Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing
|
|
- Loren Doyle
- 5 years ago
- Views:
Transcription
1 Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing Tsai, Hong-Bin Chiu, Yun-Peng Lei, Chin-Laung Dept. of Electrical Engineering National Taiwan University July 10, 2006 Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 1/30
2 Outline 1 Introduction Weil Pairing Identity-Based Encryption Scheme 2 ID-ID-AK Protocol Previous Works Our ID-ID-AK Protocol 3 Security Analysis Security Proof Security Attributes 4 Conclusions and Future Works Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 2/30
3 Outline 1 Introduction Weil Pairing Identity-Based Encryption Scheme 2 ID-ID-AK Protocol Previous Works Our ID-ID-AK Protocol 3 Security Analysis Security Proof Security Attributes 4 Conclusions and Future Works Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 3/30
4 Key Agreement Protocols A key agreement protocol is a protocol whereby two or more parties can agree on a key in such a way that both influence the outcome. A key agreement protocol that does not provide authentication of the parties is vulnerable to man-in-the-middle attack, e.g., Diffie-Hellman key exchange. Identity-based authenticated key agreement (AK) protocol is that the users in the protocol use an ID-based asymmetric key pair for authentication and establishment of the key. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 4/30
5 Weil Pairing Definitions A pairing is a computable bilinear map between an additive group, G 1, and a multiplicative group, G 2. G 1 denotes a subgroup of the group of points on an elliptic curve. G 2 denotes a subgroup of the multiplicative group of a finite field. The Weil pairing is denoted ê : G 1 G 1 G 2. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 5/30
6 Weil Pairing Properties Bilinear: If P, P 1, P 2, Q, Q 1, Q 2 G 1 and a Z q, then ê(p 1 + P 2, Q) = ê(p 1, Q) ê(p 2, Q), and ê(p, Q 1 + Q 2 ) = ê(p, Q 1 ) ê(p, Q 2 ). Non-degenerate: If ê(p, Q) = 1 for all P G 1, then Q = O. Computable: If P, Q G 1, one can compute ê(p, Q) in polynomial time. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 6/30
7 Identity-Based Encryption Scheme Identity-Based Encryption (IBE) Scheme Boneh and Franklin had proposed an identity-based encryption scheme built from any bilinear map, in which the public key is some unique information about the identity of the user. Identity-Based Encryption from the Weil Pairing, D. Boneh and M. Franklin, A Trusted Authority (TA) is required in the scheme to generate private keys corresponding to users public identity. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 7/30
8 Identity-Based Encryption Scheme IBE algorithms (1/2) Setup: The Setup algorithm produces TA s master key s Z q and system parameters that are known to public: Groups G 1, G 2 of order q and a random generator P G 1. TA s public key P pub = sp. A cryptographic hash function H 1 : {0,1} G 1. A cryptographic hash function H 2 : G 2 {0,1} n for some n. Extract: Given a user s public identity string ID {0, 1}, the Extract algorithm generates: Public key Q ID = H 1 (ID) G 1. Private key d ID = sq ID, where s is the master key. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 8/30
9 Identity-Based Encryption Scheme IBE algorithms (2/2) Encrypt: To encrypt a message M, algorithm Encrypt does: 1 choose a random r Z q 2 set the ciphertext C to be C = rp,m H 2 (g r ID) where g ID = ê(q ID,P pub ) G 2 Decrypt: Let C = U, V be a ciphertext encrypted using the public key ID. The algorithm Decrypt computes as follows: V H 2 (ê(d ID, U)) = M The masks used during encryption and decryption are the same: ê(d ID, U) = ê(sq ID, rp) = ê(q ID, P) sr = ê(q ID, P pub ) r = g r ID Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 9/30
10 Outline 1 Introduction Weil Pairing Identity-Based Encryption Scheme 2 ID-ID-AK Protocol Previous Works Our ID-ID-AK Protocol 3 Security Analysis Security Proof Security Attributes 4 Conclusions and Future Works Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 10/30
11 Previous Works Chen and Kudla s Protocol (1/2) Chen and Kudla had proposed a key agreement protocol that allows users in different domains to establish a shared secret key. We give an overview as follows. Identity Based Authenticated Key Agreement Protocols from Pairings, L. Chen and C. Kudla, Setup Following IBE scheme, let there be two TAs, TA 1 and TA 2 with public keys s 1 P and s 2 P respectively. Alice TA 1, has private key S A = s 1 Q A and public key Q A = H 1 (Alice s ID), ephemeral key a Z q. Bob TA 2, has private key S B = s 2 Q B and public key Q B = H 1 (Bob s ID), ephemeral key b Z q. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 11/30
