Research Article | Open Access
Asynchronous Group Authentication Based on Geometric Approach
Individual authentication in air warfare is used to check whether a single participant is a legal member of the predefined group but not determine all participants at one time. An asynchronous (m, t, n) group authentication protocol is proposed based on multidimensional sphere reconstruction theorem of space analytic geometry without making any computational assumption, where m is the number of participants, t is threshold value, and n is the number of members. The proposed protocol can determine whether all participants belong to the predefined group at one time, which is applicable to batch verification prior to individual authentication. The center’s coordinate of -dimensional sphere is treated as the shared secret and the coordinate of the point on the surface of the sphere, multiplied by a random blind factor, is issued to all members as their tokens. If m participants can reconstruct the shared secret by utilizing their tokens, indicate that there is not any invalid participant, otherwise perform individual authentication. Analyses show the proposed scheme can not only rule out the illegal outsider but also resist up to group member conspiring to forge a valid token for an outsider. In addition, compared with other schemes the proposed scheme is more applicable for air warfare network, with light-weight computation, flexible distribution, and high information rate.
In these days group oriented security become more and more important in air warfare. Take aeronautical communication network for an example, it is composed of various airborne weapons within a large scope by wireless. Airborne platforms share warfare information and interact with each other by aeronautical communication network. In the case the information which includes current position, condition and task, etc., is confidential, each airborne member would rather drop out the network than its confidential information is leaked [1, 2]. Hence every airborne platform should be assured that all members in the network are valid before transmitting confidential information.
Group authentication is one of the most important security services in many kinds of networks. Unlike traditional individual authentication group authentication verifies multiple signatures altogether at once and reduces verification time. Nowadays there are some proposed group authentication schemes which can authenticate all network members at one time. Concerning the basic theory group authentications fall into two categories: based on public key system and not based on public key system. In group authentication based on public key system [3–7], each member makes the individual signature by its private key and delivers its own signature to the aggregator, who is the selected one of group members. After receiving other signatures the aggregator compresses all signatures by the aggregate algorithms. The verifier can process multiple authentications at one time and make the batch verification of the security features, such as the integrity, traceability, and validity of messages. But it always includes complex computation, such as bilinear pairing and exponentiation, which need more computing efforts compared with symmetric cryptographic algorithms [8, 9]. Simultaneously there are also some group authentication schemes which are not based on public key system but some lightweight computation. For example, Harn  proposed a lightweight group authentication mechanism by using a preshared secret  in 2013. In the scheme the group manager is responsible for registering all group members. During registration the group manager uses Shamir’s secret sharing scheme to issue a private token to each group member. Subsequently all users participating in the group shall reconstruct the preshared secret. When reconstruction is successful it proves that nodes of a network must be valid and belong to a group. Otherwise there must be one or more invalid users among the participants and further authentication, such as individual authentication and batch identification, should be executed. Generally the group authentication based on secret reconstruction contains less computation overhead compared with public key based one; hence it is more suitable for airborne platform than public-key-based one when concerning fast and reliable authentication requirement in air warfare.
In Harn’s scheme the notion of t-threshold, m-user and n-group was introduced and 3 schemes based on Shamir’s (t,n)-threshold secret sharing was proposed. In asynchronous (t, m, n) group authentication scheme, k polynomials was used to generate k tokens for each group member and m (m⩾t) participants are allowed to show the tokens asynchronously. Accept while the participants can reconstruct the secret, reject otherwise. The amount of participants must be known as a prior in order to reconstruct the secret, but in air warfare the amount is difficult to be known precisely and even not fixed. It require k polynomials and k is restricted by . So it is not efficient and flexible enough. Based on the Lagrange interpolation theory Li et al.  proposed group authentication in 2016, and there also exists the same problem as Harn’s scheme. Miao et al.  developed the group authentication based on Chinese Residue Theorem, but it is one-time authentication since the secret is no longer a secret once it has been recovered. Ji et al.  suggested another asynchronous (t, m, n) group authentication scheme based on threshold secret sharing theory in 2016. Before authentication it is assumed that every member has a predistributed randomized component (RC for short) which ensures that all the member’s tokens are correlative, but a new token could not be deduced by coalition attacks. Nevertheless it is hard to meet that the amount of participants is a prerequisite knowledge for group authentication. He et al.  improved Ji’s scheme and proposed another (t, m, n) group authentication scheme in which invalid members could be identified if group authentication fails. In He’s scheme one trusted center; i.e., authentication server which is responsible for identification of bad member is needed. But it is hard to deploy a fixed and trusted center in air warfare.
