Information Technology Reference
In-Depth Information
Cryptanalysis of Multicast Protocols
with Key Refreshment
Based on the Extended Euclidean Algorithm
Alberto Peinado and Andrés Ortiz
Dept. Ingeniería de Comunicaciones,
E.T.S.I. Telecomunicación, Universidad de Málaga,
Campus de Teatinos, 29071 Málaga, Spain
{apeinado,aortiz
}@ic.uma.es
Abstract.
Recently, Naranjo, López-Ramos and Casado have proposed a key
refreshment for multicast schemes based on the extended Euclidean algorithm.
We show in this paper that the key refreshment is not secure, describing several
weaknesses and the algorithm to obtain the private key of any user. Hence,
every system in which the key refreshment is applied will be compromised.
Keywords:
Cryptanalysis, Key refreshment, Key Distribution, Multicast.
1 Introduction
In 2010, Naranjo
et al
proposed a key refreshment [1] based on the extended Euclid-
ean algorithm to be applied over multicast networks. The scheme was presented as a
solution to one of the most important aspects related to multicast security.
The scenario can be described as a Key server and a set of members that either
send or receive multicast messages. Although the data communications can be
one-to-
many
or
many-to-many
, the communications related to key refreshment corresponds
to the
one-to-many
type, and they are always originated at the Key server.
Members can enter and leave to the system at any time. Therefore, the key must be
refreshed every time an arrival or departure is performed. This is mandatory to
achieve backward and forward security. On the other hand, the key refreshment must
be applied periodically to avoid, prevent or minimize statistical or brute force
attacks.
Next section describes the key refreshment defined in [1]. Section 3 deals with the
cryptanalysis showing the main weakness of the scheme. Section 4 describes the au-
thentication protocol defined in [1] to detect forged refreshments. In section 5, the
cryptanalysis of the authentication mechanism is presented. Section 6 described the
zero-knowledge protocol also defined in [1] to complement and increase the global
security of the system. In section 7, we present the cryptanalysis of this zero-
knowledge protocol, in such a way that user's key is easily recovered. Finally, conclu-
sions appear in section 8.
Search WWH ::
Custom Search