Towards collusion-attack-resilient group key management using one-way function tree

One-way Function Tree (OFT) is a promising scheme for group key management. However, it has been found vulnerable to collusion attacks. Malicious users can collaborate to break forward and backward secrecy. Solutions have been proposed to prevent collusion attacks on OFT scheme. In this paper, we first demonstrate how existing solutions only partially consider collusion attacks. Current models surmise scenarios where malicious users may obtain node secrets unknown through collusion. They do not, however, consider that malicious users can decrypt extra blinded node secrets using known node secrets. As a result, the malicious users can collude to obtain far more information than expected. We use theoretical evidence to identify the exact node secrets which can be obtain by malicious users. Finally, we propose two improved schemes named repeated one-way function tree (ROFT) and node one-way function tree (NOFT). Compared to previous solutions, ROFT and NOFT require less adjustments to make the OFT scheme resilient to collusion attacks. Performance analysis shows that ROFT and NOFT do not incur extra communication overhead compared to the original OFT scheme. The proposed ROFT and NOFT schemes effectively solve the security problem of the OFT scheme at the cost of a minimal increase in computational cost and storage overhead.