Extended Group Key Transfer Protocol for Authentication Using DES based on Secret Sharing in Cloud

International Journal of Emerging Technology and Advanced Engineering

541

Extended Group Key Transfer Protocol for Authentication

Using DES based on Secret Sharing in

Cloud

Yamini Indla

, M. Sampath Kumar

Department of Computer Science & Systems Engineering, Andhra University College of Engineering (A) Andhra University, Visakhapatnam, Andhra Pradesh, India.

Abstract— The Key establishment protocol also needs to provide security, confidentiality, authentication and integrity for session keys to be sent messages to any system in network. There are two types of key establishment protocols one is key transfer protocol and other one is key agreement protocol. Key transfer protocol rely on a mutually trusted key generation center (KGC) to select session keys and transport session keys to all communication entities secretly. Most often, KGC encrypts session keys under another secret key shared with each entity during registration. A secret sharing scheme is a method which distributes shares of a secret to a set of participants in such a way that only specified groups of participants can reconstruct the secret by poling they share. So, this paper proposes a security in terms of data encryption Standard (DES) and digital signature (DSA) to send the files secretly in between the groups. Secret sharing schemes have natural applications in access control and cryptographic key initialization. Data is encrypted with DES by using a secret key, the encrypted data is send to the particular group entities and KGC is shared between the sender and receiver. The received data is decrypted using the KGC, but unauthorized users cannot recover the group key. To provide a flexible, on-demand, and dynamically scalable computing infrastructure for many applications the best solution is cloud computing. In case of private cloud environment access is limited to a group of users or an organization. Even though there are many aspects in cloud environment. The data security, confidentiality and privacy plays a major role in cloud deployment model will be analyzed in detail.

Key terms - Group Key transfer protocol, session key, secret sharing, confidentiality, authentication.

I. INTRODUCTION

Security is concerned with the ability of a system to prevent unauthorized access to information or services. Traditionally, security issues have been associated with large databases. Confidentiality, Integrity and Authenticity are three fundamental objectives of security. Though these objectives seem simple, the foolproof implementation is highly complex.

Authentication and access control techniques are used to provide confidentiality. Data encryption is often used to provide Integrity.

Many group-oriented applications require

communication confidentiality, meaning that the

communication data among a group of authorized members are secure and inaccessible to group outsiders. Examples of these applications include secure chat- rooms, business conferencing systems, file sharing tools, programmable router communication and network games in strategy planning. To offer data privacy, an effective approach is to require all group members to establish a common secret group key, which is held only by group members, but not outsiders, for encrypting he transmitted data. The following group members will maintain the cloud computing. In order to provide access control in a flexible manner to the users based on their user identity and past interaction histories the user is authenticated .At the same time confidentiality of the user must be maintained and interoperability across the multiple business domains can be achieved and minimizing the method of identity verification. In a group KGC can generates the separate key to particular user in a group.

In most secure communication, the following security functions are commonly considered:

 Message confidentiality: Information in computer transmitted information is accessible only for reading by authorized persons.

 Message authentication: Origin of message is correctly identified with an assurance that identity is not false.

International Journal of Emerging Technology and Advanced Engineering

542 To provide these functions, one-time session keys need to be shared among communication entities to encrypt and

authenticate messages. Thus, before exchanging

communication messages, a key establishment protocol needs to distribute one-time secret session keys to all participating entities. The key establishment protocol also needs to provide confidentiality and authentication for session keys. According to [5], there are two types of key establishment protocols: key transfer protocols and key agreement protocols. Key transfer protocols rely on a mutually trusted key generation center (KGC) to select session keys and then transport session keys to all communication entities secretly. Most often, KGC encrypts session keys under another secret key shared with each entity during registration. In key agreement protocols, all communication entities are involved to determine session keys. The most commonly used key agreement protocol is Diffie-Hellman (DH) key agreement protocol [12]. In DH protocol, the session key is determined by exchanging public keys of two communication entities. Since the public key itself does not provide any authentication, a digital signature can be attached to the public key to provide authentication. However, DH public key distribution algorithm can only provide session key for two entities; not for a group more than two members.

