Identity-based deniable authentication protocol

Slides:

Advertisements

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Advertisements

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.

1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

An Introduction to Identity-based Cryptography

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.

1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人：陳昱升.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.

An Efficient Identity-based Cryptosystem for

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Cryptography and Network Security (CS435) Part Eight (Key Management)

Computer and Network Security Rabie A. Ramadan Lecture 6.

Review of Certificateless Cryptography Yu-Chi Chen.

Public Key Encryption with keyword Search Author: Dan Boneh Rafail Ostroversity Giovanni Di Crescenzo Giuseppe Persiano Presenter: 陳昱圻.

Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.

Cryptanalysis of Some Proxy Signature Schemes without Certificates Wun-She Yap, Swee-Huay Heng Bok-Min Goi Multimedia University.

多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date： Reporter :Chien-Wen Huang 出處： 2008 Second International Conference on Future.

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

MSN lab1 A novel deniable authentication protocol using generalized ElGamal signature scheme Source: Information Sciences, vol. 177, pp , 2007.

Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.

Key Management Network Systems Security Mort Anvari.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Fall 2006CS 395: Computer Security1 Key Management.

1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.

Key Generation Protocol in IBC Author ： Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.

Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

A Secure Authentication Scheme with Anonymity for Wireless Communications IEEE COMMUNICATIONS LETTERS, VOL. 12, NO. 10, OCTOBER 2008 Chia-Chun Wu, Wei-Bin.

What is in a name? Identity-based cryptography. How public-key crypto works When you use public key cryptography, you can publish a value (public key)

Basics of Cryptography

Author:YongBin Zhou, ZhenFeng Zhang, and DengGuo Feng Presenter:戴士桀

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Protocol Analysis.

Identity Based Encryption

Information Security message M one-way hash fingerprint f = H(M)

Boneh-Franklin Identity Based Encryption Scheme

Certificateless signature revisited

CS480 Cryptography and Information Security

Public Key Encryption and Digital Signatures

Group theory exercise.

Basic Network Encryption

Digital Signature.

Information Security message M one-way hash fingerprint f = H(M)

Public Key Infrastructure

Fuzzy Identity Based Encryption

Chapt. 10 – Key Management Dr. Wayne Summers

Information Security message M one-way hash fingerprint f = H(M)

Chapter 10: Key Management (Again) and other Public Key Systems

CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9

Source： Ad Hoc Networks, Vol. 71, pp , 2018

Key Management Network Systems Security

Key Establishment Protocols ~

CDK: Chapter 7 TvS: Chapter 9

Basic Network Encryption

A Note on Secure Key Issuing in ID-based Cryptography

Secure Diffie-Hellman Algorithm

Presentation transcript:

Identity-based deniable authentication protocol Source: ELECTRONICS LETTERS 3rd March2005 Vol. 41 No.5 Author: Y.Shi and J.Li Presenter: 蕭芥釧資訊碩一 M9525674

Outline Introduction Bilinear pairings Proposed scheme Protocol analysis conclusion

Introduction (1/4) Deniable authentication protocol: Application The receiver can verify the source of the message as the traditional authentication protocol. The receiver cannot prove the source of the message to the third party. Application Electronic voting systems.

Introduction (2/4) Fan et al. proposed a simple deniable authentication protocol based on the Diffie-Hellman key distribution protocol. An intruder masquerades as a receiver to a sender and persuades a sender to initiate a protocol with him. This protocol adopts certificates to defeat the attack of the person-in-the-middle Shao has pointed out that Fan’s scheme can suffer from the impersonate attack

Introduction (3/4) Shao proposed a non-interactive deniable authentication protocol based on the generalised E1 Gamal signature scheme Shao’s scheme still requires heavy use of certificates

Introduction (4/4) In this paper, we propose a new non- interactive deniable authentication protocol based on identity cryptography Only the intended receiver can identify the source of a given message It is suitable for offline authentication in some applications such as e-mail

Bilinear pairings A modified bilinear pairing is a map e^: G1 ╳ G1 → G2 with the following properties:

Proposed scheme (1/4) The concept of identity-based cryptography was first proposed by Shamir It is a form of public key cryptography The public key can be an arbitrary string Boneh and Franklin proposed an efficient identity-based encryption (IBE) based on bilinear pairings IBE scheme needs a trusted key generation centre (KGC)

The KGC chooses the following system parameters

Proposed scheme (2/4) The KGC keeps the master key s secretly and publishes the public parameter (G1, G2, eˆ, P, PKGC, H1, H). Given a user’s identity ID, the KGC generates a pair of the user’s identity- based keys (QID, SID) as follows QID = H1 (ID) SID = sQID KGC issues the private key SID to the user via a secure channel.

Proposed scheme (3/4) In our scheme, we adopt a secure signature scheme such as Hess’s identity-based signature scheme. We represent its signature and verification functions for a message m with a pair of keys (QID, SID) by δ = Sign(m, SID ) and Verify(δ,QID ,m) = true

Proposed scheme (4/4)

Protocol analysis (1/3) Lemma 1: the protocol authentication the source of the message Proof: Ks = e^(rQR, PKGC) = e^(SR,U) = KR If someone proves (U,δ,MAC,M) to R, he must be S. Even though an intruder gets the messages U, QR and PKGC he cannot get the key K The key K is as difficult as solving the BDH problem

Protocol analysis (2/3) Lemma 2: The protocol is deniable Proof: After receiving (U,δ,MAC,M), R can identify with his private key SR R cannot prove the source of the message to a third party.

Protocol analysis (3/3) Lemma 3: The protocol can withstand impersonate attacks Proof: Assume that the third party obtains the message M and its authenticator (U,δ,MAC) If he can verify the authenticator, he must find K’= K. It is impossible to do it under the BDH problem.

Conclusions The authors have developed a new deniable authentication protocol based on identity cryptography that has no need for certificates. this scheme is secure since no one can impersonate the intended receiver under the security assumption of the BDH problem This scheme is non-interactive and suitable for offline authentication.