对Burmester等人提出的非认证组密钥协商协议的安全性进行了深入分析,指出该协议不能抵抗内部恶意节点发起的密钥协商阻断攻击和密钥控制攻击.提出了一种故障容忍的组密钥协商(FT-GKA)协议,FT-GKA协议在密钥协商过程中加入了消息正确性的认证机制,该机制利用数字签名技术检测组内恶意节点,并在驱逐恶意节点后保证组内诚实节点能计算出正确的会话密钥,解决了Burmester等人提出协议中存在的内部恶意节点攻击问题.并证明提出的协议在DDH假设下能抵抗敌手的被动攻击,在DL假设和随机预言模型下能够抵抗内部恶意节点发起的密钥协商阻断攻击和密钥控制攻击.理论分析与实验测试表明,提出的协议具有较高的通信轮效率和较低的计算开销.%This paper indicates that Burmester et al.'s group key agreement protocol which based on the authenticated broadcast channel is unable to withstand the disruption attack and key-control attack of malicious participants in group. These two attacks lead that other honest participants will compute different session key and other honest participants compute the fixed session key which is determined previously by malicious participants,respectively.In this paper,a fault-tolerant group key agreement (FT-GKA) protocol is proposed. Even if there are malicious participants trying to attack the establishment of a session key, all other honest participants following the proposed protocol are still able to compute the correct session key using the digital signature technology.Paper proves the protocol can withstand the passive attack of adversary under the DDH assumption, and the protocol can withstand the interrupted attack and key - control attack from malicious participants under the DL assumption and the random oracle model.Furthermore, the proposed protocol possesses both constant number of rounds and lower computation overhead.
展开▼
