KR20100085424A - Group key distribution method and server and client for implementing the same - Google Patents

Group key distribution method and server and client for implementing the same Download PDF

Info

Publication number
KR20100085424A
KR20100085424A KR1020090004700A KR20090004700A KR20100085424A KR 20100085424 A KR20100085424 A KR 20100085424A KR 1020090004700 A KR1020090004700 A KR 1020090004700A KR 20090004700 A KR20090004700 A KR 20090004700A KR 20100085424 A KR20100085424 A KR 20100085424A
Authority
KR
South Korea
Prior art keywords
random value
client
group key
group
server
Prior art date
Application number
KR1020090004700A
Other languages
Korean (ko)
Other versions
KR101021708B1 (en
Inventor
김정윤
신기은
임이진
최형기
Original Assignee
성균관대학교산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 성균관대학교산학협력단 filed Critical 성균관대학교산학협력단
Priority to KR1020090004700A priority Critical patent/KR101021708B1/en
Publication of KR20100085424A publication Critical patent/KR20100085424A/en
Application granted granted Critical
Publication of KR101021708B1 publication Critical patent/KR101021708B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communication the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THIR OWN ENERGY USE
    • Y02D50/00Techniques for reducing energy consumption in wire-line communication networks
    • Y02D50/30Techniques for reducing energy consumption in wire-line communication networks by selective link activation in bundled links
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THIR OWN ENERGY USE
    • Y02D70/00Techniques for reducing energy consumption in wireless communication networks

Abstract

PURPOSE: The root key distribution method, and server and client can minimize the battery consumption amount of the terminal by using the calculation like the PRF and XOR. CONSTITUTION: It decodes the encryption message delivered from client and the decoder(130) gets the first random number, and the second random number and secret key. The root key generating unit is created the first random number of server. By using one or more client separates medicine 1 random number belonging to the first random number and group of server, the root key generating unit(160) is created the root key. It is especially created the root key secure short message from the root key the client belonging to the group and the root key security message generating part(170) transmits with client.

Description

Group Key Distribution Method and Server and Client for Implementing the Same}

The present invention relates to a group key distribution method and a server and a client therefor.

Recently, with the development of network technology, various services based on the Internet, such as Voice over Internet Protocol (VoIP) and Internet Protocol Television (IP-TV), have emerged. VoIP is being described as a new service to replace existing public switched telephone network (PSTN) based telephones because low-cost telephone service is available by utilizing the existing Internet network. Unlike conventional broadcasting systems, IP-TV can provide interactive services by interacting with service providers and users. This bidirectional communication provides a differentiated service according to the user.

Meanwhile, both VoIP and IP-TV services are exposed to various threats because they are provided based on the open network, the Internet. For example, VoIP requires that the content of a call be secured so that no one other than the call parties can eavesdrop on the call. In particular, in the case of a multi-party call or a video conference, the access control may be performed such that an unauthorized user cannot join the call or eavesdrop on the call because many users can attend the call.

In the case of IP-TV, the service provider needs access control to ensure that only legitimate users who have completed the billing process can receive the service. That is, the content can be protected by encrypting the content using a group key that only legitimate users know in common. In this case, the problem of efficient redistribution of group keys must be solved. For example, if the billing period expires or a user who no longer has the right to receive the content by canceling the subscription, the service provider must renew the existing group key so that the user can no longer receive the content. In addition, the updated group key must be sent back to legitimate users.

In a scheme for distributing group keys to a terminal, a key transfer protocol and a key agreement protocol exist. The key delivery protocol refers to a method in which a key management server generates and delivers a group key. The key agreement protocol refers to a method in which terminals share a group key by sending and receiving a message without a key management server. We analyzed the key transfer protocol and the key agreement protocol that have been studied previously. The explanation is as follows.

1. Key agreement protocol

Sherman et al. Proposed One-way Function Trees (OFT), a group key distribution protocol using Merkle Tree. The root node of the OFT means a group key, and the end node means a secret value shared between the terminal and the key management server. In order to obtain a group key, the terminal first performs a XOR operation on a secret value corresponding to an end node using a hash function and a value computed on a secret value corresponding to a sibling node using a hash function. You have a Parent Node. The parent node, which is the group key, is ultimately calculated through the above process. The OFT should perform log2 (n + 1) for each symmetric key-based encryption algorithm and hash function each time subscription or withdrawal of the terminal occurs.

Jung proposed a key agreement protocol for efficient sharing of group keys among terminals with limited computational resources. Jung's protocol uses Diffie-Hellman-based group key agreement, and can be implemented with only light calculations such as XOR and hash. However, Lee et al. Proved that a security vulnerability exists in Jung's protocol. According to Lee et al., Jung's protocol can cause denial of service attacks by internal attackers.

2. Key Delivery Protocol

Dondeti et al. Proposed the Dual-Encryption Protocol (DEP), which distributes group keys based on group hierarchy. According to this study, in order to efficiently update a group key, one group must be divided into a plurality of subgroups, and a subgroup manager for managing the group keys of each subgroup must exist. In addition, when the subgroup manager is not authorized to receive the message, the key server encrypts the message using a group key known only to the group subscribers in order to restrict access of the subgroup manager. DEP is suitable for situations where access control of the subgroup manager is required, but otherwise, unnecessary encryption overhead occurs.

