Presentation is loading. Please wait.

Presentation is loading. Please wait.

Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu."— Presentation transcript:

1 Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu

2 Outline Introduction Background Shim’s protocol Attack Conclusion

3 Introduction The first one round tripartite D-H key agreement protocol was proposed by Joux in 2000. Vulnerable to man-in-middle attack Eight session keys Unknown-key-share attack Shim’s protocol Impersonation attack

4 Background Bilinear pairing from G 1  G 1  G 2, where G 1 is a cyclic group generated by P, which has order q, and G 2 is a cyclic multiplicative group of order q. 1.e(aP,bQ)=e(P,Q) ab 2.There exists P,Q  G 1 such that e(P,Q)  1. 3.Computability.

5 Shim’s protocol Setup: KGC set up P pub = sP and public the system parameters {G 1, G 2, q, e, P, P pub, H, H 1 }, where H, H 1 are hash functions. Private key extraction: 1. User A submits his ID to KGC. 2. KGC computes Q ID = H 1 (ID) and S ID = sQ ID.

6 Three parties key-agreement A (B, C) randomly chooses a and a’ (respectively, (b, b’), (c, c’)). A computes P A = aP, P A ’ = a’P and T A = S A +a 2 P+a’P pub. B computes P B = bP, P B ’ = b’P and T B = S B +b 2 P+b’P pub. C computes P C = cP, P C ’ = c’P and T C = S C +c 2 P+c’P pub.

7 User A verifies… computes e(T B +T C,P) = e(S B +b 2 P+b’P pub +S C +c 2 P+c’P pub, P) = e(sP B +b’sP+sP C +c’sP, P)e(b 2 P,P)e(c 2 P, P) = e(Q B +Q C +P’ B +P’ C,P pub )e(P B,P B )e(P C,P C ) K A1 = e(P B,P C ) a, K A2 = e(P B,P’ C ) a K A3 = e(P’ B,P C ) a, K A4 = e(P’ B,P’ C ) a K A5 = e(P B,P C ) a’, K A6 = e(P B,P’ C ) a’ K A7 = e(P’ B,P C ) a’, K A8 = e(P’ B,P’ C ) a’ ?

8 Keys K 1 = e(P,P) abc, K 2 = e(P,P) abc’, K 3 = e(P,P) ab’c, K 4 = e(P,P) ab’c’, K 5 = e(P,P) a’bc, K 6 = e(P,P) a’bc’, K 7 = e(P,P) a’b’c, K 8 = e(P,P) a’b’c’

9 Attack Attacker X impersonate B to communication with A and C. (gets four valid keys) X computes P X = xP, P X ’ = x’P-Q B and T X = x 2 P+x’P pub. e(T X +T C,P) = e(x 2 P+x’P pub +S C +c 2 P+c’P pub, P) = e(x’P+Q C +c’P, P pub )e(x 2 P+c 2 P, P) = e(P x ’+Q B +Q C +c’P,P pub )e(P X,P X )e(P C,P C ) = e(Q B +Q C +P’ X +P’ C,P pub )e(P X,P X )e(P C,P C )

10 Conclusion Shim’s protocol cannot resist impersonation attack. The memory of Falling-Star.

Download ppt "Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu."

Similar presentations

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:

Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
1 9 4 5 1 8 8 6 E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April. 30. 2003 Seo, Seung-Hyun Dept. of Computer Science and.

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *

Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.

An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.

BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.

11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.
A Pairing-Based Blind Signature

A Pairing-Based Blind Signature
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:

New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:
A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:

A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.

Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p.630-632 Present by.

Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p Present by.
Certificateless Authenticated Two-Party Key Agreement Protocols

Certificateless Authenticated Two-Party Key Agreement Protocols
Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.

Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.
Identity-based authenticated key agreement protocol based on Weil pairing N.P. Smart IEE Electronics Letters 2002 Presented By Kuang-Ling Lin 10/7/2003.

Identity-based authenticated key agreement protocol based on Weil pairing N.P. Smart IEE Electronics Letters 2002 Presented By Kuang-Ling Lin 10/7/2003.

Similar presentations

Ads by Google