When a secure communication involves more than two entities, a group key is needed for all group members. Most well-known group key management protocols can be classified into two categories:

 Centralized group key management protocols: A

group key generation center is engaged in managing the entire group.

 Distributed group key management protocols: there

is no explicit group key distribution center, and each group member can contribute to the key generation and distribution.

The class of centralized group key management protocols is the most widely used group key management protocols. Harney et al. [15] proposed a group key management protocol that requires O(n), where n is the size of group, encryptions to update a group key when a user is evicted or added if backward and forward secrecy are required. A set of scalable hierarchical structure-based group key protocols [10], [22], [27] have been proposed.

Fiat and Naor [14] proposed a k-resistant protocol, i.e., coalitions of up to k users are secure, with each user storing

O(k log k log n) keys and the server broadcasting O(k2 log2

k log n) messages per rekeying. Eltoweissy et al. [13] proposed a protocol based on Exclusion Basis Systems (EBS), a combinatorial formulation of the group key management problem, which allows protocol user to trade-off between the number of keys needed to be stored and the number of messages needed to be transmitted for each key update with no counter collusion solution provided.

Most distributed group key management protocol took natural generalization of the DH Key agreement protocol. This feature of the Group digital signature made it as the part of many security applications [1].J. Camelish and M. Stadler who published the first Group digital signature scheme with constant sized group public key and group signature as a asymmetric crypto system [2]. The theoretical foundations from M.Bellare, D.Miccianico and B.Warinschi group digital signature developed itself with the group scheme variant from change in which he let the user of the group to sign the message to form a partial signature and the procedure combine to form a signature for the user by the group as in the method of threshold crypto system.

Later Shamir lifted the method of digital signature through his concept of ID based crypto system which is based on the certificate that lead to the simplification of key management procedures in Public Key Infrastructure (PKI).As a turning point S. Park, S. Kim and D. Won join hands and combined stalder's the root verification encryption and shoemakers method and proposed first Id based Group digital signature scheme. Likewise being an entry level technique here used the concept of key generation center with DH algorithm and strong Data Encryption Standard algorithm to generate keys and for signing in a simple and secured manner. This paper also includes the technique of encryption for data security and signature for authentication.

When large numbers of groups are there in an

organization to provide a flexible, on-demand, and

International Journal of Emerging Technology and Advanced Engineering

543 Cloud computing is the delivery of computing as a service rather than a product, whereby shared resources, software, and information are provided to computers and other devices as a metered service over a network (typically the Internet).Cloud computing provides computation, software, data access, and storage resources without requiring cloud users to know the location and other details of the computing infrastructure. End users access cloud

based applications through a webbrowser or a light weight

desktop or mobileapp while the business software and data

are stored on servers at a remote location. Cloud application providers strive to give the same or better service and performance as if the software programs were installed locally on end-user computers.

At the foundation of cloud computing is the broader concept of infrastructure convergence (or Converged

Infrastructure) and shared This type of data centre

environment allows enterprises to get their applications up and running faster, with easier manageability and less maintenance, and enables IT to more rapidly adjust IT resources (such as servers, storage, and networking) to meet fluctuating and unpredictable business demand .The underlying concept of cloud computing dates back to the

1960s, when JohnMcCarthy opined that "computation may

someday be organized as a public utility." Almost all the modern-day characteristics of cloud computing (elastic provision, provided as a utility, online, illusion of infinite supply), the comparison to the electricity industry and the use of public, private, government, and community forms,

were thoroughly explored in Douglas Parkhill's 1966

book, The Challenge of the Computer Utility. Other

scholars have shown that cloud computing's roots go all the way back to the 1950s when scientist Herb Grosch (the author of Grosch's law) postulated that the entire world would operate on dumb terminals powered by about 15

large data centers[24].

Cloud computing exhibits the following key

characteristics are Empowerment, Agility, Application programming interface (API) ,Cost, Device and location

independence, Virtualization ,tenancy, Reliability,

Scalability and Elasticity, Performance, Security,

Maintainance.In Cloud computing we concentrates security when encrypts the data while sending the file.