Sun et al. Proposed a new CAS suitable for Pay-TV. They used a way to pass offline all the values used for group key propagation. That is, the authors proposed a group key distribution protocol that reduces the transmission overhead instead of increasing the information to be stored for each terminal. Every terminal Ci (1 ≦ i ≦ n) existing in the system has unique information Ii (1 ≦ i ≦ n) associated with each terminal, and Ii is a value known to all n-1 terminals except Ci. If the terminal Ci withdraws, the remaining n-1 terminals obtain a new key by XORing Ii to the existing key. Accordingly, the withdrawn terminal cannot know the updated key, and all terminals except the withdrawn terminal can know the updated key.

However, if the encryption of the contents of the call is performed according to the protocol or the access control described above, a delay may occur in the transmission and reception of the contents of the call, which causes a decrease in the quality of the call. In the case of multi-party calls or video conferencing, there may be more than three call subjects, so security overhead is inevitably higher than that of general calls. Therefore, in the case of multi-party call and video conferencing, there is an urgent need for a method to safely protect the call content while minimizing the degradation of call quality compared to 1: 1 call.

Therefore, the present invention is to solve the problems according to the prior art, using only very fast operation, such as Pseudo Random Function and XOR operation, XOR operation of the omnidirectional safety problem that can occur by repeated use of Pseudo Random Function The purpose of the present invention is to provide a secure and efficient method for distributing group keys and to provide a server and a client for implementing the same.

In a group key distribution method according to an aspect of the present invention, a first client generates a first random value and a second random value, and the first random value, the second random value, and a secret shared by a server and the first client. Encrypting the key and transmitting it to the server; The server decrypting the encrypted value to obtain the first random value, the second random value, and the secret key information; Generating a server random value and generating a group key using the server random value and a first random value of at least one or more clients belonging to the group; Generating, by the server, a group key security message for at least one client belonging to the group from the generated group key and transmitting the group key security message to each client belonging to the group; And each client belonging to the group obtains a group key using its first random value, a second random value, and the group key security message.

In this case, when the first client leaves the group, the server generates a new server random value and uses the server random value and at least one first random value for each client remaining in the group to generate a new group key. Generating a; Generating, by the server, a group key security message for each of at least one client remaining in the group by using the newly generated group key, and transmitting the generated group key security message to each client; And at least one client remaining in the group may further extract a newly generated group key from the group key security message.

The encrypting the secret key information by the first client may encrypt the first random value, the second random value, and a secret key shared by the server and the first client using the secret key. have.

The group key distribution method according to the present invention may further include the step of performing authentication of the first client by using the first random value, the second random value, and the secret key information obtained by decoding.

In the server performing the authentication of the first client, the first client may be authenticated by comparing the decrypted private key with the private key information of the first client. Can be.

Generating a group key using the server random value and a first random value of at least one or more clients belonging to the group may include generating the server random value and a first random value of at least one or more clients belonging to the group. The group key may be generated by performing an XOR operation.

The generating of the group key security message by the server may include performing an XOR operation on the generated group key, a first random value for each client, and a second random value for each client by a predetermined number of times to perform an XOR operation on the group key security message. It may be characterized by generating a message.

The server may update the second random value for each client to a value applied to the one-way function by a predetermined number of times. The client may obtain a group key by XORing a value obtained by applying the second random value to a one-way function a predetermined number of times, a fixed random value, and a group key security message. The client may update the second random value of the client to a value applied to the one-way function by a predetermined number of times.

According to another aspect of the present invention, a server for group key distribution includes a decryption unit for decrypting an encrypted message transmitted from a client to obtain a first random value, a second random value, and a secret key; A group key generation unit generating a first random value of a server and generating a group key by using the first random value of the server and a first random value of at least one client belonging to a group; And a group key security message generation unit for generating a group key security message for each client belonging to the group from the generated group key and transmitting the group key security message to each client.

In this case, the decryption unit may decrypt the encrypted message by using a secret key shared with the client that delivered the encrypted message.

The server according to the present invention may further include a user authentication unit which performs authentication of a client using the secret key obtained by the decryption unit, and controls the group key generation unit to generate a group key when authentication is performed.

The group key generation unit may generate a group key by performing an XOR operation on a first random value of the server and a first random value of at least one client belonging to a group.

The server according to the present invention may further include a cryptographic storage for storing a first random value, a second random value, and a secret key for at least one or more clients belonging to the group.

In this case, the group key security message generation unit may generate a group key security message for each client by using the generated group key, a first random value for each client, and a second random value.

The group key security message generation unit may generate a group key security message for each client by performing an XOR operation on a value obtained by applying a second random value for each client to a one-way function a predetermined number of times, the first random value for each client, and the generated group key. It may be characterized by. The one-way function may be a hash function or a pseudo random function.

When the group key generation unit receives a group leave request from a client, the group key generation unit generates a first random value of a new server, and generates a new random value using the first random value of the new server and the first random value of each client remaining in the group. A group key may be generated, and the group key security message generation unit may generate a group key security message for each client remaining in the group from the newly generated group key and transmit the generated group key security message to each client.