12 Previous Works Chen and Kudla s Protocol (2/2) T A = ap T B = bp Alice Bob After a successful protocol run: Alice computes K AB = ê(s A,T B ) ê(q B,as 2 P). Bob computes K BA = ê(s B,T A ) ê(q A,bs 1 P). K = K AB = K BA = ê(bs A + as B,P pub ). Then use a key derivation function H 2 : G 2 {0, 1} n to generate the shared session key H 2 (K). Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 12/30
13 Previous Works Possible disadvantages 1 Necessity of a Trusted Third Party Parameters are decided and distributed by a Trusted Third Party (TTP). 2 Vast costs of key update One update produces enormous re-key processes, which is linear to the number of TAs in the system. 3 Inflexibility of key management Users in different domains fail to establish a shared secret key if their according TAs have different parameters. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 13/30
14 Our ID-ID-AK Protocol Setup The groups G 1, G 2 of prime order q and the bilinear map ê : G 1 G 1 G 2 are defined as before. Let TA i, TA j, where i j, be two TAs controlling different domains. TA i has a master key s i Z q and a public key s i P i G 1 where P i is a generator of G 1. TA j has a master key s j Z q and a public key s j P j G 1 where P j is a generator of G 1. Alice is registered to TA i, holding a public key Q A = H 1 (Alice s ID) and a private key S A = s i Q A. Bob is registered to TA j, holding a public key Q B = H 1 (Bob s ID) and a private key S B = s j Q B. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 14/30
15 Our ID-ID-AK Protocol Design Concepts No TTP is required, each TA can choose their own generator P G 1. Users in distinct domains willing to establish a shared secret key doesn t have to apply identical generator P G 1. The achievement of key agreement between users in a protocol needs information from their own TAs, which is defined as Public Token in our protocol. The protocol is divided into two phases. Phase 1: The TAs exchange public tokens for later key agreement. Phase 2: Users in the system are able to establish a shared secret key with others via public tokens generated in Phase 1. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 15/30
16 Our ID-ID-AK Protocol Phase 1 Assume Alice initiates the key agreement protocol with Bob and checks if TA i and TA j have exchanged public tokens before. If the needed public token is available and its corresponding lease L is not expired, then proceeds to Phase 2, else Alice asks TA i to start the protocol Phase 1 as follows. P i P j s i P j Alice's TA s j P i Bob's TA Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 16/30
17 Our ID-ID-AK Protocol Phase 2 (1/2) ap i, aq A bp j, bq B Alice Bob After a successful protocol run: Alice computes K AB = ê(s i Q A,aP i ) ê(s i Q A,bP j ) ê(q B,as j P i ) ê(bq B,s j P j ). Bob computes K BA = ê(s j Q B,bP j ) ê(s j Q B,aP i ) ê(q A,bs i P j ) ê(aq A,s i P i ). Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 17/30
18 Our ID-ID-AK Protocol Phase 2 (2/2) If Alice and Bob follow the protocol, they can compute and output a common session key as follows: K = K AB = ê(s i Q A, ap i ) ê(s i Q A, bp j ) ê(q B, as j P i ) ê(bq B, s j P j ) = ê(s i Q A, ap i + bp j ) ê(q B, as j P i + bs j P j ) = ê(s j Q B, ap i + bp j ) ê(q A, as i P i + bs i P j ) = ê(s j Q B, bp j ) ê(s j Q B, ap i ) ê(q A, bs i P j ) ê(aq A, s i P i ) = K BA = ê(s i Q A + s j Q B, ap i + bp j ). Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 18/30
19 Outline 1 Introduction Weil Pairing Identity-Based Encryption Scheme 2 ID-ID-AK Protocol Previous Works Our ID-ID-AK Protocol 3 Security Analysis Security Proof Security Attributes 4 Conclusions and Future Works Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 19/30
20 Security Proof Bilinear Diffie-Hellman Problem Let G 1, G 2 be two groups of prime order q, ê : G 1 G 1 G 2 a bilinear map and P a generator of G 1. BDHP: Given P, xp, yp, zp for some x, y, z Z q, compute W = ê(p, P) xyz G 2. The hardness of BDH depends on the hardness of CDH in both G 1 and G 2. M. Maas, 2004 Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 20/30
21 Security Proof Security Model (1/3) Assumptions: The authenticity between TAs is realized through other cryptographic mechanisms, e.g., PKI. Setup: Assume a set I = {1,2,...,f 1 (k)} of protocol participants, where k is a security parameter and f 1 (k) is a polynomial bound on the number of participants. An oracle s I,J denotes a message sent from a participant I to another participant J, whom I believes he/she is in communication with, in sth protocol session. Every message sent by I or J is known by the adversary E. E is a benign adversary if it simply passes messages to and fro between participants. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 21/30
