Yongdae Kim kyongdae@ics.uci.edu - Adrian Perrig perrig@cs.berkeley.edu - Gene Tsudik gts@ics.uci.edu
Traditionally, research in secure group key agreement focuses on minimizing the computational overhead for cryptographic operations, and minimizing the communication overhead and the number of protocol rounds is of secondary concern.
The dramatic increase in computation power that we witnessed during the past years exposed network delay in WANs as the primary culprit for a negative performance impact on key agreement protocols.
The majority of previously proposed protocols optimize the cryptographic overhead of the protocol. However, high WAN delay negatively impacts their efficiency.
The goal of this work is to construct a new protocol that trades off computation with communication efficiency. We resurrect a key agreement protocol previously proposed by Steer et al. We extend it to handle dynamic groups and network failures such as network partitions and merges. The resulting protocol suite is provably secure against passive adversaries and provides key independence, i.e. a passive adversary who knows any proper subset of group keys cannot discover any other group key not included in the subset. Furthermore, the protocol is simple, fault-tolerant, and well-suited for high-delay wide area network.