Considering the characteristics of air warfare we give the asynchronous group authentication scheme which is applicable to the decentralized and asynchronous communication environment based on secret sharing theory. Meanwhile networking frequently in air warfare requires that the secret can be reused in our scheme. The remainder of this paper is organized as follows. In Section 2, we introduce the system model, authentication procedure and hypothesis of this scheme. In Section 3 we propose our asynchronous group authentication scheme based on geometric approach, followed by its security proof and performance analysis in Sections 4 and 5, respectively. In the end we draw our conclusion in Section 6.
2. Model and Hypothesis
In this section we formalize the system model and identify authentication procedure.
2.1. System Model
In terms of group authentication there are 4 types of entities in proposed scheme, the group manager (GM for short), group members, cluster header and some adversaries, as shown in Figure 1.
(a)GM: It is the coordinator of the scheme, which is trusted by all group members and responsible for the setup and distributing a secret share to each member by predeployed secure channel. Generally ground-based command site plays the role of GM and is assumed that it is not easy to be assaulted.
(b)Group members: All of the members possess the valid token. Group members belong to a predefined group and obtain the subsecret from GM in advance. The token which derives from the subsecret is deemed as the certificate of group member.
(c)Cluster Header: It is one of the group members who verify the tokens.
(d)Adversaries: There are 2 types of adversaries described as follows, including Insiders and Outsiders.
2.1.2. Adversary Model
In complicated air electromagnetic environment the network participants could be the members who have a valid token, or others who have no valid token. So there are 2 types of adversaries.
(a)Insiders: An insider is a legal member who obtains a valid token from GM but may band with other participants to forge a valid token for an illegal participant. It is assumed that there exist at most insiders in our scheme.
(b)Outsiders: An outsider does not belong to the predefined group and does not have a valid token. During networking authentication an outsider may eavesdrop information exchanged within group members, likely derive a valid token, and pretend to be a legal group member.
2.2. Authentication Procedure
Group authentication consists of three steps, i.e. setup, the generation of token and batch verification.
(a)Setup: GM generates some system parameters, selects a proper secret value S, and makes the shadow of S such as the hash value of S, publicly known.
(b)Generation of tokens: GM computes the subsecret and token for each group member, denoted as , and distributes them to each group member securely.
(c)Batch verification: all participants show their tokens, then reconstruct a secret and compare the hash value of with the one of S, and thus verify whether all participants are legal simultaneously.
3. Our Scheme Based on Geometric Approach
We propose a group authentication scheme based on the threshold secret sharing theory. Geometric theory brings inspiration and productivity to the secret sharing scheme. Blakley  proposed a threshold secret sharing scheme based on projective geometry theory early in 1979. Later, some literatures suggest the similar schemes based on analytical geometric theory sequentially. Our proposed scheme is based on multidimensional sphere reconstruction theory. Next we reveal and examine the theorem that four points determinate a sphere and give our group authentication scheme, followed by analysis of correctness.
3.1. Multi-Dimensional Sphere Reconstruction Theory
Every three triangle vertexes can determine a circle in a plane. And the center of the circle is the outside center of the triangle. Namely, every three points that do not lie on a straight line can determine a circle in a plane. Let , and be the coordinators of three triangle vertexes. Suppose that the equation of circle is
Now let us substitute its coordinates into (1) and then get
Simplify (2) further to where , , , , , , and thus
Choose a point of the plane and a random number r as the center and the radius of the circle respectively. The point of the plane is considered as the secret to be shared. Select n points of the circle arbitrarily and distribute the coordinates of n points to n users as the subsecrets of them, respectively. Therefore, it is a threshold secret sharing scheme; at least 3 users show the subsecrets synchronously and reconstruct the circle and the secret is recovered.
When the reconstruction theory of three-dimensional circle is extended to -dimensional space, arbitrary points that do not lie on the same -dimensional space could determine the sphere of -dimensional space. The equation of the sphere is denoted aswhere .
Similarly, the center of sphere is deemed as the secret to be shared. Select n points of the circle arbitrarily and distribute the coordinates of n points to n users as the subsecrets of them, respectively. Therefore, it is a threshold secret sharing scheme; at least t users show the subsecrets synchronously and reconstruct the circle, and the secret is recovered.
