Key Agreement Protocols

Top PDF Key Agreement Protocols:

Comparative Study of Tripartite Identity-Based Authenticated Key Agreement Protocols

Comparative Study of Tripartite Identity-Based Authenticated Key Agreement Protocols

As an alternative to certificate-based PKIs, Shamir intro- duced the concept of an identity-based cryptosystem [24] in which the user’s public key is an easily calculated func- tion of her identity (e.g. social security number), while the user’s private key is calculated by a trusted authority referred to as Key Generation Center (KGC). Shamir pro- vided the first identity-based key construction based on the RSA problem, and presented an identity-based signature scheme [24]. The identity-based public key cryptosystem simplifies the process of key management, therefore can be an alternative for certificate-based public key infrastructure (PKI). In such cryptosystems, entity A can send encrypted messages to entity B by using her identity information even before B obtains her private key from the KGC. Hence, the idea also provides a way to construct authenticated key agreement protocols.
Show more

10 Read more

On the Security of Authenticated Group Key Agreement Protocols

On the Security of Authenticated Group Key Agreement Protocols

Abstract. The group key agreement protocol enables to derive a shared session key for the remote members to communicate securely. Recently, several attempts are made to utilize group key agreement protocols for s ecure multicasting in Internet of Things. This paper contributes to identify the security vulnerabilities in the existing protocols, to avoid them in future constructions. The protocols presented by Gupta and Biswas have been found insecure to ephemeral secret key leakage (ESL) attack and also, malicious insiders can impersonate an honest participant. Additionally, the protocol presented by Tan is also ESL-insecure. We also present a fix to the Tan’s protocol to make it secure.
Show more

8 Read more

Weakness  of  Several  Identity-based  Tripartite  Authenticated  Key  Agreement  Protocols

Weakness of Several Identity-based Tripartite Authenticated Key Agreement Protocols

Abstract: Key agreement allows multi-parties exchanging public information to create a common secret key that is known only to those entities over an insecure network. In recent years, several identity-based authenticated key agreement protocols have been proposed. In this study, we analyze three identity-based tripartite authenticated key agreement protocols. After the analysis, we found that these protocols do not possess the desirable security attributes.

8 Read more

Two secure non symmetric role 
		Key Agreement Protocols

Two secure non symmetric role Key Agreement Protocols

Nowadays, pairing-free cryptography became an active scientific topic especially in the area of Authenticated Key Agreement protocols. The main reason is that Bilinear Pairings impose high complexity of computations which leads to lower performance in compare with pairing-free ones. In this paper, we could propose two novel Identity-based two-party Key Agreement protocols over Elliptic Curves that have better performance in compare with existing related works from the viewpoint of overall complexity of computing operations.
Show more

6 Read more

Efficient authenticated key agreement protocols resistant to a denial-of-service attack

Efficient authenticated key agreement protocols resistant to a denial-of-service attack

Malicious intruders may launch as many invalid requests as possible without establishing a server connection to bring server service to a standstill. This is called a denial-of-service (DoS) or distributed DoS (DDoS) attack. Until now, there has been no complete solution to resisting a DoS/DDoS attack. Therefore, it is an important network security issue to reduce the impact of a DoS/DDoS attack. A resource- exhaustion attack on a server is one kind of denial-of-service attack. In this article we address the resource-exhaustion problem in authentication and key agreement protocols. The resource-exhaustion attack consists of both the CPU-exhaustion attack and the storage-exhaustion attack. In 2001, Hirose and Matsuura proposed an authenticated key agreement protocol (AKAP) that was the first protocol simultaneously resistant to both the CPU-exhaustion attack and the storage-exhaustion attack. However, their protocol is time-consuming for legal users in order to withstand the DoS attack. Therefore, in this paper, we propose a slight modification to the Hirose–Matsuura protocol to reduce the computation cost. Both the Hirose–Matsuura and the modified protocols provide implicit key confirmation. Also, we propose another authenticated key agreement protocol with explicit key confirmation. The new protocol requires less computation cost. Because DoS/DDoS attacks come in a variety of forms, the proposed protocols cannot fully disallow a
Show more