The group key security message generation unit may further include a value obtained by applying the second random value for each client to the one-way function by a predetermined number of times, the first random value for each client, and the newly generated group key. XOR operation can generate a client-specific group key security message.

According to another aspect of the present invention, a client includes: a random value generator configured to generate a first random value and a second random value; An encryption unit for encrypting the first random value and the second random value and a secret key shared with the server, and transmitting the encrypted message to a server; And a group key security message decryption unit that receives a group key security message encrypted with a group key from a server and decrypts the group key security message to obtain a group key.

The encryption unit may encrypt the first random value, the second random value, and a secret key shared with the server using the secret key.

The client according to the present invention may further include an encryption storage unit for storing the first random value, the second random value and the secret key.

The group key security message decryption unit obtains the group key using a value obtained by applying a second random value included in the encryption storage unit to the one-way function a predetermined number of times, a fixed random value, and a group key security message. can do.

The group key security message decryption unit may obtain a group key by XORing a value obtained by applying the second random value to a one-way function a predetermined number of times, a fixed random value, and a group key security message.

The group key security message decryption unit may update a second random value stored in the cryptographic storage unit with a value applied to the one-way function by the predetermined number of times.

As described above, when the group key distribution method according to the present invention and a server and a client therefor are used, only a PRF (Pseudo Random Function) and an XOR (eXclusive) operation are used, and thus a very fast operation is possible. In particular, the terminal side can update the group key with only one PRF operation and two XOR operations regardless of the number of subscribers in the group. In addition, one PRF and one XOR of these operations need not be performed in the group key update process and can be performed in advance (Pre-Computable), thereby enabling faster group key update.

The present invention blocks the exposure of keys by internal and external attackers using the PRF, and the problem of omnidirectional security that may occur when using the repeated PRF can be overcome by using the XOR together with the PRF.

In addition, by using only light calculations such as PRF and XOR, the battery consumption of the terminal is minimized, and since the size of information to be stored in the terminal is very small, the cost required for the actual implementation of the terminal can be obtained.

Hereinafter, a method for distributing a group key according to the present invention, a server and a client therefor will be described in detail with reference to the accompanying drawings.

1 is a diagram illustrating a situation in which a terminal joins or leaves a group according to an embodiment of the present invention.

As shown in FIG. 1, group 1 refers to various groups such as an IP TV group, a VoIP call group, a video conference group, and the like. The present invention is not only applied to the described group, but can be applied to any group that authenticates clients belonging to the group using the group key.

In the group 1 shown in FIG. 1, a server for managing a client 20 having a current ID of 1 to n and a client 20 belonging to the group 1 and providing a service to the client 20 is provided. (10) is present. Where n represents the number of clients currently in the group. If n is 100, there are 100 terminals in the group.

In this configuration, the event that the client C p 30 joins may occur (① process). In addition, the client C P (40) batdeon joined to group (1) providing a service may be an event occurs to withdraw from group (1) (process ②).

In this way, when a client C p newly joins or a client C P who has belonged to a group is withdrawn, the server 10 renews a group key that is in use and is in a state of being subscribed to the group. To the client.

Hereinafter, a group key distribution process according to the present invention will be described.

2 is a diagram illustrating a group key distribution method when a client joins a group according to another embodiment of the present invention.

First, the client C p 30 attempts to join the group 1 shown in FIG. 1 (S201). The client C p 30 generates a first random value R p and a second random value K p to authenticate the user and generate the group key accordingly (S202). In this case, the first random value R p and the second random value K p may be generated as follows.

R p ← {0, 1} a , K p ← {0, 1} a

After generating the first random value R p and the second random value K p , the client C p 30 uses the PK p , the secret key shared with the server 10, to generate the first random value R p . p ), the second random value K p and the secret key PK p are encrypted (S203). The encrypted message is generated in step S203, and is defined as X p, which can be defined as X p ← E PKp (PK p ∥R p ∥K p).

As such techniques for encoding the PK p using the PK p, i.e. Self-Encryption techniques are a technique for enabling a user authenticated at the same time, minimizing the exposure of the secret information, nonce (nonce) used in the Challenge-Response Method, time Since the transmission of the timestamp is unnecessary, efficient authentication is possible.

However, Self-Encryption has the disadvantage of being vulnerable to replay attacks. The present invention solves the problem of retransmission attack that occurs in Self-Encryption by including a random value used for group key distribution in the input value of Self-Encryption. In addition, Self-Encryption minimizes the exposure of confidential information, minimizes unnecessary transmission values, and enables user authentication.

The secret key PK p used in step S203 is a value previously shared by the server 10 and the client C p 30, or by the server 10 to the client C p 30 using a public key technique. The value passed beforehand.

In the above formula, a is a security parameter and represents the size (Bit) of a random value to be generated. That is, if a = 127, the generated R p and K p have 127 bits.

The client C p 30 transmits X p and its ID generated in step S203 to the server 10 to request user authentication (S204).

The server 10 has a PK p corresponding to the ID of the client C p 30. The server 10 decodes the received X p using the PK p owned by the server 10 (S205). When decrypting X p , the server 10 may obtain the encrypted R p , K p, and the secret key PK p of the client C p 30.