Theorem 2 (see ). If there is an odd prime , such that , any integer could be expressed as a modulo sum of square of k integers; i.e., while and are known, there is a solution for .
3.2. Asynchronous Group Authentication
The asynchronous group authentication contains three steps: setup, generation of tokens and batch verification, as shown in Figure 2.
(1)Setup. GM chooses an odd prime , secret vertex , and . Compute
Let be the equation of sphere in (t-1)-dimensional space.
(2)Generation of Tokens. (i)GM runs the algorithm described in Table 1 and generates , where , for each user .
(ii)Choose a random integer , and then compute
is regarded as token and distributed to , .
(3)Batch Verification. While participants show tokens , , each participant collects all the tokens and computes
where is substituted by , . If all is true for , then all participants are legal; otherwise there is at least one illegal participant, identifying the illegal participants is next to do.
3.3. Analysis of Correctness
Lemma Linear equations
have a solution if and only if
Proof. If the system of linear equations (13) has a solution, thus the rank of its coefficient matrix C equals the one of augmented matrix A, wherei.e., Rank(C)=Rank(A).
Since Rank(A), Rank(C) . So , (14) is true.
Moreover, if (14) is true, i.e., column vectors are linear dependent, could be expressed as linear combination of …; i.e., (13) have a solution.
Theorem 3. If t vector , , is linear independent in -dimensional space, then the equation of sphere that the t vectors determine is
Proof. Suppose that (5) is the sphere equation to be determined. Since , , lie on the sphere, then , . After variable substitution (5) is transformed into . While and are regarded as the unknown variables, thus Equations (17) have a solution if and only if the determinant (16) is true by referring to Lemma, so the equation of the sphere that , , lie on is (16).
According to the characteristics of determinant (16) takes on the following form: Namely,When , , lie on the sphere , (17) is true.
4. Security Analyses
As mentioned previously, there exist two attacks against group authentication. One is from Insider, the other is from Outsider. In our scheme some Insiders attempt to reconstruct the predefined secret successfully by using their own tokens, thus they may generate a new token for an invalid member. However, it is impossible for some Insiders to derive the secret from their own tokens according to sphere reconstruction theory, and so the scheme is secure even if some legal members are compromised; see the following Theorem 4 for details. On the other hand, an Outsider may intercept a valid token by eavesdropping on the private channel successfully. It is also impossible for an Outsider to replay the used token since blind factor is changed frequently, for details see Theorem 5.
4.1. Coalition Attack Resistance
Assume that less than legal members may attack the scheme together as previous hypothesis. But there exist members who are likely to attack jointly and try to reconstruct the shared secret. It is out of the question to reconstruct a predefined sphere in dimensional space by using points on the sphere, so the coalition attack is ineffective by members correspondingly.
Theorem 4. Less than legal members cannot get the secret , i.e., the center’s coordinate of dimensional sphere.
Proof. Let participants’ tokens be , where , , r is a random number which plays the role of blinding . The attacker could not derive from unless the large integer factorization problem is feasible to be solved. Additionally vectors are insufficient to determine the -dimensional sphere. The proof is by contradiction. Suppose it is true that vectors are enough to determine the -dimensional sphere. Without lose of generality, let the vectors be denoted as determining a sphere . Besides pick other two points and which are not on the sphere . Due to Theorem 1, by , and , another sphere, called as , is determined. Clearly , since and , but and . Consequently by two different spheres are determined. If it did, it would be in contradiction with the above supposition of uniquely determining a sphere of -dimension. Therefore the sphere is not recovered by less than legal members, nor is the secret correspondingly.
4.2. Replay Attack Resistance
After legal participants showing the invalid tokens asynchronously, the Outsider may acquire the token which is to be reused illegally next. In our scheme blind factor concealing the token is beneficial to resist against the replay attack.
Theorem 5. An Outsider cannot pass the group authentication by reusing the other token.
Proof. Assume that ’s token is leaked of the participants, (). ’s token is denoted as which is to be replayed. But GM has updated all online tokens before next group authentication, so all tokens become , . The replay attacker fakes by reusing in a new authentication protocol. After substituting these values into determinant (16), we getThere is any common factor in each row and column of determinant (20), so equation (16) is different from equation (20). The probability that is , where is an odd prime, while →, →0. Consequently the probability that the reused token passes the new authentication is negligible.
