' static secret keys. We prove that our protocol is secure in our security model in the standard model. Another advantage of our protocol is scalability: communication and computation costs of each user are independent from the number of users. Furthermore, we show how to extend our protocol to achieve non-interactive join by using certificateless encryption. Such an extension is useful in applications that the group members frequently change like group chat services.},
keywords={},
doi={10.1587/transfun.E101.A.929},
ISSN={1745-1337},
month={June},}
Copier
TY - JOUR
TI - Exposure-Resilient Identity-Based Dynamic Multi-Cast Key Distribution
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 929
EP - 944
AU - Kazuki YONEYAMA
AU - Reo YOSHIDA
AU - Yuto KAWAHARA
AU - Tetsutaro KOBAYASHI
AU - Hitoshi FUJI
AU - Tomohide YAMAMOTO
PY - 2018
DO - 10.1587/transfun.E101.A.929
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E101-A
IS - 6
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - June 2018
AB - In this paper, we propose the first identity-based dynamic multi-cast key distribution (ID-DMKD) protocol which is secure against maximum exposure of secret information (e.g., secret keys and session-specific randomness). In DMKD protocols, users share a common session key without revealing any information of the session key to the semi-honest server, and can join/leave to/from the group at any time even after establishing the session key. Most of the known DMKD protocols are insecure if some secret information is exposed. Recently, an exposure resilient DMKD protocol was introduced, however, each user must manage his/her certificate by using the public-key infrastructure. We solve this problem by constructing the DMKD protocol authenticated by user's ID (i.e., without certificate). We introduce a formal security definition for ID-DMKD by extending the previous definition for DMKD. We must carefully consider exposure of the server's static secret key in the ID-DMKD setting because exposure of the server's static secret key causes exposure of all users' static secret keys. We prove that our protocol is secure in our security model in the standard model. Another advantage of our protocol is scalability: communication and computation costs of each user are independent from the number of users. Furthermore, we show how to extend our protocol to achieve non-interactive join by using certificateless encryption. Such an extension is useful in applications that the group members frequently change like group chat services.
ER -