Abstract
The one-way function tree (OFT) scheme proposed by Balenson et al. is widely regarded as an efficient key management solution for multicast communication in large dynamic groups. Following Horng’s claim that the original OFT scheme was vulnerable to a collusion attack, Ku et al. studied the collusion attack on OFT and proposed a solution to prevent the attack. The solution, however, requires to broadcast about h 2 + h (h is the height of the key tree) keys for every eviction operation, whereas the original OFT scheme only requires about h keys. This modified OFT scheme thus loses a key advantage that the original OFT has over the logical key hierarchy (LKH) scheme, that is a halving in broadcast size. In this paper, we revisit collusion attacks on the OFT scheme. We generalize the examples of attacks given by Horng and Ku et al. to a generic collusion attack on OFT, and derive necessary and sufficient conditions for such an attack to exist. We then show a solution for preventing collusion attacks while minimizing the average broadcast size. Our simulation results show that the proposed solution allows OFT to outperform LKH in many cases.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
McGrew, D., David, A., Alan, T., Sherman, A.: Key establishment in large dynamic groups using one-way function trees. TIS Report 0755, TIS Labs at Network Associates, Inc., Glenwood, MD (1998)
Sherman, A.T., McGrew, D.A.: Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering 29(5), 444–458 (2003)
Balenson, D.M., McGrew, D.A., Sherman, A.T.: Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization. InternetDraft (work in progress), Internet Engineering Task Force, draft-irtf-smug-groupkeymgmt-oft-00.txt. (August 2000)
Balenson, D.M., McGrew, D.A., Sherman, A.T.: Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization. InternetDraft (work in progress), Internet Engineering Task Force, draft-balenson-groupkeymgmt-oft-00.txt. (February 1999)
Peter, K.: A survey of multicast security issues and architectures. In: Proceedings of 21st National Information Systems Security Conference, Arlington, VA, October 1998, pp. 408–420 (1998)
Wallner, D., Harder, E., Agee, R.: Key Management for Multicast: Issues and Architectures. IETF, Request for Comments (RFC) 2627 (June 1999)
Moyer, M.J., Rao, J.R., Rohatgi, P.: A survey of security issues in multicast communications. IEEE Network 13(6), 12–23 (1999)
Canetti, R., Garey, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: A taxonomy and efficient constructions. In: Proceedings of IEEE InfoComm’99, Mar. 1999, vol. 2, pp. 708–716 (1999)
Harney, H., Muckenhirn, C., Rivers, T.: Group key management protocol architecture. IETF, RFC2093 (1997)
Khurana, H., Bonilla, R., Slagell, A., Afandi, R., Hahm, H.-S., Basney, J.: Scalable group key management with partially trusted controllers. In: Lorenz, P., Dini, P. (eds.) ICN 2005. LNCS, vol. 3421, pp. 662–672. Springer, Heidelberg (2005)
Ku, W.C., Chen, S.M.: An improved key management scheme for large dynamic groups using one-way function trees. In: Proceedings of 2003 International Conference on Parallel Processing Workshops, October 2003, pp. 391–396 (2003)
Matthew, D., Moyer, J., Rao, J.R., Rohatgi, P.: A Survey of Security Issues in Multicast Communications. IEEE Network Magazine (November/December 1999)
Hardjono, T., Dondeti, L.R.: Multicast and Group Security. Artech House, Boston (2003)
Canetti, R., Pinkas, B.: A taxonomy of multicast security issues. dracanetti-secure-multicast-taxonomy-00.txt, IETF Internet Draft, work in progress (1998)
Harney, H., Harder, E.: Logical Key Hierarchy Protocol, Internet Draft (work in progress). draft-harney-sparta-lkhp-sec-00.txt, Internet Engineering Task Force (Mar. 1999)
Horng, G.: Cryptanalysis of a Key Management Scheme for Secure Multicast Communications. IEICE Trans. Commun. E85-B(5), 1050–1051 (2002)
Sherman, A.T.: A proof of security for the LKH and OFC centralized group keying algorithms. NAI Labs Technical Report No. 02-043D, NAI Labs at Network Associates, Inc. (2002)
Fan, J., Judge, P., Ammar, M.: HySOR: Group Key Management with Collusion-Scalability Tradeoffs Using a Hybrid Structuring of Receivers. In: Proceedings of the IEEE International Conference on Computer Communications Networks, Miami (2002)
Lin, J.C., Lai, F., Lee, H.C.: Efficient Group Key Management Protocol with One-Way Key Derivation. In: Proceedings of The 2005 IEEE Conference on Local Computer Networks, pp. 336–343 (2005)
Wang, Y., Li, J., Tie, L., Zhu, H.: An efficient method of group rekeying for multicast communication. In: Proceedings of the 6th IEEE Circuits and Systems Symposium, June 2004, pp. 273–276 (2004)
Xu, S., Yang, Z., Tan, Y., Liu, W., Sesay, S.: An efficient batch rekeying scheme based on one-way function tree. In: Proceedings of The IEEE International Symposium on Communications and Information Technology, pp. 490–493 (2005)
Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. ACM Computer Communication Review 28(4), 68–79 (1998)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Xu, X., Wang, L., Youssef, A., Zhu, B. (2007). Preventing Collusion Attacks on the One-Way Function Tree (OFT) Scheme. In: Katz, J., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2007. Lecture Notes in Computer Science, vol 4521. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72738-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-540-72738-5_12
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72737-8
Online ISBN: 978-3-540-72738-5
eBook Packages: Computer ScienceComputer Science (R0)