Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences.

Published byBridget Hodge Modified over 8 years ago

Similar presentations

Presentation on theme: "Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences."— Presentation transcript:

1 Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences

2 Outline Abstract Introduction Overview of Chung et al.’s Scheme – Relationship Building Phase – Key Generation Phase – Key Derivation Phase – Inserting New Security Classes Phase – Removing Existing Security Classes Phase Cryptanalysis of Chung et al.’s Scheme Improvement on Chung et al.’s Scheme Conclusion

3 Abstract  propose an attack on Chung et al.’s scheme to show that Chung et al.’s scheme is insecure against our proposed attack.  show that in our proposed attack, an attacker (adversary) who is not a user in any security class in a user hierarchy attempts to derive the secret key of a security class by using the root finding algorithm.  propose a simple improvement on Chung et al.’s scheme.

4 Introduction  [1] S. G. Akl and P. D. Taylor, “Cryptographic Solution to a Problem of Access Control in a Hierarchy,” ACM Transactions on Computer Systems (TOCS), 1(3):239–248, 1983.  [16]H. M. Tsai and C. C. Chang. A Cryptographic Implementation for Dynamic Access Control in a user Hierarchy,” Computers & Security, 14(2):159–166, 1995.  [14]V. L. R. Shen and F. Lai., “Novel Cryptographic Key Assignment Scheme for Dynamic Access Control in a Hierarchy,” IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, E80-A(10):2035–2037, 1997.  [4]Y. F. Chung, H. H. Lee and F. Lai, “Access control in user hierarchy based on elliptic curve cryptosystem, ”Information Sciences, 178(1):230– 243, 2008.

5 Overview of Chung et al.’s Scheme  Key Generation Phase  In this phase, CA performs the following steps:  Step 1: Randomly selects a large prime p.  Step 2: Selects an elliptic curve E p (a, b) defined over Z p such that the order of E p (a, b) lies in the interval.  Step 3: Selects a one-way function h( ・ ) to transform a point into a number and a base point G j from E p (a, b), 1 ≦ j ≦ n.  Step 4: For each security class SC j (1 ≦ j ≦ n), selects a secret key sk j and a sub-secret key s j.  Step 5: For all,computes the followings: s i G j = (x j,i, y j,i ), h(x j,i ||y j,i ),where || is a bit concatenation operator.  Step 6: Finally, computes the public polynomial f j (x) using the values of h(x j,i ||y j,i ),  Step 7: Sends sk j and s j to the security class SC j via a secret channel.  Step 8: Announces p, h( ・ ),G j, f j (x) as public.

6 Overview of Chung et al.’s Scheme  Key Derivation Phase  In order to compute the secret keys sk j of all successors, SC j, the predecessor SC i, for which the relationships between SC i and SC j hold, proceeds as follows:  Step 1: For, computes the followings: s i G j = (x j,i, y j,i ), h(x j,i ||y j,i ),where || is a bit concatenation operator.  Step 2: Computes the secret key sk j using h(x j,i ||y j,i ) as follows:

7 Inserting New Security Classes Phase  If a new security class SC k is inserted into the hierarchy such that, then the relationships for and for need to be updated into the hierarchy. CA needs the following steps to manage the accessing priority of SC k in the hierarchy.  Step 1: Updates the partial relationships R that follows when the security class SC k joins the hierarchy.  Step 2: Randomly selects the secret key sk k, the sub-secret key s k and the base point G k for the class SC k.  Step 3: For all that satisfies when the new class SC k is inserted in the hierarchy, computes s i G k = (x k,i, y k,i ), h(x k,i ||y k,i ).  Step 4: Computes the public polynomial f k (x) as follows:

8 Inserting New Security Classes Phase  Step 5: For all and that satisfy when the new class SC k is inserted in the hierarchy, computes s k G j = (x j,k, y j,k ), s i G j = (x j,i, y j,i ), h(x j,k ||y j,k ) and h(x j,i ||y j,i ).  Step 6: Computes the public polynomial f 0 j(x) as follows:  Step 7: Replaces f j (x) with f ’ j (x), and sends sk k and s k to SC k via a secure channel, and announces publicly G k, f k (x) and f ’ j (x).

