Reparable key distribution protocols for Internet environments

A new concept of reparable key distribution protocol is introduced in this paper. The merit of a reparable protocol is in that once all compromised keys have been replaced by secure keys, the protocol is secure. We show that the key distribution protocol of Lu et al. (1989), for Internet is not reparable. A reparable one is proposed instead     

A survey of light-weight transport protocols for high-speednetworks

A comparative survey is presented of techniques used at the transport layer in eight representative protocols, most of which were designed to improve the protocol processing rate. The protocols are the relevant portions of the APPN, Datakit, Delta-t, NETBLT, OSI/TP4, TCP, VMTP, and XTP architectures. The protocols are described, and the functions under consideration are defined. No distinction is made as to whether these functions are carried out in a LAN, MAN, or WAN environment. The objective is to provide reliable, end-to-end transmission of data. The mechanisms required to support connection management, acknowledgements, flow control, and error handling are examined. Suitable techniques for designing light-weight transport protocols are identified. A discussion is presented as to which technique seems the most promising     

Comment on “Reparable key distribution protocols for Internetenvironments” [and reply]

For original paper see Hwang and Ku (IEEE Trans. Commun., vol.43, p.1947-9, 1995 May). The present authors find that the key distribution protocol KDP2 proposed in the original paper is, in fact, not reparable, as was claimed by the original authors. A reparable revised version of this KPD2 is then introduced. In a reply Hwang presents an example to show that the Lin et al. revised reparable KDP2 did not solve the problem which they proposed     

群组密钥交换协议中的一致性分析

一致性是密钥交换协议的基本安全目标,但是在协议设计过程中非常难于把握且经常被忽视.对近年来基于GDH、基于口令和基于身份的几类可证明安全的群组密钥交换协议中几个经典的协议进行了仔细分析,分别发现了针对这些协议一致性的有效攻击.这些攻击破坏了群组的完整性,造成错误的群组通信.最后分别出了改进方案以克服存在的安全缺陷.     

The OMLP family of optimal multiprocessor real-time locking protocols

This paper presents the first suspension-based multiprocessor real-time locking protocols with asymptotically optimal blocking bounds (under certain analysis assumptions). These protocols can be applied under any global, clustered, or partitioned job-level fixed-priority scheduler and support mutual exclusion, reader-writer exclusion, and k-exclusion constraints. Notably, the reader-writer and k-exclusion protocols are the first analytically-sound suspension-based multiprocessor real-time locking protocols of their kind. To formalize a notion of “optimal blocking,” precise definitions of what constitutes “blocking” in a multiprocessor real-time system are given and a simple complexity metric for real-time locking protocols, called maximum priority-inversion blocking (pi-blocking), is introduced. It is shown that, in a system with m processors, Ω(m) maximum pi-blocking is unavoidable. This bound is shown to be asymptotically tight with the introduction of the O(m) multiprocessor locking protocol (OMLP) family presented herein, which includes protocols that ensure an upper bound on maximum pi-blocking that is approximately within a factor of two of the lower bound. In addition to the coarse-grained asymptotic bounds, detailed blocking bounds suitable for schedulability analysis are derived using holistic blocking analysis. Based on the detailed bounds, the proposed locking protocols are compared with each other and with previously-proposed protocols in an empirical schedulability study involving more than one billion task sets. In this study, the OMLP was found to perform better than two variants of the classic (but non-optimal) multiprocessor priority-ceiling protocol (MPCP).     

New multiparty authentication services and key agreement protocols

Many modern computing environments involve dynamic peer groups. Distributed simulation, multiuser games, conferencing applications, and replicated servers are just a few examples. Given the openness of today's networks, communication among peers (group members) must be secure and, at the same time, efficient. This paper studies the problem of authenticated key agreement in dynamic peer groups with the emphasis on efficient and provably secure key authentication, key confirmation, and integrity. It begins by considering two-party authenticated key agreement and extends the results to group Diffie-Hellman (1976) key agreement. In the process, some new security properties (unique to groups) are encountered and discussed     

Weaknesses in some recent key agreement protocols

B. Arazi ( see ibid., vol. 29, no. 11, p. 966-7, 1993 ) recently proposed a way to integrate the DSS (digital signature standard) to the Diffie-Hellman key exchange system to obtain an authenticated key establishment mechanism for secret session keys. The authors point out the following weakness in the Arazi system: if one key is compromised then the others will be disclosed as well. A similar weakness appears also in another recently presented key distribution system     

Methods and protocols for secure key negotiation using IKE

The IETF has advanced the IPsec protocols to draft standard status. These protocols include mechanisms for the establishment of a secure channel, via cryptographic key exchange, over an insecure medium. Such a channel can then be used for ensuring the confidentiality, authentication, and/or integrity of the communications between two parties. We explain the algorithms and protocols of IPsec's Internet Key Exchange (IKE) and discuss the types of security that the various IKE modes provide     

密钥交换协议前向安全性的自动化分析

会话密钥的安全影响了整个通信网络的安全,前向安全性是密钥交换协议中保证会话密钥安全的一种特殊的安全属性。首先扩展了应用PI演算,增加了阶段进程语法描述协议的前向安全性;然后提出了一个基于一阶定理证明器Pro Verif的前向安全性自动化分析方法;最后运用这种方法分析了两种典型的密钥交换协议,STS协议和MTI协议的前向安全性,分析结果表明该方法简单可靠。     