5. Performance Comparison and Analysis
The network environment in air warfare is complicated. Besides security requirement, efficiency is necessary for any group oriented authentication. The air tactical network has their inherent characteristics, such as high speed of aircrafts, poor stability of network topology, unpredictable discontinuity of communication link etc., which pose challenges for authentication. Considering these requirements our scheme has four contributions. Firstly our scheme can determine if there is any invalid participant in network by computing determinant (12) once, whose complexity is . Secondly all participants are allowed to show their tokens asynchronously since blind factor hides the token. Thirdly GM serves for system setup and secret issuing, not online server. Any participant may act as the verifier since the network is deployed by distributed mode. Fourthly in the proposed scheme tokens generated by the GM initially can be used only to determine whether all participants are legal members, not to recover the secret. So the same secret can be employed for multiple authentications. In addition, any open token will not compromise the secrecy of uncovered secrets. Besides feasible practicability the proposed scheme provides some gains in efficiency, as batch verification of multiple participants is significantly faster than individual authentication, i.e.,“one-by-one” verification. The following is for details comparing with other authentication schemes.
5.1. Comparison with Individual Authentication
Individual authentication means that every two participants verify each other and any participant need verify other participants. Assume that 5 communications is necessary in each individual authentication, and it costs communications for m participants to finish individual authentications mutually. However, it costs only 2m communications for m participants to finish group authentication. One is for showing the token and the other is for issuing the decision. In terms of computation overhead our proposed group authentication scheme outperforms previously individual authentication. Individual authentication demands any participant to verify each of other participants, so the complexity is , but our proposed group authentication scheme demands only one batch verification so as to determine whether there is any invalid participant. The complexity is .
5.2. Comparison with Other Group Authentication
Our scheme is based on multidimensional sphere reconstruction theory instead of any mathematical hard problem. The computation overhead in our scheme is more lightweight, which contains neither bilinear pairing computation nor exponentiation, comparing with batch verification based on public key algorithm. Obviously our scheme mainly includes the calculation of high-order determinants which is associated with the number of participants. Concerning the efficiency of calculation Wiedemann  gave a probabilistic method whose complexity is for the calculation of order determinant, where represents the total of computation in Galios field. When participants join the group authentication, the computation of determinants is demanded, so the complexity of our proposed scheme is .
By contrast with other group authentication schemes based on the secret sharing theory our scheme shows better efficiency, parallelization and accuracy, as shown in Table 2. Harn’s scheme made use of k different polynomials of degree to generate k tokens, the secret is magnified by k times and the information rate is , where S is the secret and K is the total of secret share. Besides the threshold t is restricted by the number of polynomials and the total of members, i.e., in order to guarantee the security. For instance, if there are 1000 members and Harn’s scheme uses polynomials of degree 2 to generate tokens, at least 500 polynomials are demanded, which means that each member hold at least 500 shares as the token, thus the scheme is too inefficient. Miao’s scheme hide the secret shares by using blind factors which guarantee the asynchronism of token-showing, but the secret is not reused to next authentication once it is recovered. He’s scheme consists of unified authentication, which ensure that there are not any invalid member of participants, and single authentication, which run individual verifications one by one when unified authentication fails. But a permanent online sever is required in He’s scheme which does not apply to the de-centralized air warfare.
6. Conclusions and Future Work
We propose an asynchronous group authentication scheme based on space analytic geometry, which verifies if all participants belong to a predefined group at one time. Our scheme does depend on not any mathematical hard problem, but sphere reconstruction theorem of multidimension space. Each member has a unique share obtained from GM as the token. The token is a hidden coordinate, multiplied by a blind factor, of a point on dimensional sphere, the center of which is the shared secret. While more than t participants show their tokens, we determine if participants are legal by verifying whether the shown token is on the dimensional sphere. Analyses indicate that the proposed scheme can rule out fake outsider attackers and resist against coalition of insider attackers. In addition, compared with other schemes the proposed scheme is more applicable for air warfare network, with light-weight computation, flexible distribution, and high information rate.
The proposed scheme actually puts forward a general method to construct an asynchronous group authentication scheme based on space analytic geometry. The participants pass the group authentication if and only if everyone’s token is valid. In our future work, we are about to address the problem of finding invalid efficiently when batch verification fails.
