On the Security of Group Communication Schemes

TL;DR

This paper reveals a vulnerability in popular secure group communication schemes where adversaries can access all past and current keys after compromising a member, and proposes models and methods to mitigate this issue.

Contribution

The paper formalizes security models for group communication schemes and demonstrates practical methods to prevent key compromise attacks.

Findings

Existing schemes are vulnerable to key compromise attacks.

Formal security models for group communication schemes are proposed.

Practical methods can enhance scheme security against attacks.

Abstract

Secure group communications are a mechanism facilitating protected transmission of messages from a sender to multiple receivers, and many emerging applications in both wired and wireless networks need the support of such a mechanism. There have been many secure group communication schemes in wired networks, which can be directly adopted in, or appropriately adapted to, wireless networks such as mobile ad hoc networks (MANETs) and sensor networks. In this paper we show that the popular group communication schemes that we have examined are vulnerable to the following attack: An outside adversary who compromises a certain legitimate group member could obtain {\em all} past and present group keys (and thus all the messages protected by them); this is in sharp contrast to the widely-accepted belief that a such adversary can only obtain the present group key (and thus the messages protected by it). In order to understand and deal with the attack, we formalize two security models for stateful and stateless group communication schemes. We show that some practical methods can make a {\em subclass} of existing group communication schemes immune to the attack.