The server 10 authenticates the client C p 30 by comparing the PK p obtained by decrypting X p with the PK p stored in advance (S206). If the user authentication of the client C p 30 fails in step S206, the server 10 does not update the group key, notifies the client C p 30 of the authentication failure, and ends the operation.

If the client C p 30 is successfully authenticated in step S206, the server 10 generates a group key GK (S207).

In order to generate the group key, the server 10 first generates a server random value R 0 . Thereafter, the server 10 generates a group key by performing an XOR (eXlusive OR) operation on the R 1 to R n and R p and the server random value R 0 received from the clients C 1 to C n , and C p . That is, the server 10 generates a server random value (R 0 ) to generate a group key as shown in the following equation.

Figure 112009003692317-PAT00001

That is, the server 10 generates a server random value (R 0 ) that is generated and kept in secret and a first random value (R 1 , R 2 ,... Generated by n + 1 clients belonging to the group 1). ., R n , R p ) is an XOR operation.

Thereafter, the server 10 transmits the generated group key GK to clients belonging to the group. The transmission of the group key should be encrypted for security. To this end, the server 10 generates a group key security message for transmitting a group key for each client.

The group key security message generated by the server 10 will be defined as N i . Where i is a value from 1 to n or p. That is, N i means a message for the server 10 to send to the client C i . At this time, the server 10 generates N i using the following equation.

Figure 112009003692317-PAT00002

here

Figure 112009003692317-PAT00003
Means an XOR (eXclusive OR) operation.

Also, in the value h i, j (K i ), i means client C i . j represents the number of times the client C i updated the group key. In the present example, client C p (30) joins the group and receives the first group key, thus calculating h p, 1 (K p ).

h i, j (K i ) means the value of K i applied to hash function j. Here, it is preferable to use PRF (Pseudo Random Function) as a hash function. That is, h i, j (K i ) = h (h i, j-1 (K i ) = h (h (h i, j-2 (K i ) = ...) is defined as, h i, 1 (K i ) means the value of applying K i to a hash function (or PRF function) once.

The generated N i message is transmitted to the corresponding client C i (S209 and S212). For example, an N p message is sent to client C p 30 and an N 2 message is sent to client C 2 22.

Client C p 30 obtains the group key by decrypting the message of N p (S211). At this time, the client C p can decode the N p message by using the following equation.

Figure 112009003692317-PAT00004

N p is a group key security message received by the server C p 30 from the server 10, and R p is a value generated and stored in step S202. In addition, h p, j (K p ) has a value of j = 1 and h p, j (K p ) or h p, 1 (K p ) is the value of applying K p to a hash function (or PRF) once Means. The client C p 30 may obtain a value of h p, 1 (K p ) by applying the hash function (PRF function) to K p generated in step S202 to perform Equation 3 (S210). . At this time, if the step S210 is performed before receiving the N p message, the operation time for obtaining the group key can be further reduced, which is more efficient.

Through this process, the client C p 30 can obtain the group key GK from the N p message. Thereafter, the client C p 30 stores the value of h p, 1 (K p ) , to which the hash function (or PRF) is applied , in preparation for a possible group key update.

On the other hand, clients previously belonging to the group, that is, clients C 1 to C n also receive a group key security message of N 1 to N n , respectively (S212). The client 20 that receives the group key security message of N 1 to N n obtains the group key by using the following equation (S214).

Figure 112009003692317-PAT00005

Here, N i is a group key security message delivered by the server 10 to the client C i , and R i means a value generated by the client C i to join the group.

h i, j (K i ) is the value of h i, j-1 (K i ) applied to the hash function (or PRF) once. h i, j-1 (K i ) is a value generated and stored by the client C i when the group key is updated just before the client C p 30 joins.

The client C i may obtain the value of h i, j (K i ) by applying the hash function (or PRF) to the value of h i, j-1 (K i ) once (S213).

Using these values, clients C i that continue to exist in the group can obtain a new group key (GK). In addition, the following client C i to the group key renewal is removed to h i, j-1 (K i) and, h i, place to store j (K i).

3 is a diagram illustrating a group key distribution method when a client leaves a group according to another embodiment of the present invention.

3 illustrates a case in which the client C p 40, which was in the group, leaves the group. To distinguish between joining and leaving, the client C p is expressed as 40. Of course, the group key distribution method is the same even if a client other than the client C p 40 is withdrawn.

First, the client C p 40 notifies the server 10 of the withdrawal of the group (S301). In this case, the server 10 generates a new server random value R 0 `. The generated R 0 `is marked with"`" to distinguish it from R 0 . Like R 0 , R 0 `corresponds to a value that only server 10 keeps secret.

Thereafter, the server 10 generates a new group key GK` using the newly generated server random value R 0 `(S302). At this time, the server 10 may generate a new group key GK` using one of Equations 5 and 1 below.

Figure 112009003692317-PAT00006

Equation (1) of Equation 5 is not significantly different from Equation 1, and thus description thereof is omitted. That is, the server 10 generates a new group key by XORing the newly generated R 0 `, the previously generated R 0, and the R p value of the client C p requesting the withdrawal.

