Group authentication and key establishment scheme

Abstract

The authentication phase serves as the foundational cornerstone for ensuring secure data tranmission and confidential communication. In the ever-expanding landscape of devices communicating with each other, espacially IoT, the conventional approach which is one-to-one authentication poses a significant challenge, burdening compu- tation and communication with a growing strain due to the escalating complexity of the environment. In other words, standard cryptographic algorithms—such as RSA, which relies on prime number factorization, and Diffie-Hellman Key Exchange, which is based on the hardness assumption of the discrete logarithm problem—have traditionally been used for authentication. However, these algorithms may not be suitable for resource-constrained devices, particularly in a dynamic and crowded environment. Group authentication schemes (GASs), representing a innovative approach to authentication. Group authentication involves verifying that a designated set of users are part of a specific group and, in case of need, subsequently distributing a shared key among them for confidential group communication. That is, GAS can authenticate many users simultaneously. The recently presented group authentication algorithms mainly exploit Lagrange polynomial interpolation along with elliptic curve groups over finite fields. These systems require collecting a specific number of legitimate users' private keys to complete the authentication phase. That is, the scheme requires each entity to acquire tokens from all other entities, making it impractical for large-scale environments. The need to secret sharing makes these algorithms vulnerable to disruption by a single malicious entity. Additionally, in the current algorithms based on polynomial interpolation the cost of authentication and key establishment also depends on the number of users, which poses a scalability challenge. Introducing a novel methodology, this study advocates the adoption of linear fields for group authentication and key generation, scalable to groups of varying sizes. Leveraging linear spaces minimizes the computational and communication burdens associated with establishing a shared key within the group. The inherent benefits of utilizing vector spaces render this proposed method particularly well-suited for energy and resource constrained devices, positioning it as a viable option for integration within Internet of Things (IoT) networks. A standout feature of our work is its ability to empower any user in a group to elevate a non-member to a member status. This feature is a potential utility for future autonomous systems. The scheme is thoughtfully crafted to ensure that sponsors of these new members can be identified by all members within the group. Moreover, unlike the polynomial interpolation based, the proposed easily identifies non-members, which helps prevent denial of service (DoS) attacks that previous group authentication algorithms struggled with. The method proposed in this thesis offers a lightweight group authentication solution that verifies participants in environments with energy- and resource-constrained devices, independent of the number of users. During the group authentication phase, a subspace of the universal space, along with its basis set and a polynomial, are selected by the corresponding group manager and kept secret. The basis sets, derived from the chosen main basis set and polynomial, are distributed to users as their private keys. In each group authentication session, a random vector that does not lie in the subspace and a nonce vector are selected and published. Using their basis sets, users are expected to find the projection vector of the published vector and calculate the inner product with the session nonce vector. Participants are verified by sending some bits of the calculated value. In the key generation phase, the steps are identical to those in the group authentication phase. For the projection step, the diffirent vectors are publicly disclosed to be utilized for the same purpose. Participants obtain the key for group communication by performing the same operations. Notably, individuals not having a basis set can not participate in the key building phase which enhances the overall security level. In scenarios where the group administrator is not directly involved, this study enables any authorized user within the group to add new members. The authorized user adjusts their basis set by selecting specific elements and shares it with the prospective group member. By leveraging this basis set, it becomes possible to identify the individual responsible for adding someone to the group. Within the scope of this thesis, we delve into the recent group authentication studies in the literature. We address the challenges of these studies and propose a novel linear based group authentication scheme that overcomes them. Additionally, we present real-time analyses comparing our algorithm with existing studies, supported by tables and graphs.