22 Security Proof Security Model (2/3) E is allowed to make following queries: Send: A Send query allows E to send a message of his/her choice to an oracle s I,J and to record the response. Reveal: A Reveal query allows E to reveal the session key currently held by an oracle s I,J. Corrupt: A Corrupt query allows E to reveal the long-term private key of the sender of an oracle s I,J. Test: Participants must reply to this Test query with either the session key K held by the oracle or a random k-bit string, depending on a fair coin toss. The probability that E can distinguish K from the random string is denoted as: advantage E (k) = Pr[b = b] 1/2 Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 22/30
23 Security Proof Security Model (3/3) A protocol is a secure AK protocol if: 1 In the presence of the benign adversary on oracles s t J,I I,J and, both oracles always accept holding the same session key, which is distributed uniformly and randomly on {0,1} k. 2 If uncorrupted oracles s I,J and t J,I participate in a matching conversation, then both oracles accept and hold the same session key, which is again uniformly distributed on {0,1} k. 3 advantage E (k) is negligible. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 23/30
24 Security Proof Proof Sketch (1/2) Proof of Condition 1 and 2: Conditions 1 and 2 follow directly from the protocol description. Proof of Condition 3: Suppose that advantage E (k) is non-negligible. We can construct an algorithm F from E which solves the BDHP with non-negligible probability. Given description of G 1, G 2,ê, generator P G 1, and xp,yp,zp G 1 with uniformly random choice of x,y,z Z q. F s task is to compute and output ê(p,p) xyz G 2. F simulates the Setup algorithm to create necessary oracles and variables. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 24/30
25 Security Proof Proof Sketch (2/2) At some point in the simulation, E will make a Test query to some oracle. Then F responds with either the key held by the oracle or a random bit string. After a careful deduction (please refer to the paper for details), we can conclude that the probability that F produces the correct output is non-negligible. This result contradicts to the BDH assumption. Therefore, the algorithm F doesn t exist. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 25/30
26 Security Attributes Security Attributes (1/2) Partial forward secrecy: The compromise of either Alice or Bob s long-term private key does not lead to the compromise of past session keys. However, the compromise of both Alice and Bob s long-term private keys enables an adversary to compute K. (Because that s i Q A, s j Q B, ap i, bp j are known.) Our protocol suffices partial forward secrecy, but does not offer perfect forward secrecy. TA forward secrecy: The compromise of the long-term private key of TA implies the compromise of its registrant s long-term private key. Thus the result follows partial forward secrecy. Imperfect key control: Mitchell et al. had pointed out that the responder in a protocol happens to have an unfair advantage in controlling the value of the established session key. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 26/30
27 Security Attributes Security Attributes (2/2) Unknown key-share resilience: This property follows from the protocol. No key-compromise impersonation: The compromise of Alice s long-term private key does not enable an adversary to impersonate other entities, say Bob, to Alice in a successful protocol run. Note that previous works satisfy partial forward secrecy, partial TA forward secrecy as well. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 27/30
28 Outline 1 Introduction Weil Pairing Identity-Based Encryption Scheme 2 ID-ID-AK Protocol Previous Works Our ID-ID-AK Protocol 3 Security Analysis Security Proof Security Attributes 4 Conclusions and Future Works Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 28/30
29 Conclusions We have proposed an AK protocol that allows users in distinct domains to establish a shared secret key through pairings without the constraint of using identical generator. Instead of following the decision of a Trusted Third Party, TAs can select a generator P at its choice, which prevents the single point of failure. The operation of key updates can be done within a domain without the interference of a TTP. Thus our protocol is more scalable than previous works. Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 29/30