In this case, Equation (2) of Equation 5 is obtained from Equation (1) of Equation 5, where GK` = GK

Figure 112009003692317-PAT00007
R 0 `
Figure 112009003692317-PAT00008
R 0
Figure 112009003692317-PAT00009
R p = (R 0
Figure 112009003692317-PAT00010
R 1
Figure 112009003692317-PAT00011
...
Figure 112009003692317-PAT00012
R n
Figure 112009003692317-PAT00013
R p )
Figure 112009003692317-PAT00014
R 0 `
Figure 112009003692317-PAT00015
R 0
Figure 112009003692317-PAT00016
R p = R 0 `
Figure 112009003692317-PAT00017
R1
Figure 112009003692317-PAT00018
R 2
Figure 112009003692317-PAT00019
...
Figure 112009003692317-PAT00020
It can be derived through the process of R n .

At this time, it is more preferable that the server generates a new group key through Equation (2). (1) in Equation 5 is

Figure 112009003692317-PAT00021
Operation (XOR operation) n-1 times, but equation (2)
Figure 112009003692317-PAT00022
This is because you only need to do three operations (XOR operations).

As such, the server 10 that generates a new group key (GK`) generates a group key security message for each client. Of course, since the client C p 40 has requested to leave, the server 10 generates only a group key security message of N 1 to N n (S303).

At this time, the server 10 may generate a group key security message as shown below.

Figure 112009003692317-PAT00023

GK` is the newly created group key. In addition, it can be seen that j is changed to j + 1 when compared with Equation 2. That is, the server 10 applies a hash function (or PRF) once to h i, j (K i ) stored in the previous group key update step, a newly generated group key (GK`), and a client-specific product. 1 Generates a new group key transmission message by performing XOR operation on R i , a random value.

The server 10 transmits the generated group key security messages of N 1 `to N n` to each client C 1 to C n (S306).

Each client decrypts the group key security message received from the server 10 to obtain an updated group key GK` (S307). To this end, the clients C 1 to C n perform an operation as shown in Equation 7 below.

Figure 112009003692317-PAT00024

N i `is the group key security message received from the server 10, and h i, j + 1 (K i ) is a hash function (or PRF) once from h i, j (K i ) stored in the previous step. This value can be obtained by applying to. R i is a random value generated by the client C i joining the initial group.

4 is a block diagram of a server according to another embodiment of the present invention.

As shown in FIG. 4, the server 100 for group key distribution includes a message processing unit 110, a group managing unit 120, a decryption unit 130, a user authentication unit 140, and a client in association with a group key distribution function. It may be configured to include a key storage unit 150, a group key generation unit 160, a group key security message generation unit 170 and the like.

The message processor 110 is a component that receives a message from the client C i and performs a corresponding process.

For example, when the message processor 110 receives a group join request message or a group leave request message, the message processor 110 transmits the message to the group manager 120 to perform a corresponding process.

When the group manager 120 receives the group join request from the client C p, the group manager 120 transmits the X p and the ID of the client included in the group join request message to the decryption unit 130. The decryption unit 130 loads the secret key PK p of the client C p stored in the client key storage unit 150 to decrypt the X p .

The first random value R p , the second random value K p , and the secret key PK p obtained by decrypting X p are transmitted to the user authentication unit 140. The user authentication unit 140 performs user authentication by comparing the PK p obtained by decrypting X p with the secret key PK p of the corresponding client stored in the client key storage unit 150.

When the user authentication is successfully performed, the group manager 120 performs a series of operations of joining the client C p to the group. The group manager 120 then controls the generation and distribution of the new group key.

The group key generation unit 160 generates a new group key. When a certain client joins a group, a method of generating a new group key is as described in Equation 1. The generated group key is transmitted to the group key security message generator 170.

The group key security message generation unit 170 generates a group key security message according to Equation 2 in order to encrypt the group key and transmit the encrypted group key to a client belonging to the group. The generated group key security message is transmitted to the clients belonging to the group through the message processing unit 110.

On the other hand, when a group withdrawal request is received from any client C p , the group manager 120 processes withdrawal of the client C p and controls the generation and distribution of a new group key.

The group key generation unit 160 generates a new group key using Equation 5. In particular, the group key generation unit 160 preferably generates a group key using Equation (2).

In addition, the group key security message generation unit 170 generates a group key security message by applying the newly generated group key to Equation 6. The generated group key security message is transmitted to the clients remaining in the group through the message processing unit 110.

5 is a block diagram of a client according to another embodiment of the present invention.

As shown in FIG. 5, the client 200 uses a message processing unit 210, an encryption processing unit 220, a random value generating unit 230, a password storage unit 240, a group key security message decryption unit 250, and the like. It can be configured to include.

The password storage unit 220 stores a secret key PK i that the client 200 shares with the server in advance. Generate a random value for the group subscription on the client 200, 230 generates the two random values, i.e., the first random value (R i) and a second random value (K i). The generated R i and K i are stored in the password storage unit 240.

The encryption unit 220 encrypts R i , K i, and PK i using PK i , which is a secret key previously divided with the server. Thus encrypted message X i can be defined as E PKi (R i ∥ K i ∥ PK i ).

The message processor 210 transmits the ID of the client 200 and the encrypted message X i to the server. The server now performs user authentication, group key generation and distribution using the ID of the client 200 and the encrypted message X i .

