A Comparison Study on Key Exchange-Authentication Protocol (original) (raw)
Related papers
An Efficient Two-Party Identity-Based Key Exchange Protocol
Informatica
A key exchange (or agreement) protocol is designed to allow two entities establishing a session key to encrypt the communication data over an open network. In 1990, Gunther proposed an identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. Afterwards, several improved protocols were proposed to reduce the number of communication steps and the communicational cost required by Gunther's protocol. This paper presents an efficient identity-based key exchange protocol based on the difficulty of computing a discrete logarithm problem. As compared with the previously proposed protocols, it has better performance in terms of the computational cost and the communication steps. The proposed key exchange protocol provides implicit key authentication as well as the desired security attributes of an authenticated key exchange protocol.
A Novel Password Protected Key Exchange Protocol
— Exchanging messages are more common thing lately. More number of people connects with each other in the network and (verifies someone's identity) each other while sharing their data. So users following so many rules of conduct for providing security to their data and the servers which they are storing their data. Due to all data storing in the single server, there is a chance to hack server data to be told (to people). This paper presents a solution to this problem such as (verifying someone's identity) process has to share by two servers. Client has to (verify someone's identity) in two servers like two step checking (for truth). It also includes (related to secret computer codes) ways of doing things to provide security for the data stored in the servers.
Arcanum : A Secure and Efficient Key Exchange Protocol for the Internet
2004
A VPN establishes a cryptographically secure network using the existing insecure infra structure of the Internet. A number of protocols, including IPSec have been designed to establish VPNs. However, keys must be shared between the communicating peers before a VPN can be established. IKE protocol is used for exchanging keys between authenticated peers over the Internet. However, IKE is vulnerable to DoS attacks and has security holes. A number of protocols have been proposed to replace IKE but these protocols also have vulnerabilities of their own. In this paper we present an analysis of IKE and identify its security holes and design weaknesses. We also propose a more secure and efficient key exchange protocol, Arcanum, and carry out its security analysis and comparison with existing protocols. Arcanum is more secure, robust to DoS attacks and efficient in terms of time and number of messages.
Analysis of Key Exchange Protocols using Session Keys
Security of information flowing through insecure network is becoming complicated with advent of internet and its usage. Encrypting information is one way of securing it from unauthorized access. This paper analyze techniques of exchanging key through which encryption is performed. We review the techniques on various parameters and find which technique is best suitable for use in mobile computers with limited processing power and battery capacity while efficiently working on wireless networks.
An Analysis Of Session Key Exchange Protocols
Information security has been one of the most important aspects in today’s technology driven world. By encrypting information we can secure information from unauthorized access, even in case where use has information he/she can not make out meaning of message unless they have a key to decrypt information. We review different techniques to exchange keys between different computers and try to find best suitable technique for mobile computers which have limited processing power and battery capacity while efficiently working on wireless network.
Performance Analysis of Key Establishment Protocols for Secure System
International Journal of Computer Applications, 2013
Providing security over open and large distributed networks has always been both intriguing and challenging. There is a great chance for malicious individuals to perform disruptive and unethical tasks. Malicious users may attempt to obtain valuable information. So we require "secure channel" over insecure network. The secure communication channel should achieve primary security goals like confidentiality, integrity, authentication and non-repudiation and shared session keys are incorporated for the purpose. Therefore, it is of great interest and most challenging to devise effective mechanisms to establish these shared session keys, called key distribution problem. Much work has been done in recent years on mechanisms for key establishment. Many cryptosystems rely on cryptographically secure keys and therefore have to deal with issues like key management. A number of key establishment protocols have been proposed by different researchers as solutions to the key distribution problem and password based scheme is one of them. A password is shared between the entities in password based schemes. However, because users choose small and frequently used words as passwords, these schemes are suffered from password guessing attacks. Especially these schemes are subject to offline dictionary attacks. This work focus on password based key establishment. Even though there are a lot of password based schemes, the LDH, enhanced LDH, and PP-TAKE seems to be widely accepted mechanisms. In this context, this study includes performance evaluation of the above mentioned protocols.
ESIKE: An efficient and secure internet key exchange protocol
2021
The use of Internet key exchange protocols in IP Security architecture and in IoT environments has vulnerabilities against various malicious attacks and affects communication efficiency. To address these weaknesses, we propose a novel efficient and secure Internet key exchange protocol (ESIKE), which achieves a high level of security along with low computational cost and energy consumption. ESIKE achieves perfect forward secrecy, anonymity, known-key security and untraceability properties. ESIKE can resist several attacks, such as, replay, DoS, eavesdropping, man-in-the-middle and modification. In addition, the formal security validation using AVISPA tools confirms the superiority of ESIKE in terms of security.
SURVEY ON SECURE PROTOCOLS FOR KEY EXCHANGES IN DATA-INTENSIVE APPLICATIONS OVER CLOUD COMPUTING.
IJRCAR, 2013
In order to run data-intensive applications, the users can use hybrid environment such as cloud computing instead of purchasing their own computing infrastructure. Cloud computing provides vast storage for data-intensive application and also provides computation capabilities. During the scheduling of these data-intensive applications, the data flows between the controller and the server instances while scheduling. During the flow of data between the server instances, the data may be stolen or modified by malicious parties due to the less security in hybrid cloud system. In order to acquire security, the data are encrypted before sent to the cloud storage for storing. The data are encrypted and the session keys are calculated by the cloud controller and server instances. The private keys had to be exchanged between the cloud controller and server instances in a secure manner. Before sending the data from the cloud controller to server instances, they need to authenticate themselves. This authentication has to be done in order to identify and remove the malicious participants. There are different protocols available for authenticating the users in the communication. In order to authenticate the cloud users involved in communication, the secure protocols are used. Those secure protocols are used for providing security in key exchange between cloud controller and server instances. The secure protocols differ in efficiency in terms of number of rounds involved in authentication and the flexibility of users in joining the cloud network.
Exchange Protocols on Network File Systems Using Parallel Sessions Authenticated & Improved Keys
In this work we studied the key establishment for secure many-to-many communications. The main problem is inspired by the rapid increase of large-scale distributed file systems supporting parallel access to multiple storage devices. The system focus on the current Internet standard for such file systems, i.e., parallel Network File System (pNFS), which makes use of Kerberos key exchange protocols to implement parallel session keys between clients and storage servers. Our study of the existing Kerberos protocol shows that it has a number of limitations: (i) a metadata server providing key exchange among the clients and the storage devices has heavy workload that limits the scalability of the protocol; (ii) the protocol cannot provide forward secrecy; (iii) the metadata server generates all the session keys for securing communication between clients and storage devices, and this inadvertently leads to key escrow. In this paper, we put forward three different authenticated key exchange protocols that are designed to address the above issues. We prove that our protocols are capable for minimizing up to almost50% of the workload of the metadata server and at the same time supporting forward secrecy and escrow-prevention. All this requires only a small fraction of increased computation overhead at the client.