 Security: Security is often as good as or better than other traditional systems, in part because providers are able to devote resources to solving security issues that many customers cannot afford. However, the complexity of security is greatly increased when data is distributed over a wider area or greater number of

devices and in multi-tenant systems that are being shared by unrelated users. In addition, user access to security audit logs may be difficult or impossible. Private cloud installations are in part motivated by users' desire to retain control over the infrastructure and avoid losing control of information security.

Diffie-Hellman (DH) protocol is a famous key agreement protocol, it uses a session key which is created by exchanging public key between the communicating entities. Digital signature is used for authentication. Bresson et al [3] generated a group key for authentication using DH. Katz and yung [4] proposed first constant round group key protocol based on DH which is secure for standard models. Tzeng [5] proposed a distributed group key based on DH and discrete logarithm (DL). Cheng and Laih [6] modified the Tzeng‟s protocol by bilinear pairing. Huang et al [7] used non interactive protocol based on DL to improve the Tzeng‟s protocol. Secret sharing schemes were introduced by Blakley [8] and Shamir [9] to safeguard cryptographic keys. In recent work of Harn and Lin [10], one finds a protocol which is authenticated group key which based on secret sharing. They considered earlier centralized group distribution and distributed group management.

1.1Unique Features

 Each user needs to register at KGC to subscribe the

group key transfer service and to establish a secret with KGC. Thus, a secure channel is needed initially to share this secret with each user. Later, KGC transport the group key and interact with all group members in a broadcast channel.

 The confidentiality of group key distribution is

information theoretically secure; that is, the security of this transfer of group key to each group member does not depend on any computational assumption.

 The authentication of the group key is achieved by

broadcasting a single authentication message to all group members.

 The Security could improve due to centralization of

data, increased security-focused resources, etc., but concerns can persist about loss of control over certain sensitive data, and the lack of security for stored kernels.

 Maintenance of cloud computing applications is

International Journal of Emerging Technology and Advanced Engineering

544 The rest of this paper is organized as follows: In the next section, it provides some preliminaries. In Section 3, it describes our main objective. In Section 4, we propose our authenticated group key transfer protocol. We analyze the security of our proposed protocol in Section 5. We conclude in Section 6.

II. PRELIMINARIES

In this section, we introduce some fundamental backgrounds.

Based on Shamir‟s [10], the Lagrange interpolating polynomial, there are n shareholders u ={u1 , ……. un} and a mutually trusted dealer D. The scheme consists of three algorithms

1. Share generation algorithm: Dealer D does the following:

 Dealer D first picks a polynomial f(x) of degree (t-1)

randomly: F(x) =a+a1x+……+at-1x

t-1

, in which the

secret s=a0=f(0) and all coefficients a0,a1,….,at-1 are in

a finite field Fp=GF(p) with p elements.

 D computes all shares: si= f(i)(mod p) for i=1,…n.

 Then D outputs a list o f n shares (s1, s2,…., sn ) and

distributes each share si, to corresponding shareholder

pi privately.

2. Secret reconstruction algorithm: This algorithm takes any t shares (si1 , . . . ,sit ) as input, it can reconstruct the

secret s as

Where A = {i1,….,it} {1,2,…..n}, βi for i € A are

Lagrange coefficients.

The above scheme satisfies the basic security requirements of secret sharing scheme as follows: 1) With knowledge of any t or more than t shares, it can reconstruct the secret s easily; and 2) with knowledge of fewer than (t 1) shares, it cannot reconstruct the secret s. Shamir‟s scheme is information theoretically secure since the scheme satisfies these two requirements without making any computational assumption. For more information on this scheme, readers can refer to the original paper [26].

In Shamir‟s (t, n)-SS, the secret of each shareholder is just the y-coordinate of f(x) and the x-coordinate is made publicly known. However, in our proposed group key transfer protocol, for security reason, we need to keep both x-coordinate and y-coordinate as each user‟s secret. Furthermore, in Shamir‟s (t, n)-SS, the modulus p used for all computations is a prime number. In our proposed protocol, to prevent insider attack as we will explain this later, the modulus n used for computations is a composite integer. We should point out that finding a modular inverse is needed in secret reconstruction process. We can use Euclid‟s extended algorithm [30] to compute modular inverse without factoring the composite modulus n.

