Group key exchange protocols allow a group of parties communicating over a public network to come up with a common secret key called a session key. Due to their critical role in building secure multicast channels, a number of group key exchange protocols have been suggested over the years for a variety of settings. Among these is the ID-based group key exchange protocol proposed by Yang and Shieh in 2001. In this paper, we revisit the Yang-Shieh ID-based protocol and conduct a security analysis on the protocol. The consequence of our analysis is that the Yang-Shieh protocol fails to achieve its basic goal of securely establishing a session key among the intended parties. This is shown via a collusion attack on the protocol. We also show how to fix the security problem with the protocol.
展开▼