Design of new group key management schemes for multiuser Network Protocols from Elliptic Curve Cryptosystem

Submission note: A thesis submitted in total fulfillment of the requirements for the degree of Doctor of Philosophy by creative work to the School of Electronic Engineering, Faculty of Science, Technology and Engineering, La Trobe University, Bundoora.

A group key management scheme allows a set of parties to achieve a shared-secret by communicating over a public transport medium. A reliable and secure shared-key distribution mechanism is the most important building block of constructing any cryptographic channel among a group of communicating parties. The focus of this dissertation is to design a set of efficient key management schemes using the elliptic curve cryptosystem (ECC) which requires significantly smaller key/parameter/message size compared with other public-key cryptosystems. For the purpose of analyzing and proving the security of selected proposed schemes in this thesis, we apply the widely accepted computational complexity approach. Our contribution to the area of group key management schemes is divided into two sections. Firstly, we focus on the offline key distribution system which is typically referred as multi key encapsulation mechanism (mKEM). The mKEM technique is the basic building block of hybrid encryption approach which plays a crucial role in various non-interactive network applications, such as, cloud data storage and online data sharing. Secondly, we concentrate on the interactive group key negotiation technique which is denoted by the group key exchange (GKE) notation. GKE schemes also play a fundamental role in providing security for interactive network applications, such as, digital conferencing. The contributions of this dissertation to the area of mKEM protocols are various. As our main contribution to this area, we propose a novel ECC-based KEM algorithm and its subsequent efficient mKEM construction, and prove them to be secure in the random oracle model. As it is shown, the proposed mKEM scheme is arguably the most efficient mKEM construction in literature to date. As a further contribution, we investigate the possibility of constructing mKEM solutions from existing ECC-based provably secure and widely standardized single-recipient KEM schemes, and propose practical mKEM variants from selected capable schemes. Our further contribution is to the area of group key exchange schemes. We start by enriching the concept of constructing an authenticated group key exchange (GAKE) from mKEM, and propose generic frameworks to address the associated limitations of this approach. We then apply a variant of our proposed mKEM to this model in order to construct a more efficient one-round GAKE scheme, and prove it to be secure in the random oracle model. Finally, we present our novel efficient ECC-based GAKE protocol and show that our scheme achieves significantly better computational efficiency compared to the existing schemes. As a further contribution, we also suggest an efficient solution to convert our GAKE construction into a partially dynamic scheme.