Int. j. inf. tecnol. https://doi.org/10.1007/s41870-018-0140-1

ORIGINAL RESEARCH

Polynomial based non-interactive session key computation protocol for secure communication in dynamic groups Vinod Kumar1 • Rajendra Kumar2 • S. K. Pandey3

Received: 11 September 2017 / Accepted: 2 April 2018  Bharati Vidyapeeth’s Institute of Computer Applications and Management 2018

Abstract In today’s world, security is the main issue in all type of communication systems. Secure group communication is that where some members out of ‘n’, have the privilege to access the data of a particular group. The non interactive key computation for secure communication in dynamic groups is a main challenging issue. In the dynamic groups, the group size is not fixed, as the members may leave or join the group anytime. The non interactivity of the group communication says that there will not be any exchange of the keys among the group members. In this paper, we proposed a polynomial based non-interactive session key computation protocol for secure communication in dynamic groups. In the proposed protocol, the polynomial is constructed in such a way that it may be used as a generalized polynomial for ‘n’ members and may be reformed every time by the server whenever there is any change in the group membership. In addition, the security of the polynomial session key depends on the value of coefficients of the variables in polynomial. In comparison with various existing protocols our proposed protocol is efficient in terms of computation, storage and communication complexities. The graphical results shows that the no. of rounds, no. of messages passed and total no. of exponentiations are completely reduced in our protocol.

& Vinod Kumar [email protected] 1

Department of I.T, Centre for Development of Advanced Computing, Noida, India

2

Department of Computer Science, Jamia Millia Islamia, New Delhi, India

3

Department of Electronics and Information Technology, Ministry of Communication and Information Technology, New Delhi, India

Keywords Group communication  Dynamic systems  Non-interactive  Polynomial session key

1 Introduction With the growing popularity of the Internet in almost every field of the world, there is a need of secure communication in many applications likes scientific discussions, defence meetings, pay per view etc. [1–13]. Diffie–Hellman algorithm came up with the generation of session key for two parties and communication can be established using the generated session symmetric key [1]. In group communication, there may be two scenarios: one is when all the users present in the group are participate in the communication and another one is when out of ‘n’ people, only ‘t’ members are participate in communication where t  n [2]. These ‘t’ members out of ‘n’ can form the group to participate in the group communication where other n - t members should not have the privilege to access the data of the group. The people outside the secure group are not having the access to the data of the group. Therefore, only privilege members can access the communication on common concern and groups can be formed on the basis of common concern discussions. To provide this functionality, it is highly needed to find a new technique to generate a common session key for privilege members to establish the Secure Group Communication or Secure MultiConferencing. An approach for group communication proposed by Steiner [3] based on Diffie–Hellman algorithm known as interactive group key computation in which the member interaction is required to generate the new session key whenever there is any change in the group membership. A group key is maintained for establishing the

123

Int. j. inf. tecnol.

communication among the group members. This is the common group key using which a user of a particular group encrypts the data and send to the other users. The users which are having same group key will decrypt the data to access. The size of the group may be varying for communication. This feature makes the communication as the dynamic group communication. The users present in the group at one time can leave the group at anytime and the new users can join the group in between the communication. Whenever there is a change in the group, the group key should be redistributed to all the previous group users, so to keep the Forward Secrecy and Backward Secrecy [4]. Forward Secrecy is a technique which prevents the departed user to access the future communications. Backward Secrecy is a technique which prevents newly joining users to read the previous communications prior to his/her joining in the group. Another characteristic for group communication schemes is whether these are interactive or non-interactive. In interactive schemes the users are occupied in a protocol, before the actual use of the common key and in non-interactive schemes, the keys are generated secretly by the users at their own site. Whenever there is a change in the group size, the key exchange would not take place among the users in non-interactive communication schemes [5]. In a group communication framework, an enemy user may try to spy or intrude the communication of the group. This intruder may be an inside user (member among the n users but not a member of any group) or an outsider (member other than those n people). The security of the group key management protocol is decided by the no. of the malicious parties called ‘k’ (k ? t B n). These ‘k’ users are the non privileged members. Several group key generation schemes have been proposed. Most of the schemes involved a single entity called Key Distribution Centre (KDC), which is responsible for generating and distributing the group key to the members of the secure group. The KDC will keep the initial private values of the users and compute the group key using the private values accordingly, based on the users who are going to create a secure group. The KDC will send the group key to group users with some missing information. The users will in turn compute the complete group key on their site non-interactively. Since the key computation is non-interactive, there is no need to authenticate the users every time they start the communication. The rest of the paper is organized as follows: Sect. 2 gives the survey of many relevant session key generation approaches for secure group communication. Proposed NISKC protocol is presented in Sect. 3. Section 4 presents working numerical example to generate the symmetric session key. The comparison with related work is presented in Sect. 5. Finally, the paper ends up with conclusion in Sect. 6.

