close
close
news

a Continuous Group Key Agreement for MLS, Secure in Presence of Inactive Users

Photo of Vaseline VaselineSeptember 30, 2024
0 2 minutes read
a Continuous Group Key Agreement for MLS, Secure in Presence of Inactive Users

Paper 2023/1903

Quarantined-TreeKEM: a Continuous Group Key Agreement for MLS, Secure in Presence of Inactive Users

Celine ChevalierÉcole Normale Supérieure – PSLUniversité Paris Panthéon-Assas
Guirec LebrunÉcole Normale Supérieure – PSLANSSI
Angel MartinelliANSSI
Abdul Rahman TalebANSSI
Abstract

The recently standardized secure group messaging protocol Messaging Layer Security (MLS) is designed to ensure asynchronous communications within large groups, with an almost-optimal communication cost and the same security level as point-to-point secure messaging protocols such as Signal. In particular, the core sub-protocol of MLS, a Continuous Group Key Agreement (CGKA) called TreeKEM, must generate a common group key that respects the fundamental security properties of post-compromise security and forward secrecy which mitigates the effects of user corruption over time. Most research on CGKAs has focused on how to improve these two security properties. However, post-compromise security and forward secrecy require the active participation of respectively all compromised users and all users within the group. Inactive users – who remain offline for long periods – do not update their encryption keys anymore and therefore represent a vulnerability for the entire group. This issue has already been identified in the MLS standard, but no solution, other than expelling these inactive users after some disconnection time, has been found. We propose here a CGKA protocol based on TreeKEM and fully compatible with the MLS standard, that implements a quarantine mechanism for the inactive users in order to mitigate the risk induced by these users during their inactivity period and before they are removed from the group. That mechanism indeed updates the inactive users’ encryption keys on their behalf and secures these keys with a secret sharing scheme. If some of the inactive users eventually reconnect, their quarantine stops and they are able to recover all the messages that were exchanged during their offline period. Our Quarantined-TreeKEM protocol thus increases the security of original TreeKEM, with a very limited – and sometimes negative – communication overhead.

Note: This is the full version of the extended abstract published in the proceedings of ACM CCS’24.

BibTeX 

@misc{cryptoeprint:2023/1903,
      author = {Céline Chevalier and Guirec Lebrun and Ange Martinelli and Abdul Rahman Taleb},
      title = {Quarantined-{TreeKEM}: a Continuous Group Key Agreement for {MLS}, Secure in Presence of Inactive Users},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1903},
      year = {2023},
      doi = {10.1145/3658644.3690265},
      url = {https://eprint.iacr.org/2023/1903}
}
Photo of Vaseline VaselineSeptember 30, 2024
0 2 minutes read
Photo of Vaseline

Vaseline

Related Articles

Offers and steals for home

Offers and steals for home

October 14, 2024
Justin Rose ‘houdt tranen tegen’ na flirt met Open-titel

Justin Rose ‘houdt tranen tegen’ na flirt met Open-titel

July 21, 2024
How to get the Umbracrux in Diablo 4

How to get the Umbracrux in Diablo 4

August 8, 2024
Rumor has it that OnePlus ‘Flip’ could be the ace up its sleeve next year

Rumor has it that OnePlus ‘Flip’ could be the ace up its sleeve next year

3 days ago
Back to top button