Group key establishment protocol is used to establish a one-time session key among all participating entities, which ensures the message only recognizable for authorized member. Harn and Lin propose a group key transfer protocol based on Shamir’s secret sharing, which is then improved by Nam, et al. to resist the replay attack from inside adversary. In fact, both Harn and Nam are vulnerable against the insider attack unlike their claim. A modification of authenticated secure group key transfer protocol is proposed to achieve the insider attack-resistance and outsider attack-resistance.%为了保障群组通信过程中的内容安全与成员的身份认证,需要一次性会话密钥对通信内容进行加密,密钥建立协议的主要任务是在群组通信开始前完成会话密钥的产生与分发,分为密钥协商协议与密钥传输协议。详细分析了Harn组密钥分发协议与Nam组密钥分发协议的安全漏洞,在Harn协议与Nam协议中,群组通信的成员可以获取其他成员的长期秘密数据,即协议无法抵抗内部人攻击。基于秘密共享理论,设计了安全的组密钥分发协议,能够有效抵抗内部人攻击与外部人攻击。
展开▼