123

2 A brief survey of related work There are many symmetric session key generation approaches for secure group communications existing in the literature [1–5]. In most of existing approaches, the no. of rounds, messages passed and exponentiation operations are very high because these schemes focused only on security. In order to deal with these issues, it is necessary to analyze the various approaches available in the literature. The review of some well known symmetric session approaches is presented as follows. Diffie and Hellman [1] proposed a protocol to create a symmetric session key for two parties without KDC. For establishing a symmetric key, the both parties need to share two public parameters g and n. In addition, both parties select its own secret parameters and compute partial session key at own side. After computed partial session both parties have to exchange it and compute the symmetric session key by their secret parameters. However, the scheme is applicable for the communication between only two parties. In addition, the scheme is susceptible to manin-middle attack and discrete logarithm attack. Kalaiselvi and JabeenBegum [2] proposed a method for secure group communication using non-interactive key computation in multiparty key agreement. In this scheme, the authentication is applied on the broadcast encryption which allows all the group members to send and receive data simultaneously. This scheme is secure against collusion attack of equal or greater than k malicious members. In this scheme, the same information for key computation as well as for authentication is used and no additional storage is required at the member’s side. However, every time the construction of polynomial is difficult to change when the group size changes. Steiner et al. [3] proposed three variations of group key distribution methods based on Diffie–Hellman key exchange protocol namely GDH 1, GDH 2 and GDH 3. The authors have given the natural extensions of Diffie– Hellman key exchange protocol to n-party scenario and have shown that the security of a general n-part protocol is same as the security of original 2-party protocol. However, Group Diffie–Hellman Key Distribution protocol is an interactive protocol. Kumar et al. [4] explore man-in-themiddle attack(MIMA) in two party Diffie–Hellman(DH) key exchange protocol and analyze countermeasures against the attack. This scheme provides solution of MIMA in 2-Party Diffie–Hellman key exchange protocol. However, it is applicable for exchanging the session key between two parties. Blundo et al. [5] proposed a key distribution scheme for conferences based on k-degree polynomial share, which is used to create the group key in non interactive manner. In this scheme, the size of the

Int. j. inf. tecnol.

group is fixed and any group of users of a given size is able to compute a group key. If there are ‘n’ users then ‘n’ number of variables will be used for creating the polynomial function. The degree ‘k’ is the measure of security, if ‘k’ is large then there will be fewer chances to compromise the polynomial function. However, due to fixed size of the group in the scheme, the session key cannot be computed for variable size of the group. Okamoto and Tanaka [13] proposed an identification information based key distribution protocol. This protocol is founded on Diffie–Hellman key exchange protocol and does not require any KDC to distribute the keys. In this scheme, a card issuer center is needed when starting up a network. The center can be closed after it has distributed cards to all members. An individual member need not maintain a key encryption keys (KEK’s) directory or a public key directory. However, this scheme is interactive in nature as no third party server regularly distributes the keys and members share the keys directly with each other. The proposed protocol is efficient in many ways; first it requires only one round as well as only one message is passed to group members to generate the symmetric session key. Second the members themselves can generate the session key non-interactively. Moreover, the no. of exponentiations require to generate the key are completely reduced.

