Results

**11 - 13**of**13**### One-round Group Key Exchanges from Scratch

"... Since the inception of the Diffie-Hellman protocol in 1976, it has been an elusive open problem to construct a one-round group key exchange (GKE) protocol. In this paper, we investigate the open problem and answer it in a modular way. We first revisit the GKE definition and distinguish the conventi ..."

Abstract
- Add to MetaCart

Since the inception of the Diffie-Hellman protocol in 1976, it has been an elusive open problem to construct a one-round group key exchange (GKE) protocol. In this paper, we investigate the open problem and answer it in a modular way. We first revisit the GKE definition and distinguish the conventional (symmetric) group key exchange from asymmetric group key exchange (ASGKE) protocols. In the latter notion, instead of a common secret key, only a shared encryption key is negotiated at the end of the protocol. This encryption key is accessible for attackers and corresponds to different decryption keys merely computable by each group member. We propose a generic construction of one-round static ASGKEs based on a new cryptographic primitive referred to as asteroidal cryptosystem, which is of independent interest. Using bilinear pairings, we instantiate efficient asteroidal cryptosystem and one-round ASGKE schemes. Towards solving the open problem, we show that our one-round n-party ASGKE instantiation implies an (n+1)-party conventional GKE protocol where each member merely broadcasts one message, but the (n + 1)-th member cannot send its message until it sees the messages of the other n members. By letting the n members distributively simulate the (n + 1)-th member, we propose a one-round n-party GKE protocol in a strict round definition where each member can broadcast its one independent message simultaneously. Hence, one round is sufficient for multiple parties to establish a common secret key from scratch.

### On Generic Groups and Related Bilinear Problems

"... Abstract. Groups with pairing are now considered as standard building blocks for cryptographic primitives. The security of schemes based on such groups relies on hypotheses related to the discrete logarithm problem. As these hypotheses are not proved, one would like to have some positive security ar ..."

Abstract
- Add to MetaCart

(Show Context)
Abstract. Groups with pairing are now considered as standard building blocks for cryptographic primitives. The security of schemes based on such groups relies on hypotheses related to the discrete logarithm problem. As these hypotheses are not proved, one would like to have some positive security argument for them. It is usual to assess their security in the so called generic group model introduced by Nechaev and Shoup. Over the time, this model has been extended in different directions to cover new features. The relevance of this model is nevertheless subject to criticisms: in particular, the fact that the answer to any fresh query is a random bit string is not what one expects from a usual group law. In this paper, we develop a generic group model with pairing which generalizes all the models seen so far in the literature. We provide a general framework in order to prove difficulty assumptions in this setting. In order to improve the realism of this model, we introduce the notion of pseudo-random families of groups. We show how to reduce the security of a problem in such a family to the security of the same problem in the generic group model and to the security of an underlying strong pseudo-random family of permutations.

### Research Article Secure Rateless Deluge: Pollution-Resistant Reprogramming and Data Dissemination for Wireless Sensor Networks

"... which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. A network reprogramming protocol is made for updating the firmware of a wireless sensor network (WSN) in situ. For security reasons, every firmware update must be authenticated ..."

Abstract
- Add to MetaCart

(Show Context)
which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. A network reprogramming protocol is made for updating the firmware of a wireless sensor network (WSN) in situ. For security reasons, every firmware update must be authenticated to prevent an attacker from installing its code in the network. While existing schemes can provide authentication services, they are insufficient for a new generation of network coding-based reprogramming protocols like Rateless Deluge. We propose Secure Rateless Deluge or Sreluge, a secure version of Rateless Deluge that is resistant to pollution attacks (denial-of-service attacks aimed at polluting encoded packets). Sreluge employs a neighbor classification system and a time series forecasting technique to isolate polluters, and a combinatorial technique to decode data packets in the presence of polluters before the isolation is complete. For detecting polluters, Sreluge has zero false negative rate and a negligible false positive rate. TOSSIM simulations and experimental results show that Sreluge is practical. 1.