A suite of algorithms for key distribution and authentication in centralized secure multicast environments

J.A.M. Naranjo, N. Antequera, L.G. Casado, J.A. López-Ramos
2012 Journal of Computational and Applied Mathematics  
The Extended Euclidean algorithm provides a fast solution to the problem of finding the greatest common divisor of two numbers. In this paper, we present three applications of the algorithm to the security and privacy field. The first one allows one to privately distribute a secret to a set of recipients with only one multicast communication. It can be used for rekeying purposes in a Secure Multicast scenario. The second one is an authentication mechanism to be used in environments in which a
more » ... blic-key infrastructure is not available. Finally, the third application of the Extended Euclidean algorithm is a zeroknowledge proof that reduces the number of messages between the two parts involved, with the aid of a central server. 3043 therefore being able to cope with smaller audiences than their distributed alternatives. On the other hand, key management is more complex in a distributed approach, usually involving entities that act as local subservers and manage subgroups of users, and requiring full or partial data re-encryption in some cases. Given that the scheme proposed in this paper belongs to the first kind, the following paragraphs review some well known centralized previous solutions. RFC 2627 [1] presents some approaches to the problem. Among all, the Hierarchical Tree Approach (HTA) is the recommended option. It uses a logical tree arrangement of the users in order to facilitate key distribution. The benefit of this idea is that the storage requirement for each client and the number of transmissions required for key renewal are both logarithmic in the number of members. Contemporary to HTA, the LKH (Local Key Hierarchy) scheme [2] is very similar in its tree approach. Its novelty relies on the proposal of three different rekeying strategies: user-oriented, which uses many short messages for a rekeying operation, key-oriented, which broadcasts more messages at a lower computational cost, and group-oriented, which employs one sole message of larger size. The LKH scheme is one of the most popular and widely used [3] . An extension to the latter, LKH++, is presented in [4] with wireless networks as target. The authors combine the fact that many auxiliary keys are shared among users in LKH with a hash function thus allowing users to derive new encryption keys by themselves with little input information from the key server. One-way function trees (OFT) [5] are an extension to the hierarchical tree approach. A key tree is also used, but in this case every internal key is built depending on its two descendant keys: both descendants are blinded by means of a one-way function and the results are wired to the input of a mixing function. The tree, therefore, is built on a bottom-top fashion. Members, placed at the leaves, know their own key, the keys in the path to the root and the blinded sibling keys of the path. Thanks to that, the amount of information needed by a member to recompute the whole path of keys to the root is smaller and rekeying messages are shorter (approximately half of HTA's). The ELK protocol [6] is an improvement of HTA. It is similar to OFT in the sense that intermediate keys are generated from its children, but pseudo-random functions (PRFs) are used rather than one-way functions. Thanks to PRFs and to timely rekeying no broadcast of information is needed in join events (only unicast messages for tree maintenance). Additionally, ELK addresses message loss tolerance by introducing the concept of hints: small pieces of information attached to broadcast data packets that allow one to recover lost rekey information. A similar approach is adopted by the SKD scheme [7]: that users be able to predict new keys upon a rekeying operation with the least possible amount of information from the key server. SKD combines encryption and one-way functions. The Secure Lock solution is proposed in [8] . The authors take a computational approach to the problem rather than a tree arrangement. It is based on the Chinese Remainder Theorem, its main drawback being the inefficient computations required at the key server side on each rekey operation: the computation time needed quickly becomes excessive when the number of members grows [9] . In [10], a divide-and-conquer extension to Secure Lock is proposed. It combines the Hierarchical Tree Approach and the Secure Lock: members are arranged in a HTA fashion, but Secure Lock is used to refresh keys on each tree level. Therefore, the number of computations required by Secure Lock is reduced. An IETF Working Group, MSEC [11], is currently working in a set of protocols to standardize secure multicast. They are focusing, in an initial stage, in IP-layer centralized multicast, assuming the presence of groups and a single trusted entity in each one. These technologies make a good job assuring privacy and (in most cases) an efficient key refreshment. However, they do not cover other aspects such as authentication or trust among peers. This paper presents a secure multicast solution for centralized scenarios that provides:
doi:10.1016/j.cam.2011.02.015 fatcat:6w77isagzzgoroabysseyztfia