The message processing unit 210 of the client 200 receives the group key security message from the server and delivers the group key security message to the group key security message decryption unit 250.

The group key security message decryption unit 250 applies h i, 0 (K i ) = K i stored in the encryption unit to a hash function (or PRF) once, and uses the equation (7) to calculate the group key security message. Decode Through this process, the group key security message decryption unit 250 may obtain a group key.

The group key security message decryption unit 250 applies h i, 0 (K i ) = K i to a one-time hash function (or PRF) in case a group key is renewed due to joining or withdrawing another client. That is, h i, 1 (K i ) is stored in the password storage unit 240.

Meanwhile, the message processing unit 210 may transmit a group leave request message to the server in order to leave the group. In this case, the server transmits the updated group key security message to the clients except the client who has requested to leave the group, and the client 200 which has requested the group to leave the group does not participate in a separate group key distribution process.

Although the present invention has been described in detail through the representative embodiments, those skilled in the art to which the present invention pertains can make various modifications without departing from the scope of the present invention. Will understand. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be defined by the claims below and equivalents thereof.

1 is a diagram illustrating a situation in which a terminal joins or leaves a group according to an embodiment of the present invention.

2 is a diagram illustrating a group key distribution method when a client joins a group according to another embodiment of the present invention.

3 is a diagram illustrating a group key distribution method when a client leaves a group according to another embodiment of the present invention.

4 is a block diagram of a server according to another embodiment of the present invention.

5 is a block diagram of a client according to another embodiment of the present invention.

<Description of the symbols for the main parts of the drawings>

100: server 110: message processing unit

120: group management unit 130: decryption unit

140: user authentication unit 150: client key storage unit

160: group key generation unit 170: group key security message generation unit

200: client 210: message processing unit

220: encryption unit 230: random value generation unit

240: Password storage unit 250: Group key security message decryption unit

Claims (26)

  1. In the group key distribution method,
    Generating a first random value and a second random value, encrypting the first random value, the second random value, and a secret key shared by the server and the first client to a server;
    The server decrypting the encrypted value to obtain the first random value, the second random value, and the secret key information;
    Generating a server random value and generating a group key using the server random value and a first random value of at least one or more clients belonging to the group;
    Generating, by the server, a group key security message for at least one client belonging to the group from the generated group key and transmitting the group key security message to each client belonging to the group; And
    And each client belonging to the group obtains a group key using its first random value, a second random value, and the group key security message.
  2. The method of claim 1,
    If the first client leaves the group,
    The server generating a new server random value and generating a new group key using the server random value and at least one first random value for each client remaining in the group;
    Generating, by the server, a group key security message for each of at least one client remaining in the group by using the newly generated group key, and transmitting the generated group key security message to each client; And
    At least one client remaining in the group further comprises extracting the newly generated group key from the group key security message.
  3. The method according to claim 1 or 2,
    Encrypting, by the first client, private key information,
    And encrypting the first random value, the second random value, and a secret key shared by the server and the first client using the secret key.
  4. The method according to claim 1 or 2,
    And performing authentication of the first client using the first random value, the second random value, and the secret key information obtained by decoding.
  5. The method of claim 4, wherein
    The server performing authentication of the first client may include:
    And authenticating the first client by comparing the decrypted secret key with the private key information of the first client possessed by the server.
  6. The method according to claim 1 or 2,
    Generating a group key by using the server random value and the first random value of at least one or more clients belonging to the group,
    And generating a group key by performing an XOR operation on the server random value and a first random value of at least one or more clients belonging to the group.
  7. The method of claim 6,
    The server generating the group key security message,
    And generating the group key security message by performing an XOR operation on the generated group key, a first random value for each client, and a second random value for each client by a predetermined number of times.
  8. The method of claim 7, wherein
    And the server updates the second random value for each client to a value applied to the one-way function by a predetermined number of times.
  9. The method of claim 8,
    And the client acquires a group key by XORing a value obtained by applying the second random value to a one-way function a predetermined number of times, a fixed random value, and a group key security message.
  10. 10. The method of claim 9,
    And the client updates the second random value of the client to a value applied to the one-way function by a predetermined number of times.
  11. In a server for group key distribution,
    A decryption unit to decrypt the encrypted message transmitted from the client to obtain a first random value, a second random value, and a secret key;
    A group key generation unit generating a first random value of a server and generating a group key by using the first random value of the server and a first random value of at least one client belonging to a group; And
    And a group key security message generator for generating a group key security message for each client belonging to the group from the generated group key and transmitting the group key security message to each client.
  12. The method of claim 11,
    The decoding unit,
    And decrypting the encrypted message using a secret key shared with the client that has delivered the encrypted message.
  13. The method of claim 11,
    And a user authentication unit configured to authenticate the client using the secret key obtained by the decryption unit, and control the group key generation unit to generate a group key when authentication is performed.
  14. The method of claim 11,
    The group key generation unit,
    And generating a group key by performing an XOR operation on the first random value of the server and the first random value of at least one client belonging to the group.
  15. 14. The method according to any one of claims 11 to 13,
    And a cryptographic storage unit for storing a first random value, a second random value, and a secret key for at least one client belonging to the group.
  16. The method of claim 15,
    The group key security message generation unit,
    And generating a group key security message for each client by using the generated group key, first random value for each client, and second random value for each client.
  17. The method of claim 16,
    The group key security message generation unit,
    And generating a group key security message for each client by performing an XOR operation on a value obtained by applying a second random value for each client to a one-way function a predetermined number of times, the first random value for each client, and the generated group key.
  18. The method of claim 17,
    The one-way function is
    Server characterized in that it is a hash function (Pseudo Random Function) or a hash function (Pseudo Random Function).
  19. The method of claim 17,
    When the group key generation unit receives a group leave request from a client, the group key generation unit generates a first random value of a new server, and generates a new value by using the first random value of the new server and the first random value of each client remaining in the group. Create a group key,
    The group key security message generation unit generates a group key security message for each client remaining in the group from the newly generated group key and transmits the generated group key security message to each client.
  20. The method of claim 19,
    The group key security message generation unit,
    XOR operation of the value of applying the second random value for each client to the one-way function by a predetermined number of times, the first random value for each client, and the newly generated group key by XOR operation Server for generating a secure message.
  21. A random value generator for generating a first random value and a second random value;
    An encryption unit for encrypting the first random value and the second random value and a secret key shared with the server, and transmitting the encrypted message to a server; And
    And a group key security message decryption unit for receiving the group key security message encrypted with the group key from the server and decrypting the group key security message.
  22. The method of claim 21,
    The encryption unit,
    And encrypting the first random value, the second random value, and a secret key shared with the server using the secret key.
  23. The method of claim 21 or 22,
    And a cryptographic storage for storing the first random value, the second random value, and the secret key.
  24. 24. The method of claim 23,
    The group key security message decryption unit,
    And obtaining a group key using a value obtained by applying a second random value included in the cryptographic storage unit to a one-way function a predetermined number of times, a fixed random value, and a group key security message.
  25. The method of claim 24,
    The group key security message decryption unit,
    And obtaining a group key by XORing a value obtained by applying the second random value to a one-way function a predetermined number of times, a fixed random value, and a group key security message.
  26. The method of claim 24,
    The group key security message decryption unit,
    And updating the second random value stored in the cryptographic storage unit to a value applied to the one-way function by a predetermined number of times.
KR1020090004700A 2009-01-20 2009-01-20 Group Key Distribution Method and Server and Client for Implementing the Same KR101021708B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020090004700A KR101021708B1 (en) 2009-01-20 2009-01-20 Group Key Distribution Method and Server and Client for Implementing the Same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020090004700A KR101021708B1 (en) 2009-01-20 2009-01-20 Group Key Distribution Method and Server and Client for Implementing the Same

