Presentation is loading. Please wait.

Presentation is loading. Please wait.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment."— Presentation transcript:

1 Public-key based

2 Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment cost –Security degree is higher than password-based The security assumption of most signature schemes are based on some well-known computational problems, such as the discrete logarithm problem and the factoring problem.

3 Authenticated key agreement without using one-way hash function (cont.) The MQV key agreement protocol has been adopted by the IEEE P1363 Committee to become a standard. The MQV protocol used a digital signature to sign the Diffie-Hellman public keys without using any one-way function. Here, the MQV protocol is generalized in three respects. First. signature variants for Diffie-Hellman public keys developed previously are employed in the new protocol.

4 Authenticated key agreement without using one-way hash function (cont.) Secondly, two communication entities are allowed to establish multiple secret keys in a single round of message exchange. Thirdly, the key computations are simplified. This paper is the improved version of MQV.

5 Protocol Assume A and B want to share multiple secret keys in one round of message exchange. For simplicity, we assume that A and B want to share four secrets.

6 Generate short term secret key k A1, k A2 and public key r A1, and r A2. Compute signature S A Generate short term secret key k B1, k B2 and public key r B1, and r B2. Compute signature S B {r A1, r A2, S A, certf(y A )} {r B1,r B2, S B, certf(y B )} y B =r B1 rB1 r B2 rB2 a SB mod p ? computes K 1 = r K B1 A 1 mod p K 2 = r K B1 A 2 mod p K 3 = r K B2 A 1 mod p K 4 = r K B2 A 2 mod p computes a r A 1 r A 2 mod p verifies {r A1, r A2 }, and computes K 1 = r K A1 B 1 mod p K 2 = r K A2 B 1 mod p K 3 = r K A1 B 2 mod p K 4 = r K A2 B 2 mod p A B Finally, A and B generate four secret key K 1 ~ K 4. Certif(y A ) is the public-key certificate of y A signed by a trusted party. A computes the signature S A for {r A1, r A2 } based on any signature variant as listed in Table 1. So as B. a is a primitive number if GF(p)

7 Fully-fledged two-way public key authentication and key agreement for low-cost terminals The server is assigned the unique identity j by the CA. The server picks a Rabin secret key (p j,q j ) and gives the corresponding public key (N j = p j *q j ) to the CA. √denotes modular square root operation. (to sign a message.)

8 Fully-fledged two-way public key authentication and key agreement for low-cost terminals A terminal is assigned a unique identity i, the network public keys, and signature system parameters. then it chooses a random secret key S i, and generates the associated ElGamal public key P i. The CA provides the terminal with a certificate c i.

9 Fully-fledged two-way public key authentication and key agreement for low-cost terminals The terminal chooses a random secret r, and performs the precomputations.

10 The server sends its identity, public key, and certificate to the terminal. The terminal verifies the certificate by squaring it modulo the CA’s public key, and comparing to a hashing of the concatenation of the server’s identity and public key. Terminal picks a random number x, considered to be a concatenation of random portions x L and x R combined with some expected ‘colour’ (say, k low-order zero bits, denoted 0 k ) Terminal encrypts x using server’s public key.

11 The server sends a random challenge containing some expected ‘colour’ The terminal verifies the expected colour that is present after conventional decryption. (it also verifies the session key) Terminal sends its identity, public key, and certificate, along with an ElGamal signature on the random challenge. The server verifies the certificate and signature.

Download ppt "Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.

HW6 due tomorrow Teams T will get to pick their presentation day in the order Teams T will get to pick their presentation day in the orderQuestions? Review.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Encryption An Overview. Fundamental problems Internet traffic goes through many networks and routers Many of those networks are broadcast media Sniffing.

Similar presentations

Ads by Google