3. Data Encryption Standard (DES): The Data Encryption Standard (DES) has been in use worldwide as a standard for more than a decade. DES uses an algorithm to encrypt and decrypt blocks of data consisting of 64 bits using a 64-bit key. The same key used for both The encryption and decryption processes. One benefit of this algorithm is that the same process can be used for both encryption and decryption (with the exception of the key, which must be used in reverse order for decryption). The algorithm also has the advantage that it only uses logical operations resulting in a fast process whether implemented in hardware or software. An ongoing debate has been exactly how secure is DES? There has been much suspicion that when NSA got involved, a "trap door" was inserted so they could decrypt any DES encrypted messages. A unclassified report cleared the suspicion of any improper manipulation of the algorithm. Debate also surrounds the issue of the DES key length. Also one known weakness in DES surrounds the selection of the initial key.

Data Encryption Standard Algorithm:

Input: plaintext m1 . . . m64; 64-bit key K=k1 . . . k64 (includes 8 parity bits).

Output: 64-bit cipher text block C=c1 . . .c64.

1. (Key schedule) Compute sixteen 48-bit round keys Ki,

from K.

2. (L0, R0) IP (m1, m2,. . .m64) (Use IP Table to

permute bits; split the result into left and right 32-bit halves L0=m58m50 . . . m8, R0=m57m49 . . . m7)

3. (16 rounds) for i from 1 to 16, compute Li and Ri as

follows:

3.1. Li=Ri-1

3.2. Ri = Li-1 XOR f (R i-1, Ki)

where f (Ri-1, Ki) = P(S(E(Ri-1) XOR Ki)), computed as

International Journal of Emerging Technology and Advanced Engineering

545 (a) Expand Ri-1 = r1r2 . . . r32 from 32 to 48 bits, T E (Ri-1).

(b) T ' T XOR Ki. Represent T ' as eight 6-bit character strings: T '= (B1 . . . B8).

(c)T '' (S1 (B1), S2 (B2) . . . S8 (B8)). Here Si(Bi) maps to the 4-bit entry in row r and column c of Si

(d)T''' P(T''). (Use P per table to permute the 32 bits of T''=t1t2 . . . t32, yielding t16t7 . . . t25.)

4. b1,b2 . . . b64 (R16, L16). (Exchange final blocks

L16, R16.)

5. C IP-1 (b1,b2 . . . b64).

6. End.

Definition 1 (Factoring Problem). Let us choose two large

safe primes p and q (i.e., primes such that p‟= p-1/2 and

q‟=q-1/2 are also primes) and compute n = pq. n is made

publicly known. Factoring problem is defined to compute factors p and q such that n = pq.

Definition 2 (Factoring Assumption): It is computationally intractable to solve the Factoring Problem.

III. OBJECTIVE

In this section, we first describe the model of our group key transfer protocol. Then, we present the security goals for our group transfer protocol.

3.1 Model

Group key transfer protocol relies on one trusted entity, KGC, to choose the key, which is then transported to each member involved. Each user is required to register at KGC for subscribing the key distribution service. The KGC keeps tracking all registered users and removing any unsubscribed users. During registration, KGC shares a secret with each user. In most key transfer protocol, KGC encrypts the randomly selected group key under the secret shared with each user during registration and sends the cipher text to each group member separately. An authenticated message checksum is attached with the cipher text to provide group key authenticity. In this approach, the confidentiality of group key is ensured using any encryption algorithm which is computationally secure. Our protocol uses secret sharing scheme to replace the encryption algorithm. A broadcast message is sent to all group members at once. The confidentiality of group key is information theoretically secure.

In addition, the authentication of broadcasting message can be provided as a group authentication. The data is encrypted with the public key . Then an attachment that consists of signed member id and message digest is sent the group user verifies the signature with the signature with the group‟s public key and then removes the attachment. The particular group again makes an attachment which consists of the signed secret group id and the encrypted member‟s data. The set is now sent to the cloud provider. The cloud provider decrypts the signature with the group‟s public key to find out the genuine group members and stores the data in the cloud. This feature provides efficiency of our proposed protocol.

