Vulnerabilities of generalized MQV key agreement protocol without using one-way hash functions

The MQV protocol is the first authenticated key agreement protocol which uses a digital signature to sign Diffie–Hellman public keys without using any one-way hash functions. Based on the MQV protocol, Harn and Lin proposed an authenticated multiple-key agreement protocol that enables two parties to establish multiple common secret keys in a single protocol run. But the protocol was subsequently found to be flawed. Tseng proposed a new generalized MQV key agreement protocol without using one-way hash functions to overcome the weaknesses of Harn–Lin's protocol. Recently, Shao showed that Teng's protocol is insecure against signature forgery attacks and then proposed an improved authenticated multiple-key agreement protocol to resist the attacks. In this paper we show that Shao's protocol is vulnerable to unknown key-share attacks. We also point out its another potential weakness.     

Authenticated multiple key exchange protocols based on elliptic curves and bilinear pairings

Menezes et al. developed an MQV key exchange protocol that does not use a one-way hash function in 1995. Harn-Lin and Hwang-Shiau-Lai later respectively proposed efficient authenticated key exchange protocols. Lee and Wu recently proposed an enhanced authentication key exchange protocol to solve the drawbacks of the Hwang-Shiau-Lai protocol. Based on the Lee-Wu protocol, this work presents two new authenticated multiple key exchange protocols based on ECC and bilinear pairing. The proposed ECC-based protocol is more efficient than the Harn-Lin, Hwang-Shiau-Lai, and Lee-Wu protocols. Moreover, the proposed pairing-based protocol is better than other protocols in terms of the number of available shared session keys because all agreed session keys can be adopted by the communicating parties in the protocol.     

无散列函数的多密钥交换协议

L. Harn 与H.-Y. Lin 提出了一种不使用散列函数的密钥交换协议，执行一遍该协议可以生成多于一个的共享密钥。该文证明了这个协议是不安全的，入侵者可以容易地冒充一个合法用户与其他用户建立共享密钥。最后给出了一个改进的协议可以有效地抵抗这种攻击。     

一个强安全的无证书密钥协商协议的安全性分析与改进

Yang和Tan提出一个不需要双线性对的无证书密钥协商协议,并声称该协议满足前向安全性,即双方参与者的私钥和临时秘密信息不全部泄露,敌手就无法获得双方参与者协商的会话密钥。给出一种攻击方法:敌手只要得到一个参与者的私钥和另一个参与者的临时秘密信息,就可以获得双方已经协商的会话密钥。针对此缺陷,对协议做了改进,在改进协议中,双方参与者的私钥和临时秘密信息互相交织在一起,因而能抵抗上述攻击。     

Efficient group Diffie–Hellman key agreement protocols

In a group Diffie–Hellman (GDH) key agreement protocol, all group members collaboratively establish a group key. Most GDH key agreement protocols took natural generalization of the original Diffie–Hellman (DH) key agreement protocol to arrange all group members in a logic ring or a binary tree and to exchange DH public keys. The computational cost and the communication rounds are the two most important factors that affect the efficiency of a GDH protocol when there are a large number of group members. In this paper, we propose GDH key agreement protocols based on the secret sharing scheme. In addition, we use a one-way key confirmation and digital certificates of DH public keys to provide authentication of group keys. In the proposed authenticated GDH key agreement protocol, each group member requires to broadcast three-round messages, n modular exponentiations, n polynomial interpolations and n one-way functions. Our proposed solution is efficient, robust and secure.     

增强型相互认证密钥协商方案

传统用于保护用户密钥隐私的相互认证方案不能有效抵抗重放攻击与DOS攻击。为此,将安全单向哈希函数和椭圆曲线上的离散对数难问题相结合,提出一种基于智能卡的相互认证方案。该方案通过引入时间戳及时延限制,能有效抵抗重放攻击,并减轻DOS攻击。相比于其他同类方案,该方案的移动用户端减少2次点的加法运算,提高用户端的计算效率。分析结果表明,该方案是安全有效的。     

An efficient key assignment scheme based on one-way hash function in a user hierarchy

In order to solve the problems resulted from dynamic access control in a user hier-archy,a cryptographic key assignment scheme is proposed by Prof.Lin to promote the performing ability and to simplify the procedure,However,it may cause the security in danger as the user changes his secret key;besides,some secret keys may be disclosed due to the unsuitable selection of the security classes‘‘‘‘‘‘‘‘ identities.Through setting up a one-way hash function onto Lin‘‘‘‘‘‘‘‘s schem,the propsed modification can greatly improve the security of Lin‘‘‘‘‘‘‘‘s scheme.     

