Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improved Authenticated Multiple-Key Agreement Protocol

Published by준유 임 Modified over 4 years ago

Similar presentations

Presentation on theme: "Improved Authenticated Multiple-Key Agreement Protocol"— Presentation transcript:

1 Improved Authenticated Multiple-Key Agreement Protocol
Source: Computer and Mathematics with Applications 46 (2003), pp Author: Her-Tyan Yen, Hung-Min Sun and Tzonelih Hwang

2 Authenticated multiple-key agreement
Two communication entities are allowed to establish multiple secret keys through the message exchange.

3 Motivation (1/2) Authenticated key agreement without using one-way hash functions L. Harn and H.Y. Lin, Authenticated key agreement protocol without using one-way functions, In Proc. 8th National Conf. Information Security, (1998). Improved authenticated multiple-key agreement protocol S.M. Yen and M. Joye, Improved authenticated multiple-key agreement protocol, Electron. Lett., , (1998)

4 Motivation (2/2) Security of authecticated multiple-key agreement protocols T.S. Wu, W.H. He and C.L. Hsu, Security of authenticated multiple-key agreement protocols, Electron. Lett., (1999). This paper pointed out that the Wu et al.’s paper still suffers the forgery problem and proposed an improved protocol to overcome the problem.

5 The past authenticated key agreement protocol
p : large prime α: primitive element XA: A’s secret key XB: B’s secret key , A’s public key , B’s public key

6 The Wu and He’s protocol (Authentication Phase)
rA1, rA2, SA, cert(yA) 7. two random secret number kA1 and kA2 2. 3. 4. 5. 6. SA = XA-h(rA1rA2)kA mod (p-1)

7 rA1, rA2, SA, cert(yA) = (rA1.rA2)h(rA1rA2).αXA-h(rA1rA2)‧KA
= (rA1.rA2)h(rA1rA2).αXA.(αKA) –h(rA1rA2) Due to KA = KA1+KA2 mod (p-1) = (rA1.rA2)h(rA1rA2).(α (KA1+KA2) ) –h(rA1rA2).αXA Due to rA1 = αkA1 mod p and rA2 = αkA2 mod p = (rA1.rA2)h(rA1rA2).(rA1.rA2) –h(rA1rA2) .αXA = αXA

8 Keys generation K1 = (rA1)KB1 mod p K2 = (rA2)KB1 mod p

9 Forgery attack rA1, rA2, SA, cert(yA) r΄A1, r΄A2, SA, cert(yA)
If an attacker can find integers r΄A1, r´A2 satisfying r´A1‧ r´A2 = rA1‧ rA2 , then he can convince B that he is A. rA1, rA2, SA, cert(yA) r΄A1, r΄A2, SA, cert(yA)

10 r’A1, r’A2, SA, cert(yA) = (r’A1.r’A2)h(r’A1r’A2).αXA-h(rA1rA2)‧KA
= (r’A1.r’A2)h(r’A1r’A2).αXA.(αKA) –h(rA1rA2) Due to KA = KA1+KA2 mod (p-1) = (r’A1.r’A2)h(r’A1r’A2).(α (KA1+KA2) ) –h(rA1rA2).αXA Due to rA1 = αkA1 mod p and rA2 = αkA2 mod p = (r’A1.r’A2)h(r’A1r’A2).(rA1.rA2) –h(rA1rA2) .αXA Due to r’A1‧r’A2 = rA1‧rA2 = αXA

11 The proposed protocol rA1, rA2, SA, cert(yA) two random secret
7. two random secret number kA1 and kA2 2. 3. 4. 5. 6. SA = XA- (rA1+rA2)kA mod (p-1)

12 rA1, rA2, SA, cert(yA) = (rA1.rA2)(rA1+rA2).αXA-(rA1+rA2)‧KA
= (rA1.rA2)(rA1+rA2).αXA.(αKA) –(rA1+rA2) Due to KA = KA1+KA2 mod (p-1) = (rA1.rA2)(rA1+rA2).(α (KA1+KA2) ) –(rA1+rA2).αXA Due to rA1 = αkA1 mod p and rA2 = αkA2 mod p = (rA1.rA2)(rA1+rA2).(rA1.rA2) –(rA1+rA2) .αXA = αXA

13 Conclusion The proposed protocol is secure and efficient against forgery, and does not involve any one-way hash function.

