1 / 11

Public-key based

Public-key based. Public-key Techniques based Protocols may use either weak or strong passwords high computation complexity (Slow) high deployment cost Security degree is higher than password-based

velma
Download Presentation

Public-key based

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public-key based

  2. Public-key Techniques based Protocols • may use either weak or strong passwords • high computation complexity (Slow) • high deployment cost • Security degree is higher than password-based • The security assumption of most signature schemes are based on some well-known computational problems, such as the discrete logarithm problem and the factoring problem.

  3. Authenticated key agreement without using one-way hash function (cont.) • The MQV key agreement protocol has been adopted by the IEEE P1363 Committee to become a standard. The MQV protocol used a digital signature to sign the Diffie-Hellman public keys without using any one-way function. Here, the MQV protocol is generalized in three respects. First. signature variants for Diffie-Hellman public keys developed previously are employed in the new protocol.

  4. Authenticated key agreement without using one-way hash function (cont.) • Secondly, two communication entities are allowed to establish multiple secret keys in a single round of message exchange. Thirdly, the key computations are simplified. • This paper is the improved version of MQV.

  5. Protocol • Assume A and B want to share multiple secret keys in one round of message exchange. For simplicity, we assume that A and B want to share four secrets.

  6. A B Generateshort term secret key kA1,kA2 and public key rA1, and rA2. Compute signature SA Generateshort term secret key kB1,kB2and public key rB1, and rB2. Compute signature SB {rA1, rA2, SA, certf(yA)} {rB1,rB2, SB, certf(yB)} yB=rB1rB1rB2rB2aSB mod p ? computes K1= rKB1A1mod p K2= rKB1A2mod p K3= rKB2A1mod p K4= rKB2A2mod p computes arA1rA2mod p verifies {rA1, rA2}, and computes K1= rKA1B1mod p K2= rKA2B1mod p K3= rKA1B2mod p K4= rKA2B2mod p • Finally, A and B generate four secret key K1~K4. • Certif(yA) is the public-key certificate of yAsigned by a trusted party. • A computes the signature SAfor {rA1, rA2}based on any signature variant as listed in Table 1. So as B. • a is a primitive number if GF(p)

  7. Fully-fledged two-way public key authentication and key agreement for low-cost terminals • The server is assigned the unique identity j by the CA. • The server picks a Rabin secret key (pj,qj) and gives the corresponding public key (Nj= pj*qj) to the CA. • √denotes modular square root operation. (to sign a message.)

  8. Fully-fledged two-way public key authentication and key agreement for low-cost terminals • A terminal is assigned a unique identity i, the network public keys, and signature system parameters. • then it chooses a random secret key Si, and generates the associated ElGamal public key Pi. • The CA provides the terminal with a certificate ci.

  9. Fully-fledged two-way public key authentication and key agreement for low-cost terminals • The terminal chooses a random secret r, and performs the precomputations.

  10. The server sends its identity, public key, and certificate to the terminal. • The terminal verifies the certificate by squaring it modulo the CA’s public key, and comparing to a hashing of the concatenation of the server’s identity and public key. • Terminal picks a random number x, considered to be a concatenation of random portions xL and xR combined with some expected ‘colour’ (say, k low-order zero bits, denoted 0k) • Terminal encrypts x using server’s public key.

  11. The server sends a random challenge containing some expected ‘colour’ • The terminal verifies the expected colour that is present after conventional decryption. (it also verifies the session key) • Terminal sends its identity, public key, and certificate, along with an ElGamal signature on the random challenge. • The server verifies the certificate and signature.

More Related