Security weakness of Tseng’s fault-tolerant conference-key agreement protocol

A fault-tolerant conference-key agreement protocol establishes a shared key among participants of a conference even when some malicious participants disrupt key agreement processes. Recently, Tseng proposed a new fault-tolerant conference-key agreement protocol that only requires a constant message size and a small number of rounds. In this paper, we show that the Tseng’s protocol cannot provide forward and backward confidentiality during a conference session for the proposed attack method. We also show that a simple countermeasure—re-randomizing short-term keys of some participants—to avoid the proposed attack can be broken by extending the proposed attack method.     

Vulnerability of two multiple-key agreement protocols

In 2008, Lee et al. proposed two multiple-key agreement protocols, first one based on elliptic curve cryptography (ECC) and the other one, based on bilinear pairings. Shortly after publication, Vo et al. showed that the Lee-Wu-Wang’s pairing-based protocol is vulnerable to impersonation attack then for removing the problem, they proposed an improved protocol. In this paper, first We show that the Lee-Wu-Wang’s ECC-based protocol is insecure against forgery attack and also, if long-term private keys of two entities and one key of the session keys are revealed, the other session keys are exposed too. Then, we demonstrate that the Vo-Lee-Yeun-Kim’s protocol is vulnerable to another kind of forgery attacks and a reflection attack.     

Group key agreement for secure group communication in dynamic peer systems

Self-organizing group key agreement protocols without a centralized administrator are essential to secure group communication in dynamic peer systems. In this paper, we propose a generic construction of a one-round self-organizing group key agreement protocol based on the Chinese Remainder Theorem. In the proposed construction, all group members contribute their own public keys to negotiate a shared encryption public key, which corresponds to all different decryption keys. Using his/her own secret key, each group member is able to decrypt any ciphertext encrypted by the shared encryption key. Following the generic construction, we instantiate a one-round self-organizing group key agreement protocol using the efficient and computationally inexpensive public key cryptosystem NTRU. Both the public key and the message in this protocol are secure against the known lattice attacks. Furthermore, we also briefly describe another concrete scheme with our generic idea, based on the ElGamal public key cryptosystem.     

一种基于等级树模型的群组密钥管理方案

安全、高效的群组密钥管理方案是保证群组通信安全的关键。在综合考虑军队保密通信和群组密钥管理的特点及要求的基础上,提出一种基于等级树模型的群组密钥管理方案。根据军队隶属关系建立等级树模型,引入单向散列函数生成层间密钥以维护上下层访问权限,对底层小组的密钥管理采用一种逻辑密钥层次(LKH,Logical Key Hierarchy)的改进算法。对该方案的性能分析结果表明该方案在通信开销、密钥存储开销等方面优于其他同类方案。     

无双线性对双向认证密钥协商协议

为提高公钥密码体制下身份认证协议的性能,将杂凑函数结合到认证过程中,提出一种高性能的交互认证密钥协商协议.协议设计认证双方通过两次信息交换即可实现双向认证,显著降低通信代价.协议的运算复杂度与传统公钥密码体制下身份认证协议相当.通过针对已知攻击形式化推演的方法和数学推导证明了协议能抵御拒绝服务攻击、内部攻击在内的各种已知攻击.协议还设计了登录认证成功后的一次性对称会话密钥协商机制.     

对一类可验证的门限签名方案的安全性分析*

对张劼等人提出的一类可验证的门限签名方案进行了安全性分析,发现它存在安全漏洞,容易受到合谋攻击和伪造攻击,并且不具备不可否认性.针对以上问题对原方案进行了一些改进,新方案克服了原方案的缺点,提高了系统的安全性,实现了公开信道传输子密钥,具有较强的实用性.     

A Provable Secure ID-Based Explicit Authenticated Key Agreement Protocol Without Random Oracles

In this paper, we present an identity-based explicit authenticated key agreement protocol that is provably secure without random oracles. The protocol employs a new method to isolate a session key from key confirmation keys so that there is no direct usage of hash functions in the protocol. The protocol is proved secure without random oracles in a variant of Bellare and Rogaway style model, an exception to current proof method in this style model in the ID-based setting. We believe that this key isolation method is novel and can be further studied for constructing more effcient protocols.     