9 Removing Existing Security Classes Phase  Step 1: Updates the partial relationship R that follows when SC k is removed.  Step 2: For all does the followings: Renews the secret key sk j as sk ’ j and the base point G j as G ’ j of SC j. For all does the followings: Renews after removing SC k. Computes s i G ’ j = (x j,i, y j,i ). Computes h(x j,i, y j,i ). Computes the public polynomial f ’ j (x) as Replaces f j (x) with f’ j (x).  Step 3: Sends sk’ j to SC j via a secret channel and announces G’ j and f’ j (x) as public

10 Cryptanalysis of Chung et al.’s Scheme  Our proposed exterior root finding attack:

11 An example

12  SC 1 : f 1 (x) = [x − h(x 1,0 ||y 1,0 )] + sk 1 (mod p), where s’ is given by CA  SC 2 : f 2 (x) = [x − h(x 2,1 ||y 2,1 )] + sk 2 (mod p),  SC 3 : f 3 (x) = [x − h(x 3,1 ||y 3,1 )] + sk 3 (mod p),  SC 4 : f 4 (x) = [x − h(x 4,1 ||y 4,1 )][x − h(x 4,2 ||y 4,2 )] + sk 4 (mod p),  SC 5 : f 5 (x) = [x − h(x 5,1 ||y 5,1 )][x − h(x 5,2 ||y 5,2 )][x − h(x 5,3 ||y 5,3 )] + sk 5 (mod p),  SC 6 : f 6 (x) = [x − h(x 6,1 ||y 6,1 )][x − h(x 6,3 ||y 6,3 )] + sk 6 (mod p)

13 Inserting New Security Classes

14  f 6 (x) = [x − h(x 6,1 ||y 6,1 )][x − h(x 6,3 ||y 6,3 )] + sk 6 (mod p) After joining the security class SC 7, the public polynomial f’ 6 (x) for SC 6 and f 7 (x) for SC 7 are formed as follows:  F’ 6 (x) = [x − h(x 6,1 ||y 6,1 )][x − h(x 6,3 ||y 6,3 )][x − h(x 6,7 ||y 6,7 )]+sk 6 (mod p)

15 Improvement on Chung et al.’s Scheme  Step 1: Updates the partial relationships R that follows when the security class SC k joins the hierarchy.  Step 2: Randomly selects the secret key sk k, the sub-secret key s k and the base point G k for the class SC k.  Step 3: For all that satisfies when the new class SC k is inserted in the hierarchy, computes s i G k = (x k,i, y k,i ), h(x k,i ||y k,i ).  Step 4: Computes the public polynomial f k (x) as follows:

16 Improvement on Chung et al.’s Scheme  Step 5: For all and that satisfy SC i , SC k , SC j when the new class SC k is inserted in the hierarchy:  Replaces the secret key sk j with sk ’ j and the base point G j with G ’ j of the successor security class SC j of SC k. Computes s k G’ j = (x’ j,k, y’ j,k ). Computes s i G’ j = (x’ j,i, y’ j,i ).  Computes h(x’ j,k ||y’ j,k ) and h(x’ j,i ||y’ j,i ) using the one-way function h( ・ ).  Step 6: Computes the public polynomial f’ j (x) as follows:  Step 7: Replaces f j (x) with f’ j (x), and sends sk’ j to SC j via a secure channel, and announces publicly G’ j and f’ j (x).  Step 8: Sends sk k and sk to SC k via a secure channel, and announces publicly G k and f k (x).

17 Security Analysis of the Improved Scheme  CA updates the secret key sk j with sk ’ j and the base point G j with G ’ j for the security class SC j and also announces the public updated elliptic curve polynomial f ’ j (x).  However, the roots of will not satisfy both the equations f j (x) = 0 and f’ j (x) = 0

18 Conclusion  We have further proposed a simple improvement on Chung et al.’s scheme. In addition, the improved scheme resists exterior root finding attacks.

19 Schedule  A Secure Key Management Protocol over Grey System.(10%)  Sum-lock, difference-lock, sum-ladder and difference-ladder.  Shuhua Wu and Kefei Chen, “An Efficient Key- Management Scheme for Hierarchical Access Control in E-Medical System”, Journal of Medical System, April, 2011. (AES+ECC+Relationship)

Download ppt "Cryptanalysis and Improvement of an Access Control in User Hierarchy Based on Elliptic Curve Cryptosystem Reporter : Tzer-Long Chen Information Sciences."

Similar presentations

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.

Trusted Data Sharing over Untrusted Cloud Storage Provider Gansen Zhao, Chunming Rong, Jin Li, Feng Zhang, and Yong Tang Cloud Computing Technology and.
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.

多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.

KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.
Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.

Cryptography. 2 Objectives Explain common terms used in the field of cryptography Outline what mechanisms constitute a strong cryptosystem Demonstrate.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.

1 Formal Specification and Verification of a Micropayment Protocol Alex X. Liu The University of Texas at Austin, U.S.A. October 13, 2004 Co-author: Mohamed.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.
Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.

Efficient fault-tolerant scheme based on the RSA system Author: N.-Y. Lee and W.-L. Tsai IEE Proceedings Presented by 詹益誌 2004/03/02.
An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp. 723-728,

An Improved Smart Card Based Password Authentication Scheme with Provable Security Source:Computer Standards & Interfaces, Vol. 31, No. 4, pp ,
A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.

A more efficient and secure dynamic ID- based remote user authentication scheme Yan-yan Wang, Jia-yong Liu, Feng-xia Xiao, Jing Dan in Computer Communications.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.

Similar presentations

Ads by Google