On Group Key Management for Secure Multicast Employing the Inverse Element

Recently, Pour et al. proposed a group key management scheme for secure multicast, where each member is privately assigned a member secret, and the algebraic inverse element of this secret is assigned to others but not the member himself. The scheme is claimed to be efficient in that the inverse element of a leaving member can be mathematically employed for updating the group key locally, which would otherwise have to be delivered online so as to be distributed to the residual members. In this work, both performance and security of the scheme are investigated. We first point out that the scheme does not really exhibit the preferred reduction in terms of overall communication overhead, as the cost is actually shifted from the leave scenario to the join one. Then we reveal a design flaw regarding the generation of the inverse element, due to which a departed member can actually continue decrypting the multicast traffic intended only for others. Furthermore, we show that the scheme is a special yet incorrect implementation of the well studied Complementary Variable Approach, and thus suffers also from the well-known colluding attack. In addition, a similar problem is observed in another but more recent scheme by Sun et al., which is inherently vulnerable to collusion, too.