3 Proposed NISKC protocol In this section, we present the session key computation method for non-interactive and dynamic group communication. The members provide self decided initial private key values to the server when they register themselves. They keep those private values with themselves for future when they compute the session key at their end. The server stores these values for all the members for the session key computation. We assumed here a trusted-server (KDC) which is active every time whenever a group is formed and whenever there is a change in the group so as to re-compute the session key. In group-oriented multicast applications, there may be ‘n’ number of members in the system, out of which ‘t’ members can form a secure group in order to discuss over a common concern. These ‘t’ members are termed as privileged members or authorized members. The trusted server generates a polynomial Pðx1 x2    xn Þ of degree ‘k’ with ‘n’ variables as given in Eq. (1). To each member Mi i = 1, 2, 3, …, n in the system, trusted server computes the share of polynomial by putting the private key values of the members in its variables. Next, the trusted server distributes these polynomial shares to each interested member

securely (total interested members ‘t’ will form a secure group) (Fig. 1). The generated polynomial is the fixed polynomial for n members so, these ‘n’ members can create common session key by putting private values of them in their polynomial share. Any group member who wants to communicate with other members will send a request to the server; the server then puts the same request to other members and collects their responses. The server puts the private values of willing members in the polynomial and sends to the requesting members which in turn put his/her own private value to create a common session key. The server send the same polynomial to all other willing members with the private value of requesting members and they also put their private value to create the session key. The proposed protocol is based on k-degree polynomial share which is used to create a symmetric session key. If there are ‘n’ members, then ‘n’ variables are used to create the polynomial function. Let Pðx1 x2    xn Þ denotes the polynomial function. The general form of the polynomial is represented as Pðx1 x2    xn Þ ¼

k X k X i1 ¼1 i2 ¼1



k X

faði1 i2    in Þðx1 Þi1 ðx2 Þi2 ðx3 Þi3    ðxn Þin g:

in ¼1

ð1Þ The server computes the symmetric polynomial in n variables of degree k with coefficients over Zp where p [ n and a(i1i2in) are the coefficients for different terms of polynomial. The variables x1, x2, x3 … xn are the private values of the group members M1 ; M2    Mn respectively. The server distributes this polynomial share to all the interested members but not in exact form i.e. the server will send the polynomial to member Mi without putting the private value xi. All the members then compute the session key at their ends after inserting the private value of them in the received polynomial. The key computation will take place at the member’s place without the intervention of the other members, proving the non interactivity of the communication. Whenever there will be any change in the group, the server will re-compute the session key and send to the updated group members keeping the forward secrecy and backward secrecy. 3.1 Member joining When any new member want to join the group, the server just provide a partial key which is the private value of that member which will be used for generating group key. No sharing of key among the group members occur by joining of any new member in the group.

123

Int. j. inf. tecnol. Fig. 1 A group of n users with a trusted server

3.2 Member leaving When any member wants to leaves the group, the server just vanish out its partial key value and updates the identification list of members.

first two members and constant 1 in place of others to nullify the effect of non interested members. The final polynomial is represented as P ¼ að111Þ ðx11  x12  1Þ þ að111Þ ðx11  x12  1Þ þ að111Þ ðx11  x12  1Þ þ að121Þ ðx11  x22  1Þ þ að121Þ ðx11  x22  1Þ þ að121Þ ðx11  x22  1Þ þ að131Þ ðx11  x32  1Þ þ að131Þ ðx11  x32  1Þ þ að131Þ ðx11  x32  1Þ

4 Working example For the sample the group size is n = 3, members who want to communicate in group on common concern are t = 2, and the degree of polynomial is k = 3. Then total combinations of polynomial terms will be: P¼

þ að221Þ ðx21  x22  1Þ þ að221Þ ðx21  x22  1Þ þ að221Þ ðx21  x22  1Þ þ að231Þ ðx21  x32  1Þ þ að231Þ ðx21  x32  1Þ þ að231Þ ðx21  x32  1Þ þ að311Þ ðx31  x12  1Þ þ að311Þ ðx31  x12  1Þ þ að311Þ ðx31  x12  1Þ þ að321Þ ðx31  x22  1Þ þ að321Þ ðx31  x22  1Þ þ að321Þ ðx31  x22  1Þ þ að331Þ ðx31  x32  1Þ þ að331Þ ðx31  x32  1Þ þ að331Þ ðx31  x32  1Þ:

