Abstract
Group Key Exchange (GKE) is an important tool to develop secure multi-user applications such as group text messages, ad-hoc networks, and so on. Most of the currently deployed GKE schemes are synchronous, i.e., they require all the participants to be online during their execution. However, with more battery-powered devices being used in such applications, the synchronicity requirement is challenging to fulfill. To fill the gaps, asynchronous GKE schemes have been introduced in the literature. Nevertheless, the currently available asynchronous and synchronous GKE schemes rely on Trusted Third Parties (TTPs) for key establishment and management. To this end, reliance on TTPs is a serious shortcoming since TTPs are well known to be the single point of failure. Furthermore, the existing GKE schemes require participants to perform all computations, which can degrade the performance of resource-constrained devices such as Internet of Things (IoT) devices. To solve these problems, in this paper, we propose an asynchronous GKE scheme that uses blockchain and smart contracts to store the security keys-related material and reduce the computational load of the participants. Furthermore, our proposed scheme provides Perfect Forward Secrecy (PFS) and Post-Compromised Security (PCS). Our implementation on Ethereum shows that the proposed scheme can scale to more than 100 participants when combined with a distributed storage system.
| Original language | English |
|---|---|
| Pages (from-to) | 1-18 |
| Number of pages | 18 |
| Journal | IEEE Transactions on Dependable and Secure Computing |
| Early online date | 12 Jul 2022 |
| DOIs | |
| Publication status | E-pub ahead of print - 12 Jul 2022 |
Bibliographical note
Publisher Copyright:Author
Keywords
- Asynchronous GKE
- Blockchain
- Blockchains
- Electronic mail
- Group Key Exchange (GKE)
- Internet of Things
- Perfect Forward Secrecy (PFS)
- Performance evaluation
- Post-compromised security
- Public key
- Security
- Smart contract
- Smart contracts