A Secure Authenticated Key Agreement Protocol for Application at Digital Certificat (original) (raw)
Related papers
Two improved two-party identity-based authenticated key agreement protocols
Computer Standards & Interfaces, 2009
Many authenticated key agreement protocols based on identity information were published in recent years. Hsieh et al. presented their protocol in 2002. However, Tseng et al. found a flaw in the protocol which resulted in a key compromise impersonation attack. Later, Tseng proposed his protocol conforming which conforms to all desirable security properties and is efficient. In this paper we propose two new two-party identity-based authenticated key agreement protocols. The first is based on Hsieh et al.'s protocol and makes it immune against Tseng et al.'s attack, while the second is an efficiently improved protocol based on Tseng's protocol.
Improved Two-Party ID-Based Authenticated Key Agreement Protocol
약 공개된 네트워크 상에서 통신하는 두 참여자를 위한 안전한 인증된 키 동의 프로토콜(AKA)을 고안하는 것은 중요한 연구이다. McCullagh등은 단일 도메인과 두 개의 도메인을 위해 사용될 수 있는 제 3자 키 기탁(escrow) 과 제 3자 키기탁이 필요없는 두가지 속성을 지원하는 두 참여자간 식별자 기반 인증된 키동의 프로토콜을 제안하 였다. 본 논문은 McCullagh등의 두 개의 도메인을 위한 프토토콜이 가장 공격(masquerading attack)에 취약함으로 서 주장하는 보안을 만족하지 않음을 보인다. McCullag등의 기법에 존재하는 가장 공격은 충분한 개체 인증과 무 결성 보증의 부족 때문에 발생한다. McCullagh등의 프로토콜 문제점을 해결하기 위해서 인증절차에 서명 원리가 포함된 효율적인 검증가능한 키 동의 프로토콜을 제안한다.
Simulatable certificateless two-party authenticated key agreement protocol
Information Sciences, 2010
Key agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated key agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a public key infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the socalled key escrow problem. Recently, certificateless cryptography was introduced to mitigate these limitations. In this paper, we first propose a security model for AKA protocols using certificateless cryptography. Following this model, we then propose a simulatable certificateless two-party AKA protocol. Security is proven under the standard computational Diffie-Hellman (CDH) and bilinear Diffie-Hellman (BDH) assumptions. Our protocol is efficient and practical, because it requires only one pairing operation and five multiplications by each party.
Efficient Identity-based Authenticated Key Agreement Protocol with PKG Forward Secrecy
International Journal of Network Security, 2008
For an identity-based authenticated key agreement (ID-AK) protocol, PKG forward secrecy is the strongest notion of forward secrecy, which is about the security of previously established session keys after the master secret key of the Private Key Generatior (PKG) is compromised. In this paper, we put forward a new identity-based authenticated key agreement protocol which achieves PKG forward secrecy. On its performance, we show that it is more computational efficient than a previously proposed protocol of Chen and Kudla (called Protocol 2 ). Furthermore, we examine other security attributes that our new protocol possesses one bye one.
A New Two-Party Identity-Based Authenticated Key Agreement
2005
We present a new two-party identity-based key agreement that is more efficient than previously proposed schemes. It is inspired on a new identity-based key pair derivation algorithm first proposed by Sakai and Kasahara. We show how this key agreement can be used in either escrowed or escrowless mode. We also describe conditions under which users of different Key Generation Centres can agree on a shared secret key. We give an overview of existing two-party key agreement protocols, and compare our new scheme with existing ones in terms of computational cost and storage requirements.
An enhanced certificateless authenticated key agreement protocol
13th International Conference on Advanced Communication Technology (ICACT2011), 2011
Authenticated key agreement protocol is used to share a secret key for encrypting data being transferred between two or more parties over a public network. An implementation of this protocol is the certificateless key agreement which utilizes the features of the identity-based public key cryptography and the traditional public key infrastructure. This implementation can produce multiple public keys for a corresponding private key. In this paper, an alternative key generation technique is proposed for certificateless public key cryptography in order to have one public key for one private key. This will improve the security features of the relevant key generation. Furthermore, the efficiency of the proposed protocol is presented in terms of computational operation. The comparison analysis shows that the proposed protocol conveys better efficiency with all the known security attributes compared to the existing protocols.
An efficient certificateless two-party authenticated key agreement protocol
Computers & Mathematics with Applications, 2012
Key agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated key agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a public-key infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the so-called key escrow problem. Recently, certificateless cryptography was introduced to mitigate these limitations. We propose an efficient certificateless two-party AKA protocol. Security is proven under the standard computational Diffie-Hellman (CDH) and bilinear Diffie-Hellman (BDH) assumptions. Our protocol is efficient and practical, because it requires only one pairing operation and three scale multiplications by each party. Moreover, the pairing operation and one scale multiplication scale can be precomputed, then only two scale multiplications are needed to finished the key agreement.
A New Authenticated Key Agreement Protocol
New Technologies, Mobility and Security
Authenticated key agreement protocols play a significant role in securing communications over public network channels (Internet). This paper proposes a new key agreement protocol based on factorization problem over nonabelian groups. Then it presents two different ways to provide mutual authentication for the proposed protocol; this paper presents a new authenticated key agreement protocol using fixed shared password and a new authenticated key agreement protocol using a digital signature. It also provides security analysis for the proposed two authenticated key agreement protocols.
Efficient identity-based authenticated key agreement protocol from pairings
Applied Mathematics and Computation, 2005
For an identity-based authenticated key agreement (ID-AK) protocol, PKG forward secrecy is the strongest notion of forward secrecy, which is about the security of previously established session keys after the master secret key of the Private Key Generatior (PKG) is compromised. In this paper, we put forward a new identity-based authenticated key agreement protocol which achieves PKG forward secrecy. On its performance, we show that it is more computational efficient than a previously proposed protocol of Chen and Kudla (called Protocol 2 ). Furthermore, we examine other security attributes that our new protocol possesses one bye one.
Secret Sharing-based Authenticated Key Agreement Protocol
The 16th International Conference on Availability, Reliability and Security, 2021
In this article, we present two novel authenticated key agreement (AKA) schemes that are easily implementable and efficient even on constrained devices. Both schemes are constructed over elliptic curves and extend Schonorr's signature of knowledge protocol. To the best of our knowledge, we introduce a first AKA protocol based on the proof of knowledge concept. This concept allows a client to prove its identity to a server via secret information while the server can learn nothing about the secret. Furthermore, we extend our protocol via secret sharing to support client multidevice authentication and multi-factor authentication features. In particular, the secret of the client can be distributed among the client's devices. The experimental analysis shows that our secret sharing AKA (SSAKA) can establish a secure communication channel in less than 600 ms for one secondary device and 128-bit security strength. The protocol is fast even on very constrained secondary devices, where in most of cases takes less than 500 ms. Note that the time consumption depends on the computational capabilities of the hardware. CCS CONCEPTS • Security and privacy → Multi-factor authentication; Digital signatures; • Theory of computation → Design and analysis of algorithms; • Computer systems organization → Embedded hardware.