Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,"— Presentation transcript:

1 1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12, DEC. 2001 Presented by Tung-Her Chen (2002/05/28)

2 2 Outline Introduction Related Works LSSH-3PEKE Performance Comparison Conclusions

3 3 Introduction(1/5) 1976 Diffie and Hellman : Key Distribution  public key authentication issue  Men in the middle attack 1992 Bellovin and Merritt : Encrypted Key Exchange (EKE)  A and B securely share a password in advance  Every two clients share a common secret

4 4 Introdcution(2/5) Password guessing attacks  Detectable on-line password guessing attacks  Undetectable on-line password guessing attacks  Off-line password guessing attacks

5 5 Introduction (3/5) 1995 Steiner, Tsudik, and Waidner : Three-party EKE( STW-3PEKE)  Trusted server S  Threatened by on-line password guessing attacks  Threatened by off-line password guessing attacks

6 6 Introduction (4/5) 2000 Lin, Sun, and Hwang : LSH-3PEKE  Server public-key 2001 Lin, Sun, Steiner, and Hwang : LSSH-3PEKE  Without server public-key

7 7 Introduction (5/5) 1992 EKE (IEEE Symp. On Research in Security and Privacy) 1995 STW-3PEKE (ACM Operating Syst. Rev.) 2000 LSH-3PEKE (ACM Operating Syst. Rev.) 2001 LSSH-3PEKE (IEEE Communications Letters) Every two users share a common secret Password guessing attack Server’s Public Key

8 8 Related Work -Notations A, B, S, A*, B*, S* P A, P B, K S [M] K, P I, {M} K f K (M), h(M), H 1 (k), H 2 (k) p, g N A, N B, N S, R A = g N A mod p flow i

9 9 Related Work -STW-3PEKE (1995) AB S P A A, P A P B R A N S, R B N S K = (R A N S ) N B mod p = g N A N B N S mod p K = (R B N S ) N A mod p = g N A N B N S mod p R B N S, [flow1] K [[flow1] K ] K

10 10 Related Work (1995) -STW-3PEKE Weakness(1) AB S P A A, P A P B R A N S, R’ A N S P’ A,R’ A, set R B =R’ A Check whether R A N S = R’ A N S P’ A = P A Undetectable On-Line Guessing Attacks

11 11 Related Work (2000) -STW-3PEKE Weakness(2) A*B S* X A, X P B R’ A N’ S, Y K = (R’ A N’ S ) N B mod p = g N’ A N B N’ S mod p P’ B => R’ B => K’ = (R’ B N’ S ) N’ A Decrypt [flow1] K by K’ and check whether flow1 = X Y, [flow1] K R’ A = g N’ A Off-Line Guessing Attack

12 12 Related Work (2000) -LSH-3PEKE AB S A, {r a, R A, P A } K S [B, R B ] r a [A, R A ] r b K = (R A ) N B mod p = g N A N B mod p K = (R B ) N A mod p = g N A N B mod p [B,R B ] r a, [h(flow1), C B ] K CBCB A {r a,R A,P A } K S {r b,R B,P B } K S

13 13 LSSH-3PEKE (2001) A B S (2) P A P B (1)A, B (3)A, R A, f K A,S (A, B, g N S1 ), P B K A,S = (g N s1 ) N A mod p K B,S = (g N s2 ) N B mod p (4) R A, f KA,S (A, B, g N S1 ) R B, f K B,S (A, B, g N S2 ) (5) f KB,S (A, B, R A, R B ) f K A,S (A, B, R A, R B ) (6) R B, f K A,S (A, B, R B, R A ), f K’ (A, B, R A ) (7) f K’ (A, B, R B ) K = H 1 (R B NA (mod p)) K’ = H 2 (R B NA (mod p)) K = H 1 (R A NB (mod p)) K’ = H 2 (R A NB (mod p))

14 14 Performance analysis LSH-3PEKELSSH- 3PEKE Steps57 ABSABS Modular exponentiation2(7) 0(6)334 Public-key en/decryption1/0 0/2000 Symmetric en(de)cryption222112 MAC000334 Random numbers230112

15 15 Conclusions LSSH-3PEKE scheme  Both one-line and off-line guessing attack will not work  Perfect forward secrecy  Without Server public-Keys

16 16 Comments More complex; more insecurity. Public key techniques are unavoidable for password protocols that resist off-line guessing attack.(1999) You can try it…

Download ppt "1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,"

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.

SIP Authentication using EC- SRP5 Protocol draft-liu-sipcore-ecc-srp5-00.txt Authors: Fuwen Liu, Minpeng Qi and Min Zuo.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.

An Improvement on Authenticated Key Agreement Scheme Authors: Chin-Chen Chang and Shih-Yi Lin Source: 2007 International Conference on Intelligent Pervasive.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Network Security--- User Authentication and Key Agreement Protocols

Network Security--- User Authentication and Key Agreement Protocols
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
A password authentication scheme with secure password updating SEC 期末報告 學號: 89321037 姓名:翁玉芬.

A password authentication scheme with secure password updating SEC 期末報告 學號: 姓名:翁玉芬.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks IEICE Transactions on Communications, Vol. E86-B, No.

Improvement of Password Authenticated Key Exchange Based on RSA for Imbalanced Wireless Networks IEICE Transactions on Communications, Vol. E86-B, No.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google