10 Read more

New Authenticated Key Agreement Protocols

New Authenticated Key Agreement Protocols

Abstract— In this paper, new authenticated key agreement (AKA) protocols are proposed to be used by two entities and three entities in order to establish a common session key between these entities. This key is used later to encrypt the data exchanged between the entities to assure confidentiality over public insecure channels. Authenticated key agreement protocols additionally offer authentication; that is, verifying the identities of the entities involved in the protocol. The security properties of the proposed schemes are investigated and this revealed that they resist various attacks that can be mounted against a key agreement protocol promoting their use in practical scenarios such as secure remote access to a shared database.
Show more

6 Read more

Efficient ID-based authentication and key agreement protocols for the session initiation protocol

Efficient ID-based authentication and key agreement protocols for the session initiation protocol

Ni et al. [19] proposed an ID-based authenticated key agreement mechanism relying on a signature scheme. The scheme is based on ECC and does not require the computation of a pairing function. The proposed mechanism employs the CL-PKC method to construct a secret key, which is only known by the client side, avoiding the key escrow problem. To sign and verify, a set of parameters are needed, where the identity is one of them. To calculate the client’s and server’s public key an identity-based public key building parameter is sent by the related party. This scheme and its performance falls between the traditional PKC and the ID-based cryptography.
Show more

20 Read more

Cryptanalysis  of  Three  Certificate-Based  Authenticated  Key  Agreement  Protocols   and  a  Secure  Construction

Cryptanalysis of Three Certificate-Based Authenticated Key Agreement Protocols and a Secure Construction

In Eurocrypt 2003, Gentry [15] introduced the concept of certificate-based cryptography (CBC). CBC combines traditional PKC with IBC while preserving the advantages of each. Similar to traditional PKC, each user in CBC generates his public key and private key independently, and then requests a certificate from a CA. The difference is that the certificate will be pushed only to its owner and also acts as a partial decryption key or a partial signing key. This additional functionality provides an efficient implicit certificate mechanism so that a user needs both his private key and certificate to perform cryptographic operations (such as decryption and signing), while the other parties need not obtain the fresh information on the user’s certificate status. Therefore, CBC eliminates third-party queries for the certificate status and simplifies the public key revocation problem in traditional PKC. Furthermore, there are no key escrow problem (since CA does not know users’ private keys) and key distribution problem (since the certificates can be sent to their owners publicly) in CBC.
Show more

19 Read more

Authenticated Key Agreement Protocols:  A Comparative Study

Authenticated Key Agreement Protocols: A Comparative Study

An AKA protocol that proposed by Y. Eun-Jun and Y. Kee-Young which is based on ECDLP and usepassword authentication [16]. This protocol is claimed to be simple, efficient and capable to defend against off-line password guessing and modification attacks by isolate the information that may used to confirm the correctness of the guess using an asymmetric structure in the messages exchanged. The computations of the protocol are based on ECC and hash functions, which do not require much computational resources. The benefits from the ECC are in the key block size, speed, and security. This protocol meets all requirements of security if there are no fully private keys in this protocol, only the shared secret password. In this context, the key-compromise impersonation flexibility goal is not fit and decides to leave it out of the evolution. Instead if the password is compromised the parties may not be authenticated. The protocol is efficient, simple and to resist off-line password guessing and modification attacks.
Show more

9 Read more

Authenticated Group Key Agreement Protocols for Error Detection and Correction

Authenticated Group Key Agreement Protocols for Error Detection and Correction

The CKD protocol may be a straightforward cluster key management theme. In CKD, the cluster key's not contributory; it's invariably generated by this controller. The controller establishes a separate secure channel with every current cluster member by victimisation echt two-party Diffie–Hellman key exchange. every such key stays unchanged as long as each parties controller and regular cluster member stay within the group. The controller is usually the oldest member of the cluster. The oldest member is picked so as to scale back dear institution of pair-wise secure channels necessary upon every controller amendment.
Show more

6 Read more

Group key agreement protocols with implicit key authentication

Group key agreement protocols with implicit key authentication

Since 2-party Diffie-Hellman key exchange was first proposed in 1976 [3], its contributory nature has attracted many cryptographers into trying to extend it to a group setting. Among those efforts, Group Diffie-Hellman (GDH) in [8] is thought as one of the suc- cessful extensions of Diffie-Hellman to the n-party case. There are several versions of GDH, among which GDH.2 and GDH.3 are considered as practical group protocols (see the details in [8]). Nevertheless, GDH cannot stand alone, as other group key distrib- ution protocols, since authentication of each peer (group member) should precede the group key sharing procedure in a practical application. Although there are useful au- thentication techniques for group communication protocols, most of them depend upon a centralized server, trusted third party. This not only increases communication costs but also deteriorates security of the protocol.
Show more

