Security Weaknesses in Harn-Lin and Dutta-Barua Protocols for Group Key Establishment

• Junghyun Nam,
• Moonseong Kim,
• Juryon Paik,
• Dongho Won,

Vol. 6, No. 2, February 27, 2012
10.3837/tiis.2012.02.018, Download Paper (Free):

• Security
• group key establishment
• Attack
• Secret Sharing

Abstract

Key establishment protocols are fundamental for establishing secure communication channels over public insecure networks. Security must be given the topmost priority in the design of a key establishment protocol. In this work, we provide a security analysis on two recent key establishment protocols: Harn and Lin’s group key transfer protocol and Dutta and Barua’s group key agreement protocol. Our analysis shows that both the Harn-Lin protocol and the Dutta-Barua protocol have a flaw in their design and can be easily attacked. The attack we mount on the Harn-Lin protocol is a replay attack whereby a malicious user can obtain the long-term secrets of any other users. The Dutta-Barua protocol is vulnerable to an unknown key-share attack. For each of the two protocols, we present how to eliminate their security vulnerabilities. We also improve Dutta and Barua’s proof of security to make it valid against unknown key share attacks.

Statistics

Cite this article