Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secret-Key Agreement without Public-Key Cryptography Security Seminars Kulesh Shanmugasundaram.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Secret-Key Agreement without Public-Key Cryptography Security Seminars Kulesh Shanmugasundaram."— Presentation transcript:

1 Secret-Key Agreement without Public-Key Cryptography Security Seminars Kulesh Shanmugasundaram

2 SYN  SYN  Secret-Key Paradigms  Leighton-Micali Scheme  Sensor Networks Perspectives  References  FIN

3 Secret-Key Sharing  Secret-Key Sharing Paradigms –Public-key framework –Needham-Schroeder framework  Needham-Schroeder framework –Trusted authority T mediates key agreements between Alice and Bob –We know the framework well(?)

4 Needham-Schroeder  Issues with the scheme 1.Requires trusted authority to be continuously available 2.Exposes arbitrarily many clear-text- cipher-text pairs 3.Requires encryption to provide authentication 4.Security of the scheme depends on advances in number theory

5 Leighton-Micali Scheme  Properties of the scheme 1.Simple, elegant and easy to implement 2.Depends on ordinary one-way functions 3.Continuous presence of trusted authority is not required 4.Requires computing or storing N 2 k-bit keys, for an N-node network 5.Encryption, authentication in one protocol 6.Compromising nodes, trusted authority doesn’t affect the security…

6 Leighton-Micali Scheme  One time initialization of protocol –h() denotes a hash function, + denotes xor operation 1. Trusted authority creates two secret master keys 1.Exchange key – K 2.Authentication key – K’ 2. TA assigns two keys for each node 1.Exchange key K i = h(K, i) 2.Authentication key K’ i = h(K’, i) 3. TA computes O(N 2 ) keys for each pair of nodes 1.Exchange key P i,j = h(K j, i) + h(K i, j) 2.Authentication key A i,j = h(K’ i, h(K j,i))

7 Leighton-Micali Scheme…  Computing Secret-keys 1. Suppose P a,b is pair key for Alice and Bob 2. Alice computes E = P a,b + h(K a, Bob) 3. Alice authenticates the key A a,b = h(K a, E) 4. To decrypt Bob simply computes h(K b, Alice) 5. Done!

8 Leighton-Micali Scheme…  Security properties of the scheme 1.Unpredictability of individual keys 2.Unpredictability of pair-keys 3.When requesting pair-keys, requestor doesn’t need to authenticate herself 4.No man-in-the-middle 5.This is not a public-key approach

9 Leighton-Micali Scheme…  Sensor network perspectives… –Simple operations (hash, xor) –Relatively few messages across entities –No need for a trusted authority –Pair-keys can be stored on any or all nodes  Questions –Are hash functions inexpensive? –How to efficiently find pair-keys on nodes?

10 References  Secret-Key Agreement without Public-Key Cryptography, Tom Leighton, Silvio Micali, Crypto 93

11 FIN Questions, comments, concerns?

Download ppt "Secret-Key Agreement without Public-Key Cryptography Security Seminars Kulesh Shanmugasundaram."

Similar presentations

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.

Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Computer Security Key Management

Computer Security Key Management
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.

Lect. 11: Public Key Cryptography. 2 Contents 1.Introduction to PKC 2.Hard problems  IFP  DLP 3.Public Key Encryptions  RSA  ElGamal 4.Digital Signatures.
G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks.

G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.

1 Encryption What is EncryptionWhat is Encryption Types of EncryptionTypes of Encryption.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Authentication System

Authentication System
Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.

Remarks on Voting using Cryptography Ronald L. Rivest MIT Laboratory for Computer Science.
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,

Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Network Security. Contents Security Requirements and Attacks Confidentiality with Conventional Encryption Message Authentication and Hash Functions Public-Key.

Similar presentations

Ads by Google