Cryptanalysis and Improvement of Group Key Transfer Protocol based on Secret Sharing Priyanka Jaiswal and Sachin Tripathi Department of Computer Science and Engineering Indian school of Mines, Dhanbad, Jharkhand, India jaiswal.priyanka1985@gmail.com, var_1285@yahoo.com Abstract- Group key establishment protocols allow a session (group) key to be shared among group participants in secure way over insecure public networks. In 2013, Olimid proposed an improved version of the group key transfer protocol based on secret sharing, and he claimed that her proposed protocol removes the security flaws of Sun et al.,’s group key transfer protocol. We have gone through the analysis of Olimid’s group key transfer protocol, the analysis shows that the improved Olimid’s protocol is still have some other security flaws and vulnerable to outsider and insider attack. Furthermore, to overcome these attacks, we propose an improved group key transfer protocol using derivative secret sharing. Security analysis of the proposed protocol indicates that our scheme not only achieves intended security goals (e.g., key freshness, key confidentiality etc.), but also withstand outsider and insider attack. Keywords: Group key transfer protocol, secret sharing, confidentiality, authentication. I. INTRODUCTION Group communication is a type of many to many communications, it goes beyond one to one (i. e., unicast) and one to many (i.e. multicast) scenario. In group communication a secret session key is required to share among each other. The group session key is generated by using some communication rules and regulations called as group key establishment protocols. With the increasing development of Internet and network technologies group communication becomes very popular in our daily lives. The two major aspect of secure group communication is confidentiality and authentication. Confidentiality ensures that the transmitted message is only recognizable to intended receiver and authentication guarantees that the communication has been done through an authorized member. According to [1] key establishment protocols divided into: key transfer protocols (also called group key distribution or group key transport) [2-4] and key agreement protocols (also called group key exchange protocol) [5,6].A Key transfer protocol can be subdivided into key transfer protocols with the key generation center (KGC) and key transfer protocol without KGC. In the first type, key transfer protocol depends on a mutually trusted third party called as KGC to select a session key and then distribute the session keys to all the group members secretly. In the second type of key transfer protocol, session keys are generated with the help of group members. The most commonly used key agreement protocol is Diffie- Hellman (DH) key agreement protocol [7]. In Diffie Hellman key agreement protocol, the session key is computed by exchanging public key of two communication parties. However, DH protocol is not suitable for a group such as e-conference, e-learning, e-business etc. which has more than two participants. Therefore, a group (conference) key establishment protocol is needed for group communication. Ingemarsson et al. [8] introduced the first key transfer protocol which generalizes the DH protocol and provide a conference key for group participants. Traditional group key management protocols can be divided into two types: Centralized group key management protocols and distributed group key management protocols. Centralized approach is simple in nature as it involves a single entity (or a small set of entity) to develop and International Journal of Computer Science and Information Security (IJCSIS), Vol. 14, No. 8, August 2016 648 https://sites.google.com/site/ijcsis/ ISSN 1947-5500