Cryptanalysis of Ateniese–Steiner–Tsudik-Authenticated Group Key Management Protocol

We present an active attack that targets Ateniese et al.’s authenticated group key agreement, which, as a particular case, includes the well-known multiparty key exchange protocol CLIQUES that allows a group of users to build a common secret using some private values in a collaborative and distributed way, naturally extending the foundational key exchange introduced by Diffie and Hellman between two communicating parties that motivated the birth of public key cryptography. Ateniese et al.’s protocol adds some authentication information, allowing the parties to trust the exchanged information, but we show that it is possible to surpass this as well. The attack allows a malicious party to agree on a secret with the rest of the legal members of the group without their knowledge, so all the distributed information can be accessed using this secret. In addition, this is shown under a well-known cryptographic model that, in principle, requires absolute control of group communications, but, in fact, it only requires malicious control of the communications of a single arbitrary user and only for the duration of the key exchange. This means that after the attack, the malicious party does not have to take any other actions that could reveal a clue that an attack occurred and that the distributed information is being illegally accessed, contrary to a typical man-in-the-middle attack where the attacker has to continue the activity, meaning this could be detected at some point.