elliptic curve authenticated key agreement protocol ecaka n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Elliptic Curve Authenticated Key Agreement Protocol (ECAKA) PowerPoint Presentation
Download Presentation
Elliptic Curve Authenticated Key Agreement Protocol (ECAKA)

Loading in 2 Seconds...

play fullscreen
1 / 16

Elliptic Curve Authenticated Key Agreement Protocol (ECAKA) - PowerPoint PPT Presentation


  • 164 Views
  • Uploaded on

Elliptic Curve Authenticated Key Agreement Protocol (ECAKA). Introducer: Jung-wen Lo ( 駱榮問 ) Date: 2008/07/25. Outline. Introduction Elliptic Curve Diffie-Hellman Key Agreement Protocol Paper 1:

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Elliptic Curve Authenticated Key Agreement Protocol (ECAKA)' - carl


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
elliptic curve authenticated key agreement protocol ecaka

Elliptic Curve Authenticated Key Agreement Protocol (ECAKA)

Introducer: Jung-wen Lo (駱榮問)

Date: 2008/07/25

outline
Outline
  • Introduction
    • Elliptic Curve Diffie-Hellman Key Agreement Protocol
  • Paper 1:
    • An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication

Authors: Ai-fen Sui, L.C.K. Hui, S.M. Yiu, K.P. Chow, W.W. Tsang, C.F. Chong, K.H. Pun & H.W. Chan

Source: 2005 IEEE Wireless Communications and Networking Conference, Vol. 4, pp. 2088 – 2093, 13-17 March 2005

    • A-Key distribution in 3GPP2
    • A-Key distribution using ECAKA
  • Paper 2:
    • An enhanced authenticated key agreement protocol for wireless mobile communication

Authors: Rongxing Lu, Zhenfu Cao and Haojin Zhu

Source: Computer Standards & Interfaces, Vol. 29, Issu. 6, pp. 647-652, Sep. 2007

    • Off-line password attack 1
    • Off-line password attack 2(Active)
    • Enhanced ECAKA Protocol
  • Conclusions & Comment
    • Improved ECAKA Protocol
elliptic curve diffie hellman key agreement protocol
Elliptic Curve Diffie-Hellman Key Agreement Protocol

Alice

Bob

Random dA

QA=dAP

Random dB

QB=dBP

QA

QB

K=dAQB

K= dBQA

K= dAdBG=dBdAG

※P: Base point (Generator)

slide4

An improved authenticated key agreement protocol with perfect forward secrecy for wireless mobile communication

Authors: Ai-fen Sui, L.C.K. Hui, S.M. Yiu, K.P. Chow, W.W. Tsang, C.F. Chong, K.H. Pun and H.W. Chan

Source: 2005 IEEE Wireless Communications and Networking Conference, Vol. 4, pp. 2088 – 2093, 13-17 March 2005

notation
Notation

Alice (A), Bob (B): two communication users

E: an elliptic curve defined over a finite field Fq with large group order

n: a secure large prime

P: a point in E with large order n

D: a uniformly distributed dictionary of size |D|

S: a low-entropy password shared between Alice and Bob, which is randomly chosen from D

t: the value t is derived from the password S in a predetermined way, which is uniformly distributed in ℤn*

H: a secure one-way hash function

sui et al s ecaka protocol
Sui et al.’s ECAKA Protocol

Alice

Bob

dA [1,n-1]

QA=(dA+t) P

QA

dB [1,n-1]QB=(dB-t)P

Y=QA-tP=dAP

QB,tY

X=QB+tP=dBP

KA=dAX=dAdBP

tX

KB=dBY=dAdBP

notation for 3gpp2
Notation for 3GPP2

• MS: Mobile Subscriber

• MSC: Mobile Switching center

• OTAF: Over-the-Air Service Provisioning Function

• HLR: Home Location Register

• AC: Authentication Center

• ACTCODE: ActionCode

• AKEYPV: A Key Protocol Version parameter, indicates MS’s A-key generation capabilities

• SRVIND: ServiceIndicator parameter

• OTASPREQ: OTASPRequest

• SMDPP; SMSDeliveryPointToPoint

• SMS BearerData: Containing an OTASP data message

• ACK: Acknowledging a message;ACTCODE: ActionCode

• MODVAL: ModulusValue parameter (n)

• PRIMVAL: PrimitiveValue parameter (g)

• BSKEY: encryption key value from the network side. BSKEY= gxmod n , where x is randomly selected by AC

• MSKEY: encryption key value from MS. MSKEY=gymod n . y is randomly selected by MS

an enhanced authenticated key agreement protocol for wireless mobile communication

An enhanced authenticated key agreement protocol for wireless mobile communication

Authors: Rongxing Lu, Zhenfu Cao and Haojin Zhu

Source: Computer Standards & Interfaces, Vol. 29, Issu. 6, pp. 647-652, Sep. 2007

off line password attack 1
Off-line Password Attack 1

Alice

Bob

dA [1,n-1]

QA=(dA+t) P

QA

dB [1,n-1]QB=(dB-t)P

Y=QA-tP=dAP

QB,tY

Attacker:

Off-linePasswordAttack-1(QA, tdAP, D)

for i :=0 to |D|

S’← D; t’← S’ [predetermined way]

if t’(QA-t’P)=tdAP

then return S’

off line password attack 2 active
Off-line Password Attack 2(Active)

Bob

Alice

Attacker

dA [1,n-1]

QA=dAP

QA

dB [1,n-1]QB=(dB-t)P

Y=dAP-tP

QB,tY=t(dAP-tP)

Off-linePasswordAttack-2(QA, tdAP, D)

choose dA[1,n-1], send dAP to B

receive the value t(dAP- tP)

for i :=0 to |D|

S’← D; t’← S’ [predetermined way]

if t’(dAP-t’P)=t(dAP-tP)

then return S’

enhanced ecaka protocol
Enhanced ECAKA Protocol

Alice (A)

Bob (B)

dB1,dB2 [1,n-1]Y=QA1-tP=dAPQB1=dB1P+dB2YQB2=dB1Y+dB2QA2

dA [1,n-1]

QA1=(dA+t) P

QA2=dA2‧P

QA1,QA2

HB=H(A||B||QA1||QB1||QB2),QB1

X=dAQB1H(A||B||QA1||QB1||X)?=HBKA=X

HA= H(A||B||QB1||QA1||X)

H(B||A||QB1||QA1||QB2)?=HAKB=QB2

※ KA=KB=X=dB1dAP+dB2dA2P

conclusions comment
Conclusions & Comment
  • Conclusions
    • Authenticated key agreement
    • Off-line password attack prevention
    • Perfect forward secrecy
  • Comment
    • Reduce the computation load
improved ecaka protocol
Improved ECAKA Protocol

Alice

Bob

(S2)

(S2)

dA [1,n-1]

QA=(dA+t) P

QA

dB [1,n-1]QB=(dB-t)P

Y=QA-tP=dAP

QB,H(Y||S2)

X=QB+tP=dBP

KA=dAX=dAdBP

H(X||Y)

KB=dBY=dAdBP