að111Þ ðx11 þ þ þ þ þ þ þ þ

 x12  x13 Þ þ að112Þ ðx11  x12  x23 Þ þ að113Þ ðx11  x12  x33 Þ að121Þ ðx11  x22  x13 Þ þ að122Þ ðx11  x22  x23 Þ þ að123Þ ðx11  x22  x33 Þ að131Þ ðx11  x32  x13 Þ þ að132Þ ðx11  x32  x23 Þ þ að133Þ ðx11  x32  x33 Þ að211Þ ðx21  x12  x13 Þ þ að212Þ ðx21  x12  x23 Þ þ að213Þ ðx21  x12  x33 Þ að221Þ ðx21  x22  x13 Þ þ að222Þ ðx21  x22  x23 Þ þ að223Þ ðx21  x22  x33 Þ að231Þ ðx21  x32  x13 Þ þ að232Þ ðx21  x32  x23 Þ þ að233Þ ðx21 x32 x33 Þ að311Þ ðx11 x12 x13 Þ þ að312Þ ðx11 x12 x13 Þ þ að313Þ ðx11 x12 x13 Þ að321Þ ðx11 x12 x13 Þ þ að322Þ ðx11 x12 x13 Þ þ að323Þ ðx11 x12 x13 Þ að331Þ ðx11 x12 x13 Þ þ að332Þ ðx11 x12 x13 Þ þ að333Þ ðx11 x12 x13 Þ:

þ að211Þ ðx21  x12  1Þ þ að211Þ ðx21  x12  1Þ þ að211Þ ðx21  x12  1Þ

The coefficients a’s values are from the set Zp where p [ n and the variables x1, x2 and x3 are the private key values of the member M1 ; member M2 and member M3 respectively. Now if only two members are interested to form a group and t = 2. The server will compute the polynomial key by putting the private key values of only

123

By making the combinations of the total terms and ignoring the repeating terms, the final polynomial is represented as P ¼ að111Þ ðx11  x12  1Þ þ að121Þ ðx11  x22  1Þ þ að131Þ ðx11  x32  1Þ þ að211Þ ðx21  x12  1Þ þ að221Þ ðx21  x22  1Þ þ að231Þ ðx21  x32  1Þ þ að311Þ ðx31  x12  1Þ þ að321Þ ðx31  x22  1Þ þ að331Þ ðx31  x32  1Þ:

The server randomly chooses the values of coefficients from Zp where p [ n. For simplicity we have assumed that all coefficients value is 1 and we take x1 = 2 and x2 = 3. The session key can be computed as P ¼ 1  21  31 þ 1  2 1  32 þ 1  2 1  33 þ 1  22  31 þ 1  22  32 þ 1  22  33 þ 1  23  31 þ 1  23  32 þ 1  23  33 ¼ 546:

Int. j. inf. tecnol. Table 1 Comparison of proposed NISKC protocol with key computation parameters Protocols

No. of rounds

Total messages passed

Total exponentiations

Storage cost (member)

DH key

Dynamicity

Non interactivity

CKDS

n-1

n(n - 1)

n

n-1

Yes

No

No

BD

2n - 1

2n - 1

n(n ? 1)

n-1

Yes

No

No

GDH.1

2(n - 1)

2(n - 1)

1

n-1

Yes

No

No

GDH.2

n

n

nðnþ3Þ 2 nðnþ3Þ 2

1

n-1

Yes

No

No

GDH.3

n?1

2n - 1

5n - 6

n-1

Yes

No

No

NISKC (proposed protocol)

1

1

0

1

No

Yes

Yes

The server will send the polynomial share to member M1 without ‘x1’ (member M1 private key value) and to member M2 without ‘x2’ (member M2 private key value). The member M1 will receive: P ¼ 1  x11  31 þ 1  x11  32 þ 1  x11  33 þ 1  x21  31 þ 1  x21  32 þ 1  x21  33 þ 1  x31  31 þ 1  x31  32 þ 1  x31  33 :

After inserting the value of ‘x1’ (the polynomial key = 546. The member M2 will receive:

generating the session key for various group sizes. From Fig. 2 it is observed that our NISKC protocol completely reduced no. rounds required for generating the session key as compare to other existing protocols. Figure 3 shows the no. of message passed and it is observed that our NISKC protocol required only single message to generate the session key. Figure 4 shows the no. of exponentiation operations required by proposed NISKC protocol and existing protocols and it is observed that the proposed protocol completely reduced the no. of exponentiation operations.