30 Future Works How to modify the protocol to achieve tripartite (multi-party) key agreement? How to improve the protocol s efficiency? Inter-Domain Identity-based Authenticated Key Agreement Protocol from the Weil Pairing 30/30
An IBE Scheme to Exchange Authenticated Secret Keys
An IBE Scheme to Exchange Authenticated Secret Keys Waldyr Dias Benits Júnior 1, Routo Terada (Advisor) 1 1 Instituto de Matemática e Estatística Universidade de São Paulo R. do Matão, 1010 Cidade Universitária
More informationSecurity Analysis of Shim s Authenticated Key Agreement Protocols from Pairings
Security Analysis of Shim s Authenticated Key Agreement Protocols from Pairings Hung-Min Sun and Bin-san Hsieh Department of Computer Science, National sing Hua University, Hsinchu, aiwan, R.O.C. hmsun@cs.nthu.edu.tw
More informationRemove Key Escrow from The Identity-Based Encryption System
Remove Key Escrow from The Identity-Based Encryption System Zhaohui Cheng@mdx.ac.uk Abstract Key escrow is an inherent property in the current proposed Identity- Based Encryption (IBE) systems. However
More informationOn the Security of a Certificateless Public-Key Encryption
On the Security of a Certificateless Public-Key Encryption Zhenfeng Zhang, Dengguo Feng State Key Laboratory of Information Security, Institute of Software, Chinese Academy of Sciences, Beijing 100080,
More informationCertificateless Public Key Cryptography
Certificateless Public Key Cryptography Mohsen Toorani Department of Informatics University of Bergen Norsk Kryptoseminar November 9, 2011 1 Public Key Cryptography (PKC) Also known as asymmetric cryptography.
More informationAn Enhanced Certificateless Authenticated Key Agreement Protocol
An Enhanced Certificateless Authenticated Key Agreement Protocol Razieh Mokhtarnameh, Sin Ban Ho, Nithiapidary Muthuvelu Faculty of Information Technology, Multimedia University, 63100, Cyberjaya, Malaysia
More informationNotes for Lecture 14
COS 533: Advanced Cryptography Lecture 14 (November 6, 2017) Lecturer: Mark Zhandry Princeton University Scribe: Fermi Ma Notes for Lecture 14 1 Applications of Pairings 1.1 Recap Consider a bilinear e
More informationDesign of Secure VoIP using ID-Based Cryptosystem
All rights are reserved and copyright of this manuscript belongs to the authors. This manuscript has been published without reviewing and editing as received from the authors: posting the manuscript to
More informationHomework 3: Solution
Homework 3: Solution March 28, 2013 Thanks to Sachin Vasant and Xianrui Meng for contributing their solutions. Exercise 1 We construct an adversary A + that does the following to win the CPA game: 1. Select
More informationBrief Introduction to Provable Security
Brief Introduction to Provable Security Michel Abdalla Département d Informatique, École normale supérieure michel.abdalla@ens.fr http://www.di.ens.fr/users/mabdalla 1 Introduction The primary goal of
More informationTrust negotiation with trust parameters
University of Wollongong Research Online Faculty of Informatics - Papers (Archive) Faculty of Engineering and Information Sciences 2006 Trust negotiation with trust parameters Fuchun Guo Fujian Normal
More informationPairing-Based One-Round Tripartite Key Agreement Protocols
Pairing-Based One-Round Tripartite Key Agreement Protocols Zhaohui Cheng, Luminita Vasiu and Richard Comley School of Computing Science, Middlesex University White Hart Lane, London N17 8HR, United Kingdom
More informationProofs for Key Establishment Protocols
Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish
More informationKey Escrow free Identity-based Cryptosystem
Key Escrow free Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university, located in capital of Gujarat state in India. DA-IICT offers undergraduate and postgraduate
More informationA modified eck model with stronger security for tripartite authenticated key exchange
A modified eck model with stronger security for tripartite authenticated key exchange Qingfeng Cheng, Chuangui Ma, Fushan Wei Zhengzhou Information Science and Technology Institute, Zhengzhou, 450002,
More informationA Thesis for the Degree of Master of Science. Provably Secure Threshold Blind Signature Scheme Using Pairings
A Thesis for the Degree of Master of Science Provably Secure Threshold Blind Signature Scheme Using Pairings Vo Duc Liem School of Engineering Information and Communications University 2003 Provably Secure
More informationChapter 10 : Private-Key Management and the Public-Key Revolution
COMP547 Claude Crépeau INTRODUCTION TO MODERN CRYPTOGRAPHY _ Second Edition _ Jonathan Katz Yehuda Lindell Chapter 10 : Private-Key Management and the Public-Key Revolution 1 Chapter 10 Private-Key Management
