Ruxandra F. Olimid

On the security of an authenticated group key transfer protocol based on secret sharing

Group key transfer protocols allow multiple parties to share a common secret key. They rely on a mutually trusted key generation center (KGC) that selects the key and securely distributes it to the authorized participants. Recently, Sun et al. proposed an authenticated group key transfer protocol based on secret sharing that they claim to be secure. We show that this is false: the protocol is susceptible to insider attacks and violates known key security. Finally, we propose a countermeasure that maintains the benefits of the original protocol.

A Chain of Attacks and Countermeasures Applied to a Group Key Transfer Protocol

Yuan et al. have recently introduced a Group Key Transfer (GKT) protocol [12] that permits multiple entities to share a common secret key. Starting from the original version of the protocol, we describe a chain of alternating attacks and countermeasures. First, we present a replay attack and indicate a possible fix, inspired by the analogous work of Nam et al. [5] (applied to the similar protocol of Harn and Lin [1]). Second, we review a successfully insider attack against the improved version that we have revealed in a previous work [6] and introduce a countermeasure that stands against the latter attack. Finally, we mention a password guessing attack inspired by the work of Kim et al. [3] that can be mounted against the original protocol and both the improved versions.

SETUP in secret sharing schemes using random values

Secret sharing schemes divide a secret among multiple participants so that only authorized subsets of parties can reconstruct it. We show that secretly embedded trapdoor with universal protection attack can be embedded in secret sharing schemes that employ enough randomness to give the attacker an overwhelming advantage to access the secret. In case of ideal schemes, a coalition of a few participants (within at least one is the attacker) can succeed the attack, while in case of non-ideal schemes, the attackers knowledge can be enough to reveal the secret. We exemplify the attack against Shamirs threshold scheme, which is the most well known and used secret sharing scheme. Finally, we consider some prevention techniques against the proposed attack. Copyright

On the vulnerability of a Group Key Transfer protocol based on secret sharing

Group Key Transfer (GKT) protocols allow multiple parties to share a common secret key: a trusted entity selects a private key and securely distributes it to the qualified participants. Hsu et al. introduced a GKT protocol based on secret sharing, which they claimed to be secure. Unlike their affirmation, we report a vulnerability: an insider can cancel key consistency such that at the end of the protocol distinct users own different keys. This leads to the futility of the protocol. Even more, the attacker is able to choose the values of the injected keys on his own wish. Finally, we propose a simple and efficient countermeasure that stands against the revealed attack.

Provable Secure Constant-Round Group Key Agreement Protocol Based on Secret Sharing

Group Key Agreement (GKA) allows multiple users to collaboratively compute a common secret key. Motivated by the very few existing GKA protocols based on secret sharing with formal security proofs, we propose a new method to build such protocols. We base our construction on secret n-sharing, an untraditional perspective of secret sharing that brings several advantages. Our proposal achieves better security than the existing work while it maintains a constant number of communication rounds regardless the group size.

GOTCHA Challenge (Un)Solved

Password-based authentication is common due to its high usability and simplicity to implement; however, it raises many security problems. This implies a continuous effort in designing new password-based authentication techniques. J. Blocki, M. Blum and A. Datta introduced GOTCHA (Generating panOptic Turing Tests to Tell Computers and Humans Apart), an innovative method to perform password-based authentication: a challenge-response mechanism that gives humans a great advantage over machines. The authors of GOTCHA proposed a public challenge to test its strength. We disclosed all 5 passwords of the first round, because of a leakage in the released code. In this paper, we present our attack: an improved brute-force that revealed each of the 7-digit password in less than 0.5 h and the 8-digit password in approximately 1.5 h on a personal laptop.

On the (Non)Improvement of an Authenticated GKT Protocol

Harn and Lin proposed in 2010 a secret sharing-based group key transfer protocol. One year later, Nam et al. showed their construction is vulnerable to a replay attack and proposed a way to fix it. Recently, Yuan et al. analyzed the same protocol, proved that it is also vulnerable to a man-in-the middle attack and considered a countermeasure. First, we slightly modify Yuan et al.’s attack to make it simpler to implement and harder to be detected. Second, we show that the improved version of the protocol remains susceptible to a man-in-the-middle attack.