Publications (2)

Publication Number Publication Date
KR20100085424A true KR20100085424A (en) 2010-07-29
KR101021708B1 KR101021708B1 (en) 2011-03-15

Family

ID=42644334

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020090004700A KR101021708B1 (en) 2009-01-20 2009-01-20 Group Key Distribution Method and Server and Client for Implementing the Same

Country Status (1)

Country Link
KR (1) KR101021708B1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101275830B1 (en) * 2011-11-07 2013-06-18 숭실대학교산학협력단 Apparatus and method for managing group key and recording medium storing program for executing method of the same in computer
KR101314417B1 (en) * 2010-12-24 2013-10-04 한양대학교 에리카산학협력단 Apparatus for providing and reproducing contents using secure chipset and the method threaof
KR101329789B1 (en) * 2012-03-28 2013-11-15 이니텍(주) Encryption Method of Database of Mobile Communication Device
WO2014003900A1 (en) * 2012-06-29 2014-01-03 Crowdstrike, Inc. Social sharing of security information in a group
WO2014123347A1 (en) * 2013-02-05 2014-08-14 주식회사 엑스엔시스템즈 System for providing security network in company and method therefor
KR101494510B1 (en) * 2013-03-12 2015-02-23 명지대학교 산학협력단 Apparatus and method for managing group key, recording medium thereof
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
US9798882B2 (en) 2014-06-06 2017-10-24 Crowdstrike, Inc. Real-time model of states of monitored devices
US10015199B2 (en) 2014-01-31 2018-07-03 Crowdstrike, Inc. Processing security-relevant events using tagged trees
KR20190001168A (en) * 2017-06-26 2019-01-04 중앙대학교 산학협력단 Method and apparatus for sharing secret key
US10289405B2 (en) 2014-03-20 2019-05-14 Crowdstrike, Inc. Integrity assurance and rebootless updating during runtime
US10339316B2 (en) 2015-07-28 2019-07-02 Crowdstrike, Inc. Integrity assurance through early loading in the boot phase
US10387228B2 (en) 2017-02-21 2019-08-20 Crowdstrike, Inc. Symmetric bridge component for communications between kernel mode and user mode
US10409980B2 (en) 2012-12-27 2019-09-10 Crowdstrike, Inc. Real-time representation of security-relevant system state