3.2 Goals

The main security goals for our group key transfer protocol are:

1) Key Freshness 2) Key Confidentiality 3) Key Authentication 4) Key Encrypt/Decrypt 5) Cloud Computing

Key freshness is to ensure that a group key has never been used before. Thus, a compromised group key cannot cause any further damage of group communication. Key confidentiality is to protect the group key such that it can only be recovered by authorized group members; but not by any un-authorized user. Key authentication is to provide assurance to authorized group members that the group key is distributed by KGC; but not by an attacker.

International Journal of Emerging Technology and Advanced Engineering

546 When large number of users in group or multiple groups so cloud computing uses, then it reduces the user identify and key generation time to a particular group.

IV. OUR PROPOSED PROTOCOL

The authenticated group key transfer protocol consists of five processes:

 Initialization of KGC

 User registration

 Group key generation and distribution

 DES to encrypt/decrypt files

 Private cloud

Initialization of KGC: The KGC randomly chooses two

safe primes p and q (i.e., primes such that p' = (P-1)/2 and

q' = (Q-1)/2 are also primes) and compute n = pq. n is

made publicly known.

Fig 1: Initialization of KGC

User Registration:Each user is required to register at KGC for subscribing the key distribution service. The KGC keeps tracking all registered users and removing any unsubscribed users. During registration, KGC shares a

secret, (xi yi) with each user Ut, where xi,yi €Zn.

Fig 2: User Registration

Group key generation and distribution: Upon receiving a group key generation request from any user, KGC needs to randomly selects a group key and access all shared secrets with group members .KGC needs to distribute this group key to all group members in a secure and authenticated manner. All communication between KGC and group members are in a broadcast channel.

For example we assume that a group consists of t members {U1, U2,..., Utg} and shared secrets are (xi,yi), for i = i,... ,t. The key generation and distribution process contains five steps

• Step 1. The initiator sends a key generation request to KGC with a list of group members as {U1,U2,..., Utg}. • Step 2. KGC broadcasts the list of all participating members {U1, U2,..., U tg} as response.

• Step 3. Each participating group member needs to send

a random challenge Ri 2 Zi, to KGC.

• Step 4 KGC randomly selects a group key, k, and

generates an interpolated polynomial f (x) with degree t to

pass through (t + 1) points, (0, k) and (xi, yi ffiRi) , for i =

1,... ,t. KGC also computes t additional points, P i, for i =

1,... ,t, on f (x) and Auth = h(k, U1,..., Ut,R2,..., Rt, P1,

...,Pt), where h is a one-way hash function. All computations on f(x) are over Zr KGC broadcasts {Auth,Pig, for i = 1,... ,t} to all group members. All computations are performed in Zn.

• Step 5. For each group member, Ui, knowing the shared

secret, (xi, yi ffi Ri), and t additional public points, Pi,for i

= 1,..., t, on f (x), is able to compute the polynomial f (x)

and recover the group key k = f (0).Then, Ui computes

h(k,U1, ...,Ut,R1, ...,Rt,P1, ...,Pt) and checks whether this hash value is identical to Auth. If these two values are identical, Ui authenticates the group key is sent from KGC. In Fig. 1, we illustrate this group key transfer protocol for a

group containing three members, A, B, and C.

Fig 3: Key Generation and Distribution

DES to encrypt/decrypt files: The design of any encryption algorithm must be security against unauthorized attacks.

International Journal of Emerging Technology and Advanced Engineering

547

Performance and security level is the main

characteristics that differentiate one encryption algorithm from another. Here introduces a new method to enhance the performance of the Data Encryption Standard (DES) algorithm is introduced here.

Step1: Each user is already registered at KGC then KGC generates the own key to particular user in a group.

Step 2: Each group member knows the shared secret key they can share one among themselves and sends to another group the message secretly.

Step 3: Get key directly from user then browse the particular file/document and encrypted with DES function.

Step 4: Due to DES security to authenticate the message secretly, the member who wants to check the file/document the particular member have to communicate with particular group key.

