Group Authentication and Key Establishment Scheme

Group authentication is a technique that verifies the group membership of multiple users and establishes a shared secret key among them. Unlike the conventional authentication schemes that rely on a central authority to authenticate each user individually, group authentication can perform the authentication process simultaneously for all the members who participate. Group authentication has been found to be a suitable candidate for various applications in crowded in Internet of Things (IoT) environments, such as swarms of drones for agriculture, military, and surveillance, where a group of devices need to establish a secure authenticated communication channel among themselves. The recently presented group authentication algorithms mainly exploit Lagrange polynomial interpolation along with elliptic curve groups over finite fields. A polynomial interpolation-based group authentication scheme (GAS) has a vulnerability that allows malicious interruption by any single entity in the process. Moreover, this scheme requires each entity to obtain the tokens of all other entities, which is impractical in a large-scale setting. The cost of authentication and key establishment also depends on the number of users, creating a scalability issue. As a fresh approach to eliminate these issues, this work suggests the use of inner product spaces for group authentication and key establishment. The approach with linear spaces introduces a reduced computation and communication load to establish a common shared key among the group members. In addition to providing lightweight authentication and key agreement, this approach allows any user in a group to make a nonmember a member, which is expected to be useful for autonomous systems in the future. The scheme is designed in a way that the sponsors of such members can easily be recognized by anyone in the group. Unlike the other GASs based on Lagrange's polynomial interpolation, the proposed scheme does not provide a tool for adversaries to compromise the whole group's secrets by using only a few members' shares as well as it allows to recognize a nonmember easily, which prevents the denial-of-service attacks from which the former group authentication algorithms suffer.