Research Article
Enhanced Access Polynomial Based Self-healing Key Distribution
@INPROCEEDINGS{10.1007/978-3-642-11526-4_2, author={Ratna Dutta and Sourav Mukhopadhyay and Tom Dowling}, title={Enhanced Access Polynomial Based Self-healing Key Distribution}, proceedings={Security in Emerging Wireless Communication and Networking Systems. First International ICST Workshop, SEWCN 2009, Athens, Greece, September 14, 2009, Revised Selected Papers}, proceedings_a={SEWCN}, year={2012}, month={5}, keywords={session key distribution self-healing computational security forward and backward secrecy}, doi={10.1007/978-3-642-11526-4_2} }
- Ratna Dutta
Sourav Mukhopadhyay
Tom Dowling
Year: 2012
Enhanced Access Polynomial Based Self-healing Key Distribution
SEWCN
Springer
DOI: 10.1007/978-3-642-11526-4_2
Abstract
A fundamental concern of any secure group communication system is that of key management. Wireless environments create new key management problems and requirements to solve these problems. One such core requirement in these emerging networks is that of self-healing. In systems where users can be offline and miss updates self healing allows a user to recover lost keys and get back into the secure communication without putting extra burden on the group manager. Clearly self healing must be only available to authorized users and this creates more challenges in that we must ensure unauthorized or revoked users cannot, themselves or by means of collusion, avail of self healing. To this end we enhance the one-way key chain based self-healing key distribution of Dutta by introducing a collusion resistance property between the revoked users and the newly joined users. Our scheme is based on the concept of access polynomials. These can be loosely thought of as white lists of authorized users as opposed to the more widely used revocation polynomials or black lists of revoked users. We also allow each user a pre-arranged life cycle distributed by the group manager. Our scheme provides better efficiency in terms of storage, and the communication and computation costs do not increase as the number of sessions grows as compared to most current schemes. We analyze our scheme in an appropriate security model and prove that the proposed scheme is computationally secure and not only achieving forward and backward secrecy, but also resisting collusion between the new joined users and the revoked users. Unlike most existing schemes the new scheme allows temporary revocation. Also unlike existing schemes, our construction does not collapse if the number of revoked users crosses a threshold value. This feature increases resilience against revocation based denial of service (DOS) attacks and thus improves availability of communication channel.