Step 5: With that Group key we can decrypt the message successfully, but unauthorized persons cannot directly communicate with group members.

Fig 4: Data to encrypt/decrypt file

Private Cloud: The data is encrypted with the public key. Then an attachment that consists of signed member id and message digest is sent to the group members and checks/verifies the signature with the signature with the group‟s public key and then removes the attachment. The group member again makes an attachment which consists of the signed secret group id and the encrypted member‟s data. The set is now sent to the cloud provider.

At first the member connects with the particular group and gives their id. The group id and multiple users of group id in an organization they maintain all the data and receive /maintain the id and issues a private key. The private key is now used for signature.

The cloud provider decrypts the signature with the group‟s public key to find out the genuine group members and stores the data in the cloud.

Fig 5: Private Cloud

V. SECURITY ANALYSIS

In our proposed protocol, we first consider two types of adversaries in our protocol, insider and outsider. Then proved that our proposed protocol achieves the security goals mentioned in Section 3 and is against inside and outside attacks.

5.1. Security and Authentication

 Since the numbers are drawn from Vandermonde‟s

determinant whose factors are difference of the prime numbers of the KGC.

 Radix representation for cyclic code or any one of the

prime numbers of KGC given under cyclic permutation.

 Composite number taken from the KGC is public and

the private key is some order or other.

5.2. Proof of Strength

The proposed protocol achieves the following goals

1). Key freshness 2). Key confidentiality 3). Key authentication

4). Data encrypt/decrypt the file 5). Private cloud

International Journal of Emerging Technology and Advanced Engineering

548 2) Key confidentiality is provided due to the security

feature of a secret sharing scheme. KGC generates at the

degree polynomial f(x) passing through (t + 1) points, (0,k)

and ( xi,yi ffi Ri), for i = 1,... ,t, and makes t additional

points publicly known. For each authorized group member, including the secret shared with KGC, he/she knows (t + 1) points in total on f(x). Thus, any authorized group member is able to reconstruct the polynomial f(x) and recover the group key k. However, for any unauthorized member (or outsider), there are only t points on f(x) available. Thus, unauthorized member knows nothing about the group key. This property is information theoretically secure since there has no other computational assumption based upon.

3) Key authentication is provided through the value Auth in step 4. Auth is a one-way hash output with the secret group key and all members' random challenges as input. Since the group key is known only to authorized group members and KGC, unauthorized members cannot forge this value. Any insider also cannot forge a group key without being detected since the group key is a function of the secret shared between each group member and KGC. In

addition, any replay of Pi and Auth of KGC in step 4 can be

detected since the group key i s a function of each group member's random challenge.

4) Data encrypt/decrypt the file is provided DES function then KGC already generates the group key which is secure get key then download the file and encrypts the message

security by providing authenticate, confidentiality

,integrity. So sends the file through with KGC key and communicate through broadcast channel.The particular group can share the message and decrypts the file .But, unauthorized persons cannot forge this value.

Fig 6 : Data encrypt/decrypt the file

5) Private cloud is the cloud computing environment which incorporates confidential network computing is said to be the Private cloud or internal cloud. This computing environment developed for the exclusive use of single organization or user, providing complete control over data, security and QOS. It is a deployment module which is mostly used for large corporations with recourses located in multiple locations for providing cloud services over the corporate network to its internal users in a highly secured manner as shown in Figure.

The advancement in virtualization, multi-tenancy and data center consolidation makes community network and data center administrators to provide cloud services efficiently to meet the requirements of the customer's within the corporate. Cloud environment allows large organizations from "resource pooling" concept connected with the cloud and its size. Apart from this the issues like data Security, Corporate governance are needs to be considered.

Fig7: Private Cloud

Theorem 1 (Outsider Attack)

Assume that an attacker who impersonate a group member for requesting a group key service then the attacker can neither obtain the group key nor share on group key with any group member.

Proof 1

International Journal of Emerging Technology and Advanced Engineering

549 This security feature of impersonate group member to share a service request to KGC is not possible since after getting the member it is part to random shift to cyclic code representation of individual key. This attack cannot be secured in sharing this compromised group key with any member of the information redundancy of data is made possible by cyclic code and random shift.