More informationREMOVE KEY ESCROW FROM THE IDENTITY-BASED ENCRYPTION SYSTEM
REMOVE KEY ESCROW FROM THE IDENTITY-BASED ENCRYPTION SYSTEM Zhaohui Cheng, Richard Comley Luminita Vasiu School of Computing Science, Middlesex University White Hart Lane, London N17 8HR, United Kingdom
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 18: Key Distribution and Agreement Department of Computer Science and Engineering University at Buffalo 1 Key Distribution Mechanisms Secret-key encryption
More informationKey Establishment and Authentication Protocols EECE 412
Key Establishment and Authentication Protocols EECE 412 1 where we are Protection Authorization Accountability Availability Access Control Data Protection Audit Non- Repudiation Authentication Cryptography
More informationAn improved pairing-free identity-based authenticated key agreement protocol based on ECC
Available online at www.sciencedirect.com Procedia Engineering 30 (2012) 499 507 International Conference on Communication Technology and System Design 2011 An improved pairing-free identity-based authenticated
More informationIdentity-Based Cryptography
Tutorial on Dr. Associate Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur http://cse.iitkgp.ac.in/ abhij/ June 29, 2017 Short Term Course on Introduction
More informationISSN: (Online) Volume 3, Issue 5, May 2015 International Journal of Advance Research in Computer Science and Management Studies
ISSN: 2321-7782 (Online) Volume 3, Issue 5, May 2015 International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online at:
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values
More informationSimple and Efficient Threshold Cryptosystem from the Gap Diffie-Hellman Group
Simple and Efficient Threshold Cryptosystem from the Gap Diffie-Hellman Group Joonsang Baek Monash University Frankston, VIC 3199, Australia Email: joonsang.baek@infotech.monash.edu.au Yuliang Zheng UNC
More informationGeneric Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model
Generic Transformation of a CCA2-Secure Public-Key Encryption Scheme to an eck-secure Key Exchange Protocol in the Standard Model Janaka Alawatugoda Department of Computer Engineering University of Peradeniya,
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationGroup Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings
International Journal of Network Security, Vol.5, No.3, PP.283 287, Nov. 2007 283 Group Oriented Identity-Based Deniable Authentication Protocol from the Bilinear Pairings Rongxing Lu and Zhenfu Cao (Corresponding
More informationIntro to Public Key Cryptography Diffie & Hellman Key Exchange
Intro to Public Key Cryptography Diffie & Hellman Key Exchange Course Summary Introduction Stream & Block Ciphers Block Ciphers Modes (ECB,CBC,OFB) Advanced Encryption Standard (AES) Message Authentication
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationKey Establishment. Chester Rebeiro IIT Madras. Stinson : Chapter 10
Key Establishment Chester Rebeiro IIT Madras CR Stinson : Chapter 10 Multi Party secure communication C D A B E F N parties want to communicate securely with each other (N=6 in this figure) If sends a
More informationRobust EC-PAKA Protocol for Wireless Mobile Networks
International Journal of Mathematical Analysis Vol. 8, 2014, no. 51, 2531-2537 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ijma.2014.410298 Robust EC-PAKA Protocol for Wireless Mobile Networks
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationPairing-Based One-Round Tripartite Key Agreement Protocols
Pairing-Based One-Round Tripartite Key Agreement Protocols Zhaohui Cheng, Luminita Vasiu and Richard Comley School of Computing Science, Middlesex University White Hart Lane, London N17 8HR, United Kingdom
More informationLIGHTWEIGHT TRUSTED ID-BASED SIGNCRYPTION SCHEME FOR WIRELESS SENSOR NETWORKS
INTERNATIONAL JOURNAL ON SMART SENSING AND INTELLIGENT SYSTEMS, VOL. 5, NO. 4, DECEMBER 202 LIGHTWEIGHT TRUSTED ID-BASED SIGNCRYPTION SCHEME FOR WIRELESS SENSOR NETWORKS Zhimin Li, Xin Xu, Zexiang Fan
More informationPublic Key Algorithms
Public Key Algorithms 1 Public Key Algorithms It is necessary to know some number theory to really understand how and why public key algorithms work Most of the public key algorithms are based on modular
More informationAn Efficient Certificateless Proxy Re-Encryption Scheme without Pairing
An Efficient Certificateless Proxy Re-Encryption Scheme without Pairing Presented By: Arinjita Paul Authors: S. Sharmila Deva Selvi, Arinjita Paul, C. Pandu Rangan TCS Lab, Department of CSE, IIT Madras.