The data used to support the findings of this study are included within the article.
Conflicts of Interest
The authors declare that there are no conflicts of interest regarding the publication of this paper.
The authors acknowledge the support of the National Natural Science Foundation of China (nos. 61401499, 61174162).
- Y. X. Liang, G. Cheng, X. J. Guo et al., “Research progress on architecture and protocol stack of the airborne network,” Journal of Software, vol. 27, no. 1, pp. 96–111, 2016.
- Y. Yu and NE Academy, “Research Progress of U.S. Military Forces’ Battlefield Airborne Communication Node,” Telecommunication Engineering, vol. 54, no. 6, pp. 56–63, 2014.
- C. Gentry and Z. Ramzan, “Identity-Based Aggregate Signatures,” in Proceedings of the International Conference on Theory and Practice of Public-Key Cryptography, pp. 257–273, Springer-Verlag, 2006.
- L. Shen, J. Ma, X. Liu, F. Wei, and M. Miao, “A Secure and Efficient ID-Based Aggregate Signature Scheme for Wireless Sensor Networks,” IEEE Internet of Things Journal, vol. 4, no. 2, pp. 546–554, 2017.
- T. Iwasaki, N. Yanai, M. Inamura, and K. Iwamura, “Tightly-secure identity-based structured aggregate signature scheme under the computational diffie-hellman assumption,” in Proceedings of the 30th IEEE International Conference on Advanced Information Networking and Applications, AINA 2016, pp. 669–676, Crans-Montana, Switzerland, March 2016.
- H. Chen, S. M. Wei, C. J. Zhu, and Y. Yang, “Secure certificateless aggregate signature scheme,” Journal of Software, vol. 26, no. 5, pp. 1173–1180, 2015.
- Y. P. Li, H. H. Nie, Y. W. Zhou et al., “A novel and provably secure certificateless aggregate signature scheme,” Journal of Cryptologic Research, vol. 2, no. 6, pp. 526–535, 2015.
- D. Boneh, C. Gentry, B. Lynn, and H. Shacham, “Aggregate and verifiably encrypted signatures from bilinear maps,” in Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques, pp. 416–432, Springer, Berlin, Heidelberg, 2003.
- T. Yang, L. Kong, J. Hu et al., “Survey on aggregate signature and its applications,” Journal of Computer Research and Development, vol. 49, no. s2, pp. 192–199, 2012.
- L. Harn, “Group authentication,” IEEE Transactions on Computers, vol. 62, no. 9, pp. 1893–1898, 2013.
- L. Pang, Research on Secret Sharing Technology And Its Application, Xidian University, Xi’an, China, 2006.
- F. Miao, H. Jiang, Y. Ji, and Y. Xiong, “Asynchronous group authentication,” Journal of Electronics, vol. 26, no. 4, pp. 820–826, 2017.
- X. He, F. Miao, and L. Fang, “(t,m,n)-AS Group Authentication Scheme Based on Secret Sharing,” Computer Engineering, vol. 43, no. 3, pp. 1–6, 2017.
- S. Li, I. Doh, and K. Chae, “A group authentication scheme based on lagrange interpolation polynomial,” in Proceedings of the 10th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing, IMIS 2016, pp. 386–391, IEEE, Japan, July 2016.
- Y. Ji, F. Miao, and H. Jiang, “Simple asynchronous (t-m-n) group authentication,” Computer Engineering and Applications, vol. 52, no. 15, pp. 8–12, 2016.
- G. R. Blakley, “Safeguarding cryptographic keys,” in Proceedings of the AFIPS National Computer Conference (NCC '79), pp. 313–317, IEEE Computer Society, 1979.
- L. Ge and S. Tang, “Sharing multi-secret based on circle properties,” in Proceedings of the 2008 International Conference on Computational Intelligence and Security, CIS 2008, pp. 340–344, IEEE Computer Society, China, December 2008.
- Z. Ke and Q. Sun, Number Theory[M], pp. 109-110, High education press, Beijing, China, 2005.
- D. H. Wiedemann, “Solving sparse linear equations over finite fields,” Institute of Electrical and Electronics Engineers Transactions on Information Theory, vol. 32, no. 1, pp. 54–62, 1986.
Copyright © 2018 Hong Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.