高效的基于ID的无可信中心签名方案*

针对现有的基于身份签名系统的密钥托管问题,提出了一种高效的基于身份的无可信中心签名方案。新方案通过将两个部分公钥绑定相同的一个身份,从而解决了密钥托管问题。在随机预言模型下,新方案被证明能够抵抗适应性选择消息和身份的存在性伪造攻击。与其他基于身份无可信中心签名方案相比,新方案具有更高的效率。     

无单向Hash函数的数字多签名方案

Shieh等人提出了一种适用于移动代码的并列多签名和顺序多签名方案,但是,Hwang、Chang分别对所依据的基本签名方案提出了伪造攻击.对Shieh的并列多签名方案提出一种伪造攻击,接着提出新的没有使用单向Hash函数和消息冗余模式的基本签名方案,并提出了新的顺序多签名和并列多签名方案.该方案既具有Shieh方案的优点又克服了其不足,还可抵抗已知的伪造攻击.     

Improvements on “multiparty quantum key agreement with single particles”

Recently, Liu et al. (Quantum Inf Process 12: 1797–1805, 2013) proposed a secure multiparty quantum key agreement (MQKA) protocol with single particles. Their protocol allows N parties to negotiate a secret session key in such away that (1) outside eavesdroppers cannot gain the session key without introducing any errors; (2) the session key cannot be determined by any non-trivial subset of the participants. However, the particle efficiency of their protocol is only $\frac{1}{(k+1)N(N-1)}$ . In this paper, we show that the efficiency of the MQKA protocol can be improved to $\frac{1}{N(k+1)}$ by introducing two additional unitary operations. Since, in some scenarios, the secret keys are confidential, neither party is willing to divulge any of the contents to the other. Therefore, in our protocol, no participant can learn anything more than its prescribed output, i.e., the secret keys of the participants can be kept secret during the protocol instead of being exposed to others, thus, the privacy of the protocol is also improved. Furthermore, we explicitly show the scheme is secure.     

Cryptanalysis of a multiparty quantum key agreement protocol based on commutative encryption

Recently, Sun et al. (Quantum Inf Process 15(5):2101–2111, 2016) proposed an efficient multiparty quantum key agreement protocol based on commutative encryption. The aim of this protocol is to negotiate a secret shared key among multiple parties with high qubit efficiency as well as security against inside and outside attackers. The shared key is the exclusive-OR of all participants’ secret keys. This is achieved by applying the rotation operation on encrypted photons. For retrieving the final secret key, only measurement on single states is needed. Sun et al. claimed that assuming no mutual trust between participants, the scheme is secure against participant’s attack. In this paper, we show that this is not true. In particular, we demonstrate how a malicious participant in Sun et al.’s protocol can introduce “a” final fake key to target parties of his choice. We further propose an improvement to guard against this attack.     

前向安全无证书代理盲签名方案的分析与改进

通过对魏俊懿等人提出的一种前向安全的无证书代理盲签名方案进行安全性分析,发现该方案不能抵抗原始签名人的伪造攻击、不具有盲性。针对上述问题,提出一种改进的方案。通过对代理密钥生成过程以及盲签名过程的改进,克服了原方案存在的安全缺陷。利用将单向散列链嵌入签名的方法,保证了改进的方案具有后向安全性。而且,密钥生成中心与用户之间不需要建立可信的安全通道,节省了额外的开销。安全分析表明,改进的方案满足前向安全无证书代理盲签名方案的安全要求。     

Pair-wise path key establishment in wireless sensor networks

When sensor networks deployed in unattended and hostile environments, for securing communication between sensors, secret keys must be established between them. Many key establishment schemes have been proposed for large scale sensor networks. In these schemes, each sensor shares a secret key with its neighbors via preinstalled keys. But it may occur that two end nodes which do not share a key with each other could use a secure path to share a secret key between them. However during the transmission of the secret key, the secret key will be revealed to each node along the secure path. Several researchers proposed a multi-path key establishment to prevent a few compromised sensors from knowing the secret key, but it is vulnerable to stop forwarding or Byzantine attacks. To counter these attacks, we propose a hop by hop authentication scheme for path key establishment to prevent Byzantine attacks. Compared to conventional protocols, our proposed scheme can mitigate the impact of malicious nodes from doing a Byzantine attack and sensor nodes can identify the malicious nodes. In addition, our scheme can save energy since it can detect and filter false data not beyond two hops.