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060063271A (en) * 2004-12-07 2006-06-12 한국전자통신연구원 The key distribution technique of link security on epon
KR100675836B1 (en) * 2004-12-10 2007-01-29 한국전자통신연구원 Authentication method for a link protection in EPON
KR20080007678A (en) * 2005-05-09 2008-01-22 노키아 코포레이션 System and method for efficient encryption and decryption of drm rights objects
KR20080107188A (en) * 2007-06-05 2008-12-10 주식회사 케이티 Efficient authentication method for a rfid system having distributed database and rfid system

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101314417B1 (en) * 2010-12-24 2013-10-04 한양대학교 에리카산학협력단 Apparatus for providing and reproducing contents using secure chipset and the method threaof
KR101275830B1 (en) * 2011-11-07 2013-06-18 숭실대학교산학협력단 Apparatus and method for managing group key and recording medium storing program for executing method of the same in computer
KR101329789B1 (en) * 2012-03-28 2013-11-15 이니텍(주) Encryption Method of Database of Mobile Communication Device
US9043903B2 (en) 2012-06-08 2015-05-26 Crowdstrike, Inc. Kernel-level security agent
US9621515B2 (en) 2012-06-08 2017-04-11 Crowdstrike, Inc. Kernel-level security agent
US9904784B2 (en) 2012-06-08 2018-02-27 Crowdstrike, Inc. Kernel-level security agent
US9571453B2 (en) 2012-06-08 2017-02-14 Crowdstrike, Inc. Kernel-level security agent
US10002250B2 (en) 2012-06-08 2018-06-19 Crowdstrike, Inc. Security agent
US9858626B2 (en) 2012-06-29 2018-01-02 Crowdstrike, Inc. Social sharing of security information in a group
US9292881B2 (en) 2012-06-29 2016-03-22 Crowdstrike, Inc. Social sharing of security information in a group
WO2014003900A1 (en) * 2012-06-29 2014-01-03 Crowdstrike, Inc. Social sharing of security information in a group
US10409980B2 (en) 2012-12-27 2019-09-10 Crowdstrike, Inc. Real-time representation of security-relevant system state
WO2014123347A1 (en) * 2013-02-05 2014-08-14 주식회사 엑스엔시스템즈 System for providing security network in company and method therefor
KR101494510B1 (en) * 2013-03-12 2015-02-23 명지대학교 산학협력단 Apparatus and method for managing group key, recording medium thereof
US10015199B2 (en) 2014-01-31 2018-07-03 Crowdstrike, Inc. Processing security-relevant events using tagged trees
US10289405B2 (en) 2014-03-20 2019-05-14 Crowdstrike, Inc. Integrity assurance and rebootless updating during runtime
US9798882B2 (en) 2014-06-06 2017-10-24 Crowdstrike, Inc. Real-time model of states of monitored devices
US10339316B2 (en) 2015-07-28 2019-07-02 Crowdstrike, Inc. Integrity assurance through early loading in the boot phase
US10387228B2 (en) 2017-02-21 2019-08-20 Crowdstrike, Inc. Symmetric bridge component for communications between kernel mode and user mode
KR20190001168A (en) * 2017-06-26 2019-01-04 중앙대학교 산학협력단 Method and apparatus for sharing secret key

Also Published As

Publication number Publication date
KR101021708B1 (en) 2011-03-15

Similar Documents

Publication Publication Date Title
KR101299837B1 (en) Trust establishment from forward link only to non-forward link only devices
US7995603B2 (en) Secure digital content delivery system and method over a broadcast network
Juang Efficient multi-server password authenticated key agreement using smart cards
US6256733B1 (en) Access and storage of secure group communication cryptographic keys
CA2624591C (en) Method and apparatus for establishing a security association
Niu et al. An anonymous key agreement protocol based on chaotic maps
KR100967323B1 (en) Method and apparatus for security in a data processing system
KR101078455B1 (en) Key management protocol and authentication system for secure internet protocol rights management architecture
US7424615B1 (en) Mutually authenticated secure key exchange (MASKE)
KR101013427B1 (en) End-to-end protection of media stream encryption keys for voice-over-IP systems
US6941457B1 (en) Establishing a new shared secret key over a broadcast channel for a multicast group based on an old shared secret key
JP5106682B2 (en) Method and apparatus for machine-to-machine communication
EP1835652B1 (en) A method for ensuring the safety of the media-flow in ip multimedia sub-system
US20080144836A1 (en) Distributed encryption authentication methods and systems
US7328343B2 (en) Method and apparatus for hybrid group key management
WO2004071006A1 (en) Broadcast encryption key distribution system
KR20080065633A (en) Constrained cryptographic keys
WO2002033884A2 (en) Method and apparatus for providing a key distribution center
WO2009143765A1 (en) Key distributing method, public key of key distribution centre online updating method and device
US20110235806A1 (en) Key distribution system
JP2004015241A (en) Encryption communication system, terminal apparatus and server therefor, and decoding method
US6987855B1 (en) Operational optimization of a shared secret Diffie-Hellman key exchange among broadcast or multicast groups
US20020106085A1 (en) Security breach management
CN101340443B (en) Session key negotiating method, system and server in communication network
US7848525B2 (en) Hybrid broadcast encryption method

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20140106

Year of fee payment: 4

FPAY Annual fee payment

Payment date: 20150115

Year of fee payment: 5

LAPS Lapse due to unpaid annual fee