Download presentation

Presentation is loading. Please wait.

Published bySavion Gillson Modified about 1 year ago

1
Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong

2
Contents I.Security Notions of Key Exchange II.Type of Networks III.Key Agreement for Key Graphs

3
I.Security Notions of Key Exchange IA (Implicit Authentication) –Only a designated party can calculate the same session key. Dishonest parties can not get any information about the session key. KI (Key Independence) –security against Denning-Sacco attacks (known key attacks) –for the cases when other session keys are revealed FS (Forward Secrecy) –for the cases when long-term secrets are revealed

4
II.Types of Network half-duplex full-duplex 4 Rounds 2 Rounds Alice Bob Alice Bob

5
II.Types of Network Broadcasting Network Round 1 P1 P4 P3 P2 Round 2

6
DH (half-duplex) Alice Bob 2 Rounds

7
DH (full-duplex) Alice Bob 1 Round

8
Session Identifier The unique string per session Used to define matching session in the definition of security of key exchange In the full-duplex channel: the message concatenation by the ordering of owners

9
III. Key Agreement for Key Graphs We have constructed more efficient key exchange schemes which provides pairwise key exchange between parties via randomness re-use technique.

10
Sequential Key Exchange between Parties P1 P4P3 P2

11
Concurrent Key Exchange between Parties P1 P4P3 P2

12
Motivation How do we efficiently do concurrent execution of the two-party key exchange scheme ?

13
Our Results An efficient one-round key exchange scheme providing key independence in the standard model A two-round key exchange scheme providing forward secrecy in the standard model

14
Key Graph for Session keys (1) P1 P4 P3 P2 G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P1,P3),(P1,P4)} G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P2,P3),(P3,P4), (P4,P1)} P1 P4 P3 P2

15
Key Graph for Session keys (2) G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P1,P3), (P2,P4), (P2,P5), (P3,P6), (P3,P7)} G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P1,P3),(P1,P4), (P2,P3),(P2,P4),(P3,P4)} P1 P4 P3 P2 P1 P4 P3P2 P5 P6 P7

16
Key Exchange Model for Key Graphs Broadcasting network Several session keys in a single session

17
One-Round Two-Party Diffie- Hellman Key Exchange P1 P2

18
One-Round Concurrent Key Exchange using Two-Party Key Exchange P1 P4P3 P2 P1 requires three random values.

19
One-Round Concurrent Key Exchange using randomness re-use technique P1 P4P3 P2 P1 requires one random values.

20
Randomness Re-use under the DDH assumption Pairwise DDH assumption 1 Exp

21
Randomness Re-use under the DDH assumption Pairwise DDH assumption 2 Exp

22
PKA1 P1 P4 P3 P2 Round 1: KI in the standard model F is a pseudo random function

23
PKA2 P1 P4 P3 P2 Round 1: FS in the standard model

24
Security PKA1 and PKA2 –reduced to the DDH problem in the standard model

25
Discussion Key exchange for key graph is an extension of two-party key exchange. Key exchange for key graph can be used as a subprotocol of another protocol such as group key exchange protocols.

26
Thank You !

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google