14 Thanks for your listening

15 Authentication Phase rA1, rA2, SA, cert(yA) two random secret
7. two random secret number kA1 and kA2 2. 3. 4. 5. 6. SA = XA-rAkA mod (p-1) method (1)

16 rA1, rA2, SA, cert(yA) = (rA1.rA2)rA.αXA-rA‧KA
= (rA1.rA2)rA.αXA.(αKA) -rA Due to KA = KA1+KA2 mod (p-1) = (rA1.rA2)rA.(α (KA1+KA2)) -rA .αXA Due to rA1 = αkA1 mod p and rA2 = αkA2 mod p = (rA1.rA2)rA.(rA1.rA2) -rA .αXA = αXA method (1)

17 Forgery attack rA1, rA2, SA, cert(yA) r΄A1, r΄A2, SA, cert(yA)
If an attacker can find integers r΄A1, r´A2 satisfying r´A1‧ r´A2 = rA1‧ rA2 , then he can convince B that he is A. rA1, rA2, SA, cert(yA) r΄A1, r΄A2, SA, cert(yA) method (1)

18 r΄A1, r΄A2, SA, cert(yA) = (r΄A1.r΄A2)rA.αXA-rA‧KA
= (r΄A1.r΄ A2)rA.αXA.(αKA) -rA Due to KA = KA1+KA2 mod (p-1), rA1 = αkA1 mod p and rA2 = αkA2 mod p = (r΄A1.r΄A2)rA.(rA1.rA2) -rA .αXA Due to r´A1‧ r´A2 = rA1‧ rA2 = αXA Method (1)

19 Authentication Phase rA1, rA2, SA, cert(yA) two random secret
7. two random secret number kA1 and kA2 2. 3. 4. 5. 6. SA = XA-rA1rA2kA mod (p-1) Method (2)

20 rA1, rA2, SA, cert(yA) = (rA1.rA2)rA1rA2.αXA-(rA1rA2)‧KA
= (rA1.rA2)rA1rA2.αXA.(αKA) –rA1rA2 Due to KA = KA1+KA2 mod (p-1) = (rA1.rA2)rA1rA2.(α (KA1+KA2)) –rA1rA2.αXA Due to rA1 = αkA1 mod p and rA2 = αkA2 mod p = (rA1.rA2)rA1rA2.(rA1.rA2) –rA1rA2 .αXA = αXA Method (2)

21 Forgery attack rA1, rA2, SA, cert(yA) r΄A1, r΄A2, SA, cert(yA)
If an attacker can find integers r΄A1, r´A2 satisfying r´A1‧ r´A2 = rA1‧ rA2 , then he can convince B that he is A. rA1, rA2, SA, cert(yA) r΄A1, r΄A2, SA, cert(yA) Method (2)

22 rA1, rA2, SA, cert(yA) = (r’A1.r’A2)r’A1r’A2.αXA-(rA1rA2)‧KA
= (r’A1.r’A2)r’A1r’A2.αXA.(αKA) –rA1rA2 Due to KA = KA1+KA2 mod (p-1) = (r’A1.r’A2)r’A1r’A2.(α (KA1+KA2)) –rA1rA2.αXA Due to rA1 = αkA1 mod p and rA2 = αkA2 mod p = (r’A1.r’A2)r’A1r’A2.(rA1.rA2) –rA1rA2 .αXA Due to r’A1.r’A2 = r’A1‧r’A2 Method (2) = αXA

Download ppt "Improved Authenticated Multiple-Key Agreement Protocol"

Similar presentations

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.

電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
A password authentication scheme with secure password updating SEC 期末報告 學號: 89321037 姓名:翁玉芬.

A password authentication scheme with secure password updating SEC 期末報告 學號: 姓名:翁玉芬.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.
Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013

Signcryption Parshuram Budhathoki Department of Mathematical Sciences Florida Atlantic University April 18, 2013
Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date : 2012-12-08.

Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :
Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.

Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.
A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) Authors: Kumar Mangipudi and Rajendra Katti Source: Computers & Security,

A Secure Identification and Key Agreement Protocol with User Anonymity (SIKA) Authors: Kumar Mangipudi and Rajendra Katti Source: Computers & Security,
1 一個新的代理簽章法 A New Proxy Signature Scheme 作 者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡 報 告者 : 郭淑娟.

1 一個新的代理簽章法 A New Proxy Signature Scheme 作 者 : 洪國寶, 許琪慧, 郭淑娟與邱文怡 報 告者 : 郭淑娟.
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.

Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
SPEAKER: HONG-JI WEI DATE: 2012-12-28 Secure Anonymous Authentication Scheme with Roaming for Mobile Networks.

SPEAKER: HONG-JI WEI DATE: Secure Anonymous Authentication Scheme with Roaming for Mobile Networks.
Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.

Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.
Prepared by Dr. Lamiaa Elshenawy

Prepared by Dr. Lamiaa Elshenawy
MSN lab1 A novel deniable authentication protocol using generalized ElGamal signature scheme Source: Information Sciences, vol. 177, pp. 1376-1381, 2007.

MSN lab1 A novel deniable authentication protocol using generalized ElGamal signature scheme Source: Information Sciences, vol. 177, pp , 2007.

Similar presentations

Ads by Google