12 Read more

Performance Analysis of Key Establishment Protocols for Secure System

Performance Analysis of Key Establishment Protocols for Secure System

To achieve data confidentiality in a session established by party A with intended recipient B, one may use a cryptographic algorithm, called symmetric encryption, which given a plaintext message m, produces a cipher text c that A can subsequently send to B over the network. This cipher text has the property that it does not reveal any information about the original plaintext to anyone except A and B. This property can be achieved since the algorithm requires A and B to share a piece of secret information, known as a shared session key, that is fresh and unique for each session. Similar reasoning show that the other four goals of secure communications can be accomplished, provided that shared session keys are readily available to each pair of parties. Therefore, it is of great concern to devise effective mechanisms to establish these shared session keys, called key distribution problem. The solution to the problem is to have the two parties share secret information (i.e. password) for key establishment, without the need for a trusted party, i.e. password based key establishment protocols are solutions to key distribution problem. Therefore, key establishment protocols are procedures to securely establish shared session keys over distributed networks. There are two major techniques of key establishment, key transport and key agreement and our study focuses on key agreement protocols.
Show more

5 Read more

Kayawood,  a  Key  Agreement  Protocol

Kayawood, a Key Agreement Protocol

Methods to apply group theory to cryptography have been studied for decades. In the last two decades, a number of group theoretic key agreement protocols were introduced, including [1] and [28]. Attacks on the conjugacy search problem such as those appearing in [17], [19], [25] suggested that these types of schemes may not be practical in low-resource environments. More recently, there is a renewed interest in Group Theoretic Cryptography (GTC) as reflected in two recent monographs [24], [33]. Instead of focusing on the conjugacy search problem, other problems in the Braid group have been explored for purposes of creating a quantum-resistant key agreement protocol.
Show more

17 Read more

On Bluetooth Repairing: Key Agreement based on Symmetric-Key Cryptography

On Bluetooth Repairing: Key Agreement based on Symmetric-Key Cryptography

Abstract. Despite many good (secure) key agreement protocols based on public- key cryptography exist, secure associations between two wireless devices are of- ten established using symmetric-key cryptography for cost reasons. The conse- quence is that common daily used security protocols such as Bluetooth pairing are insecure in the sense that an adversary can easily extract the main private key from the protocol communications. Nevertheless, we show that a feature in the Bluetooth standard provides a pragmatic and costless protocol that can eventu- ally repair privateless associations, thanks to mobility. This proves (in the ran- dom oracle model) the pragmatic security of the Bluetooth pairing protocol when repairing is used.
Show more

11 Read more

An Improved Certificate less Authenticated Key Agreement Protocol

An Improved Certificate less Authenticated Key Agreement Protocol

After Al-Riyami and Paterson [1] proposed a Certificate-less Public Key Cryptography (CL-PKC), some researchers have proposed different certificate-less authentication key agreement protocols. But most of these protocols are based on bilinear pairs operation and the computational complexity is higher. Wenhao Liu et al. [2] proposed a certificate-less two-party key agreement scheme without bilinear pairing and claimed that the scheme has a temporary key leak security. However, the analysis indicates that if the user’s temporary key leaks, the user’s master key expression ( + ) during the key agreement will be calculated. In literature [2], user Alice calculated = /( + + ℎ)and sent to user Bob as the authentication parameter. Once Alice leaks temporary private key, the attacker can use the formula: + = − ℎ to calculate Alice’s authentication private key ( + ) while s and h are public parameters. Then the attacker will calculate the session key and pretend to be Alice, communicating with any other entities and implementing impersonation attacks. Literature [3,4] proposed a protocol to avoid the security threat of temporary key leak. But this protocol does not have a valid authentication between the two parties of the key agreement actually. In literature [4], user Bobcalculatesℎ =
Show more

