Demonstrating possession of a discrete logarithm without revealing it
Proceedings on Advances in cryptology---CRYPTO '86
Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Provably authenticated group Diffie-Hellman key exchange
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A Secure Fault-Tolerant Conference-Key Agreement Protocol
IEEE Transactions on Computers
A Secure Audio Teleconference System
CRYPTO '88 Proceedings of the 8th Annual International Cryptology Conference on Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Communication-Efficient Group Key Agreement
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
A Practical and Secure-Fault-Tolerant Conferenc-Key Agreement Protocol
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
Modeling insider attacks on group key-exchange protocols
Proceedings of the 12th ACM conference on Computer and communications security
A communication-efficient and fault-tolerant conference-key agreement protocol with forward secrecy
Journal of Systems and Software
Information Sciences: an International Journal
Hi-index | 0.00 |
In this paper we analyse the security of two authenticated group key agreement schemes based on the group key agreement protocol of Burmester and Desmedt. One scheme was proposed by Burmester and Desmedt, and uses a separate authentication scheme to achieve authentication among the participants. We show that this scheme suffers from a number of security vulnerabilities. The other scheme was generated using the general protocol compiler of Katz and Yung. We show that in some circumstances, even if key confirmation is implemented, this scheme still suffers from insider attacks (which are not covered by the security model used by Katz and Yung).