Key Generation for three authorization levels Theorem 2 (Insider Attack)

Assume that the protocol runs successfully the applied factoring incidences are intractable then the secret ( xi, yi) of each group members shared with KGC remains unknown to all other group members (and outsiders)

Proof 2

Factoring problem of Vandermonde‟s determinant in to primes the individual basis for cyclic code is created in a tough analysis between generations and shift other members in the group could have access to individual‟s key information. In our proposed protocol group key service request and challenges from group members are not authenticated and adversary the insider can make several service requests and forge challenges of the target group member. Thus the numbers generated for the basis will be different. The security is on the intractable problem due to factorization assumption which needs prime factorization of large numbers and its placement in the expansion of vandermonde‟s determinant afterwards with the cyclic change as choice of cyclic code basis.

Security of Authentication, Confidentiality, Integrity

Remark1:In our protocol, during registration, KGC shares a secret, (xi, yi) , with each user Ui. Adding/removing any user does not need to update any existing shared secret. However, for distributing a secret group key involving t group members, KGC needs to broadcast a message containing (t + 1) elements to all group members. At the same time, each group member needs to compute a t-degree interpolating polynomial f(x) to decrypt the secret group key. Thus, our proposed protocol is only suitable for distributing secret group key to a group with a small group size. If a group containing a large group size, such as applications in pay-per-view system, centralized group key distribution protocols, such as EBS protocol [23], can be used to reduce the length of broadcast message and computational load of each group member.

Remark 2: In the proposed protocol we only focus on protecting group key information broadcasted from the KGC to all the group members. In our model we assume that KGC is mutually trusted entity to each registered user by mutually secret pair of prime factors of the number chosen used as a secret basis of individual key represented in cyclic basis along basis with random shift. The nonce shared by each user with KGC and among the group guarantees the confidentiality authentication of the key generated. The entire strength of the protocol depends on judicious use of information redundancy as a cyclic code representation drawn from factoring the value of the determinant as prime factor.

International Journal of Emerging Technology and Advanced Engineering

550 • Random distribution of the individual key is a combinatorial problem on the exact permutation of the cyclic code representation. This explains that the protocol is secure for both inside and outside attack.

VI. CONCLUSION

Key transfer protocols rely on a mutually trusted key generation center (KGC) to select session keys and transport session keys to all communication entities secretly. Most often, KGC encrypts session keys under another secret key shared with each entity during registration. In this paper, we propose an authenticated key transfer protocol based on secret sharing scheme that KGC can broadcast group key information to all group members at once and only authorized group members can recover the group key; but unauthorized users cannot recover the group key. The confidentiality of this transformation is

information theoretically secure. It also provide

authentication for transporting this group key.The receiver

has minimal computational requirements forsymmetric key

recovery. For the generation of each new key, a simple

operation (i.e., construction of a polynomial)is performed.

Here introduces a new method to enhance the performance of the Data Encryption Standard (DES) algorithm is introduced here. The design of any encryption

algorithm must be security against unauthorized attacks,

data is encrypted with DES by using a secret key, the encrypted data is send to the particular group entities and KGC is shared between the sender and receiver. The received data is decrypted using the KGC, but unauthorized users cannot recover the group key.

So, when large numbers of groups are there in an organization the cloud model maintains all the data secure and manage the communication in between the numbers of groups. It has been criticised by privacy advocates for the greater ease in which the companies hosting the cloud services control, thus, can monitor at will, lawfully or unlawfully, the communication and data stored between the user and the host company.

REFERENCES

[1 ] Lein Harn and Changlu Lin, “Authenticated Group Key Transfer Protocol Based on Secret Sharing” IEEE transactions on computers, vol, 59,no.6, JUNE 2010 IEEE

[2 ] William Stallings, Cryptography and Network Security, fourth ed. Pearson Education,2009

[3 ] E.Bresson, O.Chevassut, and D.Pointcheval, “Provably-Secure Authenticated Group Diffie- Hellman Key Exchange,” ACM Trans. Information and systems Security, Vol.10, no.3, pp.255- 264, Aug.2007.

