Security analysis of the cliques protocols suites: First results

Abstract

The Cliques protocols are extensions of the Diffie-Hellman key exchange protocol to a group setting. In this paper, we are analysing the A-GDH.2 suite that is intended to allow a group to share an authenticated key and to perform dynamic changes in the group constitution (adding and deleting members, ...). We are proposing an original method to analyze these protocols and are presenting a number of unpublished flaws with respect to each of the main security properties claimed in protocol definitions (key authentication, perfect forward secrecy, resistance to known-keys attacks). Most of these flaws arise from the fact that using a group setting does not allow to reason about security properties in the same way as when only two (or three) parties are concerned. © 2002 Kluwer Academic / Plenum Publishers, New York.