P ¼ 1  21  x12 þ 1  21  x22 þ 1  21  x32 þ 1  22  x12 þ 1  22  x22 þ 1  22  x32 þ 1  23  x12 þ 1  23  x22 þ 1  23  x32 :

After inserting the value of ‘x2’, the polynomial key = 546. The member M1 and member M2 will put their private values at the unknown variable space and will form the polynomial session key at their own place without interacting with the other people in communication. Using this symmetric session key both members can start communication and whenever there is any change in the size of the group, the server will re-compute the session key.

5 Comparison with related work This section provides comparative analysis of proposed NISKC protocol with various existing similar protocols. In Table 1, we compare some parameters required for session key computation such as no. of rounds between server and users or among the users, information passing and no. of exponential operations required. We compare proposed NISKC with existing CKDS [7], BD [11], GDH.1 [3], GDH.2 [3] and GDH.3 [3] protocols. Figures 2, 3 and 4 are shows the graphical results for the comparison of session key computation parameters like no. of rounds, message passed and exponentiation operations required. Figure 2 shows the no. of rounds required for

Fig. 2 No. of rounds required with respect to various group sizes

Fig. 3 No. of messages passed with respect to various group sizes

123

Int. j. inf. tecnol.

Fig. 4 No. of exponentiations required for various group sizes

6 Conclusion In this paper we proposed a new polynomial based noninteractive key computation protocol for secure group communication in dynamic groups. The server generates a polynomial for the members who want to participate in the group. It provides the security of the session key from the other members who are not the members of the group. The members may join or leave the group at any time of the communication and the updated session key is computed by members itself without interaction amongst the group members. In comparison with other existing protocols our proposed protocol completely reduced the no. of rounds, no. of message passed and exponentiation operations required for generating the symmetric session key.

References 1. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6):644–654

123

2. Kalaiselvi S, JabeenBegum S (2008) A secure group communication using non-interactive key computation in multiparty key agreement. In: International conference on computing, communication and networking, 2008. ICCCn 2008. IEEE, New York, pp 1–6 3. Steiner M, Tsudik G, Waidner M (1996) Diffie–Hellman key distribution extended to group communication. In: Proceedings of the 3rd ACM conference on computer and communications security. ACM, New York, pp 31–37 4. Kumar CK, Jose GJA, Sajeev C, Suyambulingom C (2006) Safety measures against man-in-the-middle attack in key exchange. ARPN J Eng Appl Sci 7(2):243–246 5. Blundo C, De Santis A, Herzberg A, Kutten S, Vaccaro U, Yung M (1998) Perfectly secure key distribution for dynamic conferences. Inf Comput 146(1):1–23 6. Geetha BT, Srinath MV, Perumal V (2014) Group communication using a dynamic key generation protocol. Int J Adv Res Comp Sci Manag Stud 2(6):1–7 7. Ingemarsson I, Tang D, Wong C (1982) A conference key distribution system. IEEE Trans Inf Theory 28(5):714–720 8. Lv C, Ma M, Li H, Ma J, Zhang Y (2013) An novel three-party authenticated key exchange protocol using one-time key. J Netw Comput Appl 36(1):498–503 9. Tomar AS, Jaidhar CD, Tapaswi S (2012) Secure session key generation technique for group communication. Int J Inf Electron Eng 2(5):831 10. Aparna R, Amberker BB (2008) Authenticated secure group communication using broadcast encryption key computation. In: Fifth international conference on information technology: new generations, 2008. ITNG 2008. IEEE, New York, pp 348–353 11. Burmester M, Desmedt Y (1994) A secure and efficient conference key distribution system. In: Workshop on the theory and application of cryptographic techniques. Springer, Berlin, pp 275–286 12. Aparna R, Amberker BB (2007) Dynamic authenticated secure group communication. World Acad Sci Eng Technol 34:359–362 13. Okamoto E, Tanaka K (1989) Key distribution system based on identification information. IEEE J Sel Areas Commun 7(4):481–485