A security analysis of the cliques protocols suites

Secure group protocols are not easy to design: this paper will show new attacks found against a protocol suite for sharing key. The method we propose to analyse these protocols is very systematic, and can be applied to numerous protocols of this type. The A-GDH.2 protocols suite analysed throughout this paper is part of the Cliques suites that propose extensions of the Diffie-Hellman key exchange protocol to a group setting. The A-GDH.2 main protocol is intended to allow a group to share an authenticated key while the other protocols of the suite allow to perform dynamic changes in the group constitution (adding and deleting members, fusion of groups,...). We are proposing an original method to analyse these protocols and are presenting a number of unpublished flaws with respect to each of the main security properties claimed in protocol definition (key authentication, perfect forward secrecy, resistance to known-keys attacks). Most of these flaws arise from the fact that using a group setting does not allow to reason about security properties in the same way as when only two (or three) parties are concerned. Our method has been easily applied on other Cliques protocols and allowed us to pinpoint similar flaws.