Pitfalls in a server-aided authenticated group key establishment

详细信息    查看全文

• 作者：Marí ; a Isabel Gonzá ; lez Vasco ; ^a ; ^{mariaisabel.vasco@urjc.es" class="auth_mail" title="E-mail the corresponding author} ; ^{mariaisabel.vasco@urjc.es" class="auth_mail" title="E-mail the corresponding author} ; Angel L. Pé ; rez del Pozo^a ; ^{angel.perez@urjc.es" class="auth_mail" title="E-mail the corresponding author} ; Adriana Suá ; rez Corona^b ; ^{asuac@unileon.es" class="auth_mail" title="E-mail the corresponding author}
• 关键词：Provable secure group key agreement ; Certificateless signatures ; Cryptanalysis ; Server-aided key exchange
• 刊名：Information Sciences
• 出版年：2016
• 出版时间：1 October 2016
• 年：2016
• 卷：363
• 期：Complete
• 页码：1-7
• 全文大小：447 K

文摘

In this paper, we present a cryptanalysis of a recently proposed server-aided group key agreement scheme by Sun et al. This proposal is designed for mobile environments, in which a group of users aim at establishing a common secret key with the help of a semi-trusted server. At this, authentication is achieved using certificateless public key cryptography. We evidence that the scheme does not achieve forward secrecy, is vulnerable to a known session attack (that can, for instance, be mounted by a semi-honest server) and is not (as claimed by the authors) contributory. Further security hardships in more restricted models (i.e. in which stronger corruptions are allowed) are also discussed.