Journal of Information Assurance and Security 4 (2009) 60-68 A Conference Key Agreement Protocol for Mobile Environment Mounita Saha Dipanwita Roy Chowdhury Dept. of Computer Science & Engineering, Indian Institute of Technology Kharagpur, INDIA-721302. Email:mounita, drc@cse.iitkgp.ernet.in Abstract: In recent times, the popularity of group oriented applications such as electronic conferences and collaboration works have increased manifold. Security is crucial for such collaborative applications which operate in a dynamic network environment and communicate over insecure networks such as internet. The design of secure conference key establishment protocol is essential to provide security to such group applica- tions. Most security protocols currently available in the liter- ature are not fully applicable to wireless environment involv- ing low power mobile devices. Few protocols that have been proposed for wireless environment also lack important security properties and formal proof. One such important property is truly contributory key agreement that has not been addressed previously. In this work we propose a new conference key agree- ment protocol for mobile environment which addresses the truly contributory property and assures users about their participa- tion in the key computation. The design of the protocol is based on polynomial interpolation. We demonstrate that the protocol is provably secure against active adversaries. The performance analysis of the proposed protocol shows that its well suited for mobile environment. I. Introduction In recent time, there has been a tremendous research interest in different areas of mobile technology. With the reducing price and advanced functionalities, the mobile network is ex- pected to play a major role in the evolution of next generation communication networks. Nowadays the popularity of group oriented applications such as electronic conferences and col- laboration works has increased manifold and these services are also being offered on mobile. However, security in wire- less network is a major challenge as wireless communication has easy vulnerability to eavesdropping and unauthorized ac- cess. Therefore, while deploying new services over mobile wireless network the concerned security issues should be ad- dressed carefully. The first step towards setting up a secure communication is the design of a secure key establishment protocol. There has been a considerable amount of research work on key estab- lishment protocols over past few decades. Received December 19, 2008 The first work on multi-party key agreement protocol was proposed in the classical paper of Ingemarsson et al. [5] which is an extension of the 2 party Diffie-Hellman scheme [17] into multi-party setting. Since then, a number of group key agreement protocols were proposed [18, 8, 7, 1, 6, 2, 16] offering various levels of complexity. However, all these ap- proaches simply assume a passive adversary, or only provide an informal/non-standard security analysis for an active ad- versary. Nonetheless, the works based on traditional communication networks are often not applicable to wireless networks. The mobile communication is more constrained due to the power consumption and bandwidth restrictions. Thus, the multi- round or computationally expensive protocols proposed in the previous works are not exactly suitable for mobile envi- ronment. The first conference key establishment scheme for mobile communication was proposed by Hwang and Yang in [20]. Hwang later published an improved solution in [21] to allow dynamic joining and leaving from the conference. This was shown insecure against eavesdropping and imperson- ation in [22]. Some more works were followed in [23, 24]. However, these works are not based on formal model of se- curity and adversary and lack some security properties like forward secrecy. Research on provably-secure group key agreement in a for- mal security model started when Bresson et al. [13, 15, 12, 14] presented the first group key agreement protocols proven secure in a well-defined security model. The security model extends earlier work of Bellare et al. [3, 4] to the multi-party setting. Katz and Yung [9] have proposed the first constant-round protocol for group key agreement that has been proven se- cure against an active adversary. While the protocol is very efficient in general, this full symmetry negatively impacts the protocol performance in an imbalanced scenario. In [10] Boyd and Nieto have introduced a one-round group key agreement protocol which is provably secure in the random oracle model [3]. This protocol is computationally asym- metric. But unfortunately, this protocol does not consider dynamic changes and does not achieve forward secrecy even if its round complexity is optimal. 1554-1010 $ 03.50 Dynamic Publishers, Inc. 60