More informationGroup Key Establishment Protocols
Group Key Establishment Protocols Ruxandra F. Olimid EBSIS Summer School on Distributed Event Based Systems and Related Topics 2016 July 14, 2016 Sinaia, Romania Outline 1. Context and Motivation 2. Classifications
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationA Novel Identity-based Group Signature Scheme from Bilinear Maps
MM Research Preprints, 250 255 MMRC, AMSS, Academia, Sinica, Beijing No. 22, December 2003 A Novel Identity-based Group Signature Scheme from Bilinear Maps Zuo-Wen Tan, Zhuo-Jun Liu 1) Abstract. We propose
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationOblivious Signature-Based Envelope
Oblivious Signature-Based Envelope Ninghui Li Department of Computer Sciences and CERIAS Purdue University 656 Oval Dr, West Lafayette, IN 47907-2086 ninghui@cs.purdue.edu Wenliang Du Department of Electrical
More informationThe Exact Security of a Stateful IBE and New Compact Stateful PKE Schemes
The Exact Security of a Stateful IBE and New Compact Stateful PKE Schemes S. Sree Vivek, S. Sharmila Deva Selvi, C. Pandu Rangan Theoretical Computer Science Lab, Department of Computer Science and Engineering,
More informationSecure E-Tendering Using Identity Based Encryption from Bilinear Pairings
Secure E-Tendering Using Identity Based Encryption from Bilinear Pairings K. V. Ramana, K. Anantha Lakshmi & D. Anusha CSE, CIST, Kakinada, India E-mail : kvramana.mtech09@gmail.com, lakshmi_anantha2002@yahoo.co.in,
More informationChapter 9. Public Key Cryptography, RSA And Key Management
Chapter 9 Public Key Cryptography, RSA And Key Management RSA by Rivest, Shamir & Adleman of MIT in 1977 The most widely used public-key cryptosystem is RSA. The difficulty of attacking RSA is based on
More informationCSC 5930/9010 Modern Cryptography: Public Key Cryptography
CSC 5930/9010 Modern Cryptography: Public Key Cryptography Professor Henry Carter Fall 2018 Recap Number theory provides useful tools for manipulating integers and primes modulo a large value Abstract
More informationAttribute-based encryption with encryption and decryption outsourcing
Edith Cowan University Research Online Australian Information Security Management Conference Conferences, Symposia and Campus Events 2014 Attribute-based encryption with encryption and decryption outsourcing
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationEncryption from the Diffie-Hellman assumption. Eike Kiltz
Encryption from the Diffie-Hellman assumption Eike Kiltz Elliptic curve public-key crypto Key-agreement Signatures Encryption Diffie-Hellman 76 passive security ElGamal 84 passive security Hybrid DH (ECDH)
More informationDistributed ID-based Signature Using Tamper-Resistant Module
, pp.13-18 http://dx.doi.org/10.14257/astl.2013.29.03 Distributed ID-based Signature Using Tamper-Resistant Module Shinsaku Kiyomoto, Tsukasa Ishiguro, and Yutaka Miyake KDDI R & D Laboratories Inc., 2-1-15,
More informationSecurity of Identity Based Encryption - A Different Perspective
Security of Identity Based Encryption - A Different Perspective Priyanka Bose and Dipanjan Das priyanka@cs.ucsb.edu,dipanjan@cs.ucsb.edu Department of Computer Science University of California Santa Barbara
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationProvable Secure Identity Based Key Agrement Protocol With Perfect Forward Secrecy
International Journal of Computational Intelligence Research (IJCIR). ISSN: 0973-1873 Volume 13, Number 8 (2017), pp. 1917 1930 Research India Publications http://www.ripublication.com/ijcir.htm Provable
More informationSM9 identity-based cryptographic algorithms Part 2: Digital signature algorithm
SM9 identity-based cryptographic algorithms Part 2: Digital signature algorithm Contents 1 Scope... 1 2 Normative references... 1 3 Terms and definitions... 1 3.1 message... 1 3.2 signed message... 1 3.3
More informationCHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE
68 CHAPTER 4 VERIFIABLE ENCRYPTION OF AN ELLIPTIC CURVE DIGITAL SIGNATURE 4.1 INTRODUCTION This chapter addresses the Verifiable Encryption of Elliptic Curve Digital Signature. The protocol presented is
More informationAuthenticated ID-based Key Exchange and remote log-in with simple token and PIN number
Authenticated ID-based Key Exchange and remote log-in with simple token and PIN number Michael Scott School of Computer Applications Dublin City University Ballymun, Dublin 9, Ireland. mike@computing.dcu.ie
More informationInter-domain Identity-based Proxy Re-encryption
