1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Public Key Crytography1 From: Introduction to Algorithms Cormen, Leiserson and Rivest.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
1 An ID-based multisignature scheme without reblocking and predetermined signing order Chin-Chen Chang, Iuon-Chang Lin, and Kwok-Yan Lam Computer Standards.
Chapter3 Public-Key Cryptography and Message Authentication.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Key Distribution CS 470 Introduction to Applied Cryptography
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Integrating Diffie-Hellman Key Exchange into the Digital Signature Algorithm IEEE Communications Letters, March 2004 Lein Harn, Manish Metha and Wen- Jung.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
ASYMMETRIC CIPHERS.
Computer Science Public Key Management Lecture 5.
Public Key Model 8. Cryptography part 2.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
ElGamal Public Key Cryptography CS 303 Alg. Number Theory & Cryptography Jeremy Johnson Taher ElGamal, "A Public-Key Cryptosystem and a Signature Scheme.
1 Public-Key Cryptography and Message Authentication Ola Flygt Växjö University, Sweden
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 21 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Public Key Cryptography. symmetric key crypto requires sender, receiver know shared secret key Q: how to agree on key in first place (particularly if.
CS461/ECE422 Spring 2012 Nikita Borisov — UIUC1.  Text Chapters 2 and 21  Handbook of Applied Cryptography, Chapter 8 
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Cryptography and Network Security Key Management and Other Public Key Cryptosystems.
ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Information Security CS 526
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.
Public Key Algorithms Lesson Introduction ●Modular arithmetic ●RSA ●Diffie-Hellman.
COEN 351 E-Commerce Security
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Key Management Network Systems Security Mort Anvari.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
1 An Ordered Multi-Proxy Multi-Signature Scheme Authors: Min-Shiang Hwang, Shiang-Feng Tzeng, Shu-Fen Chiou Speaker: Shu-Fen Chiou.
Public-Key encryption structure First publicly proposed by Diffie and Hellman in 1976First publicly proposed by Diffie and Hellman in 1976 Based on mathematical.
Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg May 1993 Adviser:
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Pubic Key Encryption CSCI 5857: Encoding and Encryption.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
CST 312 Pablo Breuer.  First published public-key algorithm  A number of commercial products employ this key exchange technique  Purpose is to enable.
Key Management public-key encryption helps address key distribution problems have two aspects of this: – distribution of public keys – use of public-key.
Source: IEEE Communications Letters, Vol. 8, No. 3, March 2004
Identity-based deniable authentication protocol
Key Management Network Systems Security
Presentation transcript:

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented by Bin-Cheng Tzeng 2002/10/01

2 Outlines  Introduction  Digital signature schemes for Diffie- Hellman public keys  Key agreement protocols  Possible attacks  Proposed protocol  Conclusions

3 Introduction  Diffie and Hellman proposed in 1976 the public-key distribution scheme  The scheme requires an authentication channel to exchange the public keys  Use digital signatures of the exchanged public keys to provide authentication

4 Introduction  The security assumption for most signature schemes are based on some well-known computational problems  The security of a one-way hash function is based on the complexity of analysing a simple iterated function  It would be more secure to have a key distribution without using one-way hash functions

5 Introduction  The MQV key agreement protocol proposed in 1995  In 1998, authors published a key agreement protocol  Some attacks on this key agreement protocol were found  The attacks can easily be avoided by modifying the signature signing equation

6 Digital signature schemes for Diffie-Hellman public keys  r =  k mod p  k and r : short-term private key and short- term public key  x : long-term private key  y =  x mod p : long-term public key

7 Key agreement protocols  A sends {r A, s A, cert(y A )} to B  B sends {r B, s B, cert(y B )} to A  A verifies r B and computes the shared secret key  B verifies r A and computes the shared secret key

8 Possible attack  Does not offer perfect forward secrecy  Assume that the protocol uses x = rk + s  is the long-term shared secret key

9 Proposed protocol  Enables A and B to share multiple secret keys in one round of message exchange  To share four secrets : A generates two random short-term secret keys, k A1 and k A2,public keys r A1, r A2 signature s A for {r A1, r A2 } for example :

10 Proposed protocol(cont.)  A sends {r A1, r A2, s A, cert(y A )} to B  B does the same things  A verifies {r B1, r B2 }  A computes the shared secret keys as

11 Proposed protocol(cont.)  B verifies {r A1, r A2 } and computes the shared secret keys as

12 Discussion  Have modified the original protocol in signature signing and verification equations  The attacks on the original protocol cannot work successfully in this modified protocol  This modified protocol does not increase any computational load and does not involve any additional one-way hash function

13 Discussion(cont.)  Multiplying these two equations together

14 Discussion(cont.)  If the adversary knows four consecutive shared secret keys, he can solve the long-term shared secret K AB  To achieve the perfect forward secrecy, limit ourselves to use only three out of the four shared secret keys  The protocol can be generalised to enable A and B to share n 2 -1 secrets if each user sends n Diffie- Hellman public keys in each pass

15 Conclusions  The security assumption relies solely on solving the discrete logarithm problem  This protocol allows two parties to share multiple secret keys in two-pass interaction  The computation for shared secret keys is simpler than the MQV protocol

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.