8 Read more

An Improved Certificateless Authentication Key Agreement Protocol

An Improved Certificateless Authentication Key Agreement Protocol

An active adversary can intercept and properly modify the messages exchanged between two parties, and force two parties to accept the same session key even when two parties really do not want to agree on. The key replicating attack has been analysed in the BR93 security model. Through a detailed study of key replicating attack on the CL-2AKA protocol, it has been demonstrated that the protocol is insecure if the adversary is allowed to reveal non-partner players, who share the same session key and obtain a fresh session key. Trivially this implies the violation of the key establishment security goal.
Show more

5 Read more

Key  Encapsulation  from  Noisy  Key  Agreement  in  the  Quantum  Random  Oracle  Model

Key Encapsulation from Noisy Key Agreement in the Quantum Random Oracle Model

Abstract. A multitude of post-quantum key encapsulation mechanisms (KEMs) and public key encryption (PKE) schemes implicitly rely on a protocol by which Alice and Bob exchange public messages and converge on secret values that are identical up to some small noise. By our count, 24 out of 49 KEM or PKE submissions to the NIST Post-Quantum Cryp- tography Standardization project follow this strategy. Yet the notion of a noisy key agreement (NKA) protocol lacks a formal definition as a primitive in its own right. We provide such a formalization by defining the syntax and security for an NKA protocol. This formalization brings out four generic problems, called A and B State Recovery, Noisy Key Search, and Noisy Key Distinguishing (NKD), whose solutions must be hard in the quantum computing model. Informally speaking, these can be viewed as noisy, quantum-resistant counterparts of the problems aris- ing from the classical Diffie-Hellman type protocols. We show that many existing proposals contain an NKA component that fits our formalization and we reveal the induced concrete hardness assumptions. The question arises whether considering NKA as an independent primitive can help provide modular designs with improved efficiency and/or proofs. As the second contribution of this paper, we answer this question positively by presenting a generic transform from a secure NKA protocol to an IND- CCA secure KEM in the quantum random oracle model, with a security bound related to the insecurity of the NKD problem. This transforma- tion is essentially the same as that of the NIST candidate Ramstake. While establishing the security of Ramstake was our initial objective, the collection of tools that came about as a result of this journey is of independent interest.
Show more

49 Read more

Contributory Broadcast Encryption on Group key Agreement For key Distribution Encryption & Decryption

Contributory Broadcast Encryption on Group key Agreement For key Distribution Encryption & Decryption

The model with the CBE primitive and formalize its security definitions. CBE incorporates the underlying conceptions of GKA and BE. A group of members interact via open networks to negotiate a world encryption central while for each one member holds a dissimilar secret decryption key. Utilizing the public encryption key, anybody from ye group can encrypt whatever message to any subset of the group members and only ye proposed recipients can decrypt. Unlike GKA, CBE sanctions the sender to omit some members from reading the cipher texts. Compared to BE, CBE does not require a planarity trusted third party to establish the systems. With formalize collusion resistance by defining an assailer who can planarity control all the members outside the intended receivers but cannot extract utilizable information from the cipher text.
Show more

6 Read more

A Survey on Group Key Agreement with Local Connectivity

A Survey on Group Key Agreement with Local Connectivity

We are attentive in a protocol in the absence of a random oracle. From the discussion above, we can see that the compliant secure protocols that are really applicable to us are . They are not depend on a random oracle model and the if there are any long term secrets between users do not have dependency. We will compare them with our protocols. The only issue when we think as a solution in our setting is that the connectivity graph in them is either a ring or a complete graph and every user is aware about it. A user is only aware of his neighbours and has no information about others in our setting. For actively secure protocols viewed above, are interesting. But they only executed passively secure protocols. We will not compare them with us since we are mainly worried with the key agreement methodology (rather than how to acquire stronger security).
Show more

6 Read more

Analysis of Key Exchange Protocols using Session Keys

Analysis of Key Exchange Protocols using Session Keys

A nonce is an identification of party involved in communication. Nonce can be a number or any random string. When Alice send a nonce encrypting it with public key of Trent and Trent replies with same nonce encrypted inside Alice’s private key it confirms to Alice that Trent is actually trusted party and there is no impersonator involved. This is important in establishing identity when two un-trusted parties are about to communicate and want to make sure that they are communicating with each other and there is no impersonator involved. Protocols such as Needhlam-Schroeder, Otway- Reese and Yahalom make use of this technique for mutually authenticating parties involved in communication.
Show more

6 Read more

Show all 10000 documents...