Inter-domain Identity-based Proxy Re-encryption Qiang Tang, Pieter Hartel, Willem Jonker Faculty of EWI, University of Twente, the Netherlands {q.tang, pieter.hartel, jonker}@utwente.nl August 19, 2008
More informationNumber Theory and RSA Public-Key Encryption
Number Theory and RSA Public-Key Encryption Dr. Natarajan Meghanathan Associate Professor of Computer Science Jackson State University E-mail: natarajan.meghanathan@jsums.edu CIA Triad: Three Fundamental
More information1. Diffie-Hellman Key Exchange
e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Diffie-Hellman Key Exchange Module No: CS/CNS/26 Quadrant 1 e-text Cryptography and Network Security Objectives
More informationKey Establishment. Colin Boyd. May Department of Telematics NTNU
1 / 57 Key Establishment Colin Boyd Department of Telematics NTNU May 2014 2 / 57 Designing a Protocol Outline 1 Designing a Protocol 2 Some Protocol Goals 3 Some Key Agreement Protocols MTI Protocols
More informationImprovement of recently proposed Remote User Authentication Schemes
Improvement of recently proposed Remote User Authentication Schemes Guanfei Fang and Genxun Huang Science Institute of Information Engineering University, Zhengzhou, 450002, P.R.China feifgf@163.com Abstract
More informationReal-time protocol. Chapter 16: Real-Time Communication Security
Chapter 16: Real-Time Communication Security Mohammad Almalag Dept. of Computer Science Old Dominion University Spring 2013 1 Real-time protocol Parties negotiate interactively (Mutual) Authentication
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.5 Public Key Algorithms CSC 474/574 Dr. Peng Ning 1 Public Key Algorithms Public key algorithms covered in this class RSA: encryption and digital signature
More informationOne-Pass Key Establishment Model and Protocols for Wireless Roaming with User Anonymity
International Journal of Network Security, Vol.16, No.2, PP.129-142, Mar. 2014 129 One-Pass Key Establishment Model and Protocols for Wireless Roaming with User Anonymity Yuan Wang 1, Duncan S. Wong 2,
More informationAn Efficient ID-KEM Based On The Sakai Kasahara Key Construction
An Efficient ID-KEM Based On The Sakai Kasahara Key Construction L. Chen 1, Z. Cheng 2, J. Malone Lee 3, and N.P. Smart 3 1 Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol, BS34 8QZ,
More informationCS 395T. Formal Model for Secure Key Exchange
CS 395T Formal Model for Secure Key Exchange Main Idea: Compositionality Protocols don t run in a vacuum Security protocols are typically used as building blocks in a larger secure system For example,
More informationViber Encryption Overview
Introduction Terms Preparations for Session Setup Secure Session Setup Exchanging Messages Encrypted Calls Photo, Video and File Sharing Secure Groups Secondary Device Registration Authentication Viber
More informationA Short Certificate-based Signature Scheme with Provable Security
ISSN 1392 124X (print), ISSN 2335 884X (online) INFORMATION TECHNOLOGY AND CONTROL, 2016, T. 45, Nr. 3 A Short Certificate-based Signature Scheme with Provable Security Ying-Hao Hung, Sen-Shan Huang, Yuh-Min
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationVerifiably Encrypted Signature Scheme with Threshold Adjudication
Verifiably Encrypted Signature Scheme with Threshold Adjudication M. Choudary Gorantla and Ashutosh Saxena Institute for Development and Research in Banking Technology Road No. 1, Castle Hills, Masab Tank,
More informationStructure-Preserving Certificateless Encryption and Its Application
SESSION ID: CRYP-T06 Structure-Preserving Certificateless Encryption and Its Application Prof. Sherman S. M. Chow Department of Information Engineering Chinese University of Hong Kong, Hong Kong @ShermanChow
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationIntroduction. CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell
Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell 1 Cryptography Merriam-Webster Online Dictionary: 1. secret writing 2. the enciphering and deciphering
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationSecurity Analysis of Batch Verification on Identity-based Signature Schemes
Proceedings of the 11th WSEAS International Conference on COMPUTERS, Agios Nikolaos, Crete Island, Greece, July 26-28, 2007 50 Security Analysis of Batch Verification on Identity-based Signature Schemes
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More information1 A Tale of Two Lovers
CS 120/ E-177: Introduction to Cryptography Salil Vadhan and Alon Rosen Dec. 12, 2006 Lecture Notes 19 (expanded): Secure Two-Party Computation Recommended Reading. Goldreich Volume II 7.2.2, 7.3.2, 7.3.3.
