SECURE KEY AGREEMENT AND AUTHENTICATION PROTOCOLS

Abstract

We consider several distributed collaborative key agreement and authentication protocols for dynamic peer groups. There are several important characteristics which make this problem different from traditional secure group communication. They are: 1) Distributed nature in which there is no centralized key server; 2) Collaborative nature in which the group key is contributory (i.e., each group member will collaboratively contribute its part to the global group key); and 3) Dynamic nature in which existing members may leave the group while new members may join. Instead of performing individual rekeying operations, i.e. recomputing the group key after every join or leave request, we discuss an interval-based approach of rekeying. We consider three intervalbased distributed rekeying algorithms, or interval-based algorithms for short, for updating the group key: 1) the Rebuild algorithm; 2) the Batch algorithm; and 3) the Queue-batch algorithm. Performance of these three interval-based algorithms under different settings, such as different join and leave probabilities, is analyzed. We show that the interval-based algorithms significantly outperform the individual rekeying approach and that the Queue-batch algorithm performs the best among the three interval-based algorithms. More importantly, the Queue-batch algorithm can substantially reduce the computation and communication workload in a highly dynamic environment. We further enhance the interval-based algorithms in two aspects: authentication and implementation. Authentication focuses on the security improvement, while implementation realizes the interval-based algorithms in real network settings. Our work provides a fundamental understanding about establishing a group key via a distributed and collaborative approach for a dynamic peer group.