ABSTRACT:
Group key exchange protocols allow a group of parties communicating over a public network to come up with a common secret key called a session key. Due to their critical role in building secure multicast channels, a number of group key exchange protocols have been suggested over the years for a variety of settings. Among these is the ID-based group key exchange protocol proposed by Yang and Shieh in 2001. In this paper, we revisit the Yang-Shieh ID-based protocol and conduct a security analysis on the protocol. The consequence of our analysis is that the Yang-Shieh protocol fails to achieve its basic goal of securely establishing a session key among the intended parties. This is shown via a collusion attack on the protocol. We also show how to fix the security problem with the protocol.
This work was supported by the Korean Ministry of Information and Communication under the Information Technology Research Center (ITRC) support program supervised by the Institute of Information Technology Assessment (IITA).