[4 ] J.Katz and M.Yung, “Scalable Protocols for Authenticated Group Key\ Exchange,” J.Cryptology, Vol.20,pp.85-113,2007.

[5 ] W.G.Tzeng. “ A Secure Fault-Tolerant Conference Key Agreement Protocol,” IEEE Trans.Computer, Vol.51,no.4,pp.373-379,Apr.2002 [6 ] Johannes A.Buchmann, Introduction to cryptography, second ed,

Springer-Verlog NY,LLC, 2005

[7 ] K.H.Huang,Y.F.Chung,H.H.Lee,F.Lai and T.S.Chen, “ A Conference Key Agreement Protocol with Fault-Tolerant Capability”, Computer Standard and Interfaces, Vol.31, pp.401-405, Jan 2009.

[8 ] G.R.Blakley, “Safeguarding Cryptographic Keys”, Proc Am. Federation of Information Processing Soc. (AFIPS‟79) Nat‟l Computer Conf., Vol.48,pp.313-317,1979.

[9 ] A.Shamir,” How to share a Secret”,Comm ACM, Vol.22, no.11, pp.612-613, 1979.

[10 ]Lein Harn and Changlu Lin, “ Authenticated Group Key Transfer Protocol Based on Secret Sharing”, IEEE Trans. Computers, Vol .59, no.6,pp.842-846, June2010

[11 ]G.R. Blakley, “Safeguarding Cryptographic Keys,” Proc. Am. Federation of Information Processing Soc. (AFIPS ‟79) Nat‟l Computer Conf., vol. 48, pp. 313- 317, 1979.

[12 ]S. Berkovits, “How to Broadcast a Secret,” Proc. Eurocrypt ‟91 Workshop Advances in Cryptology, pp. 536-541, 1991.

[13 ]R. Blom, “An Optimal Class of Symmetric Key Generation Systems,” Proc. Eurocrypt ‟84 Workshop Advances in Cryptology, pp. 335-338, 1984.

[14 ]C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, “Perfectly Secure Key Distribution for Dynamic Conferences,” Information and Computation, vol. 146, no. 1, pp. 1-23, Oct. 1998.

[15 ]C. Boyd, “On Key Agreement and Conference Key Agreement Proc. Second Australasian Conf. Information Security and Privacy (ACISP „97), pp. 294-302, 1997.

[16 ]E. Bresson, O. Chevassut, D. Pointcheval, and J.-J. Quisquater, “Provably Authenticated Group Diffie-Hellman Key Exchange,” Proc. ACM Conf. Computer and Comm. Security (CCS ‟01), pp. 255-264, 2001.

[17 ]E. Bresson, O. Chevassut, and D. Pointcheval, “Provably-Secure Authenticated Group Diffie-Hellman Key Exchange,” ACM Trans. Information and System Security, vol. 10, no. 3, pp. 255-264, Aug. 2007.

[18 ]J.M. Bohli, “A Framework for Robust Group Key Agreement,” Proc. Int‟l Conf. Computational Science and Applications (ICCSA ‟06), pp. 355- 364, 2006.

[19 ]M. Burmester and Y.G. Desmedt, “A Secure and Efficient Conference Key Distribution System,” Proc. Eurocrypt ‟94 Workshop Advances in Cryptology, pp. 275-286, 1994.

[20 ]R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, “Multicast Security: A Taxonomy and Some Efficient Constructions,” Proc. IEEE INFOCOM ‟99, vol. 2, pp. 708-716, 1999.

International Journal of Emerging Technology and Advanced Engineering

551 [22 ]W. Diffie and M.E. Hellman, “New Directions in Cryptography,”

IEEE Trans. Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976.

[23 ]M. Eltoweissy, M.H. Heydari, L. Morales, and I.H. Sudborough, “Combinatorial Optimization of Group Key Management,” J. Network and Systems Management, vol. 12, no. 1, pp. 33-50, 2004.

[24 ]A. Fiat and M. Naor, “Broadcast Encryption,” Proc. 13th Ann. Int‟l Cryptology Conf. Advances in Cryptology (Crypto 93), pp. 480-491, 1994.