More informationHash Proof Systems and Password Protocols
Hash Proof Systems and Password Protocols II Password-Authenticated Key Exchange David Pointcheval CNRS, Ecole normale supe rieure/psl & INRIA 8th BIU Winter School Key Exchange February 2018 CNRS/ENS/PSL/INRIA
More informationAN EFFICIENT CERTIFICATELESS AUTHENTICATED KEY AGREEMENT
AN EFFICIENT CERTIFICATELESS AUTHENTICATED KEY AGREEMENT 1 YUXIU-YING, 2 HEDA-KE, 3 ZHANG WENFANG 1,2,3 School of Information Science and Technology, South West Jiao Tong University, E-mail: 1 xyyu@home.swjtu.edu.cn,
More informationApplication of Number Theory to Cryptology
Application of Number Theory to Cryptology Atsuko Miyaji, Dr of Sci. Professor Japan Advanced Institute Science & Technology miyaji@jaist.ac.jp Outline There are many application with using cryptology.
More informationAuth. Key Exchange. Dan Boneh
Auth. Key Exchange Review: key exchange Alice and want to generate a secret key Saw key exchange secure against eavesdropping Alice k eavesdropper?? k This lecture: Authenticated Key Exchange (AKE) key
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationCryptanalysis on Improved Chou et al. s ID-Based Deniable Authentication Protocol
Cryptanalysis on Improved Chou et al. s ID-Based Deniable Authentication Protocol Meng-Hui Lim Department of Ubiquitous IT, Graduate School of Design and IT, Dongseo University, Busan, 617-716, Korea menghui.lim@gmail.com
More informationUniversally Composable Attribute-based Group Key Exchange
, pp.179-190 http://dx.doi.org/10.14257/ijsia.2015.9.1.19 Universally Composable Attribute-based Group Key Exchange Hui Xie, Yongjie Yan and Sihui Shu School of Mathematics & Computer Science, Jiangxi
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationAuthentication in Distributed Systems
Authentication in Distributed Systems Introduction Crypto transforms (communications) security problems into key management problems. To use encryption, digital signatures, or MACs, the parties involved
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationChapter 9 Public Key Cryptography. WANG YANG
Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext
More informationPseudonym-based cryptography for anonymous communications in mobile ad hoc networks. Dijiang Huang. 1 Introduction
272 Int. J. Security and Networks, Vol. 2, Nos. 3/4, 2007 Pseudonym-based cryptography for anonymous communications in mobile ad hoc networks Dijiang Huang Computer Science and Engineering, Arizona State
More informationMulti-authority attribute based encryption with honest-but-curious central authority
Proceedings of the 10th International Conference on Computational and Mathematical Methods in Science and Engineering, CMMSE 2010 27 30 June 2010. Multi-authority attribute based encryption with honest-but-curious
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More informationDistributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015
Distributed Systems 26. Cryptographic Systems: An Introduction Paul Krzyzanowski Rutgers University Fall 2015 1 Cryptography Security Cryptography may be a component of a secure system Adding cryptography
More informationInformation Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1
Information Security message M one-way hash fingerprint f = H(M) 4/19/2006 Information Security 1 Outline and Reading Digital signatures Definition RSA signature and verification One-way hash functions
More informationPublic-Key Cryptography. Professor Yanmin Gong Week 3: Sep. 7
Public-Key Cryptography Professor Yanmin Gong Week 3: Sep. 7 Outline Key exchange and Diffie-Hellman protocol Mathematical backgrounds for modular arithmetic RSA Digital Signatures Key management Problem:
More information