Mobility-awareness in group key management protocols within MANETs

Several sensitive applications deployed within wireless networks require group communications. A high level of security is often required in such applications, like military or public security applications. The most suitable solution to ensure security in these services is the deployment of a group key management protocol, adapted to the characteristics ofManets, especially to mobility of nodes. In this paper, we present theOmct (Optimized Multicast Cluster Tree) algorithm for dynamic clustering of multicast group, that takes into account both nodes localization and mobility, and optimizes the energy and bandwidth consumptions. Then, we show how we integrateOmct within our group key management protocolBalade, in a sequential multi-source model. The integration ofBalade andOmct allows an efficient and fast key distribution process, validated through simulations, by applying various models of mobility (individual mobility and group mobility). The impact of the mobility model on the performance and the behaviour of the group key management protocolBalade coupled withOmct, is also evaluated.     

New controlled quantum key agreement protocols based onBell states

The controlled quantum key agreement (CQKA) protocol requires a controller to oversee the process of all participants negotiating a key, which can satisfy the needs of certain specific scenarios. Existing CQKA protocols are mostly two-party or three-party, and they do not entirely meet the actual needs. To address this problem, this paper proposes new CQKA protocols based on Bell states and Bell measurements. The new CQKA protocols can be successfully implemented for any N-party, not just two-party. Furthermore, the security and efficiency analyses demonstrate that the new CQKA protocols are not only secure but also more efficient in terms of quantum bit.     

计算可靠的Diffie-Hellman密钥交换协议自动证明

针对Diffie-Hellman密钥交换协议,提出了采用观测等价关系的建模方法,证明了该方法的可靠性,并利用该方法扩展了自动工具CryptoVerif的验证能力。发现了对公钥Kerberos协议自动证明中敌手能力模型的缺陷,并提出了修正方法。利用扩展的CryptoVerif自动证明了基于Diffie-Hellman的Kerberos协议的安全性,验证了该扩展方法的有效性。与现有大部分证明方法不同的是,该证明方法既保留了自动证明工具的易用性,又保证了计算模型下的强可靠性。     

Distributed collaborative key agreement and authentication protocols for dynamic peer Groups

We consider several distributed collaborative key agreement and authentication protocols for dynamic peer groups. There are several important characteristics which make this problem different from traditional secure group communication. They are: 1) distributed nature in which there is no centralized key server; 2) collaborative nature in which the group key is contributory (i.e., each group member will collaboratively contribute its part to the global group key); and 3) dynamic nature in which existing members may leave the group while new members may join. Instead of performing individual rekeying operations, i.e., recomputing the group key after every join or leave request, we discuss an interval-based approach of rekeying. We consider three interval-based distributed rekeying algorithms, or interval-based algorithms for short, for updating the group key: 1) the Rebuild algorithm; 2) the Batch algorithm; and 3) the Queue-batch algorithm. Performance of these three interval-based algorithms under different settings, such as different join and leave probabilities,is analyzed. We show that the interval-based algorithms significantly outperform the individual rekeying approach and that the Queue-batch algorithm performs the best among the three interval-based algorithms. More importantly, the Queue-batch algorithm can substantially reduce the computation and communication workload in a highly dynamic environment. We further enhance the interval-based algorithms in two aspects: authentication and implementation. Authentication focuses on the security improvement, while implementation realizes the interval-based algorithms in real network settings. Our work provides a fundamental understanding about establishing a group key via a distributed and collaborative approach for a dynamic peer group.     

基于IDA的密钥分存方案

本文详细介绍了IDA(Information Dispersal Algorithm)算法。该算法实现了将一个长为L的文件F分割成n份,每份长度为L/m,任何m份都可以重构原文件。还给出了基于该算法的密钥分存方案,分析了该方案的特点。     

一种新的无证书可认证多方密钥协商协议

Joux提出的三方密钥协商方案虽然简洁、高效,但不能抵抗中间人攻击。基于无证书公钥密码体制,提出一种新的无证书可认证多方密钥协商方案,新方案将Joux的三方协议拓展至多方,并且具有认证功能。由于新方案中所用的签名为短签名,所以整个认证过程计算效率较高,另外,新方案还具有简单证书管理、无密钥托管的优点,新方案满足无密钥控制、抗中间人的主动攻击、前向安全性和抗密钥泄露伪装攻击等多种安全特性。     

Automated verification of a key management architecture for hierarchical group protocols

Emerging applications require secure group communications involving hierarchical architecture protocols. Designing such secure hierarchical protocols is not straightforward, and their verification becomes a major issue in order to avoid any possible security attack and vulnerability. Several attempts have been made to deal with formal verification of group protocols, but to our knowledge, none of them did address the security of hierarchical ones. In this paper, we present the specific challenges and security issues of hierarchical secure group communications, and the work we did for their verification. We show how the AtSe back-end of the avispa tool was used to verify one of these protocols.     

Cryptanalysis of two password authenticated key exchange protocols based on RSA

In 2002, Zhu et al. proposed a password-based authenticated key exchange protocol based on RSA. Many researchers pointed out that Zhu et al.'s protocol is vulnerable to off-line dictionary attack. In 2003, Yeh et al. proposed an improved protocol. Recently, Lo and Yang-Wang pointed out that Yeh et al.'s improved protocol is also vulnerable to offline dictionary attack. To avoid this weakness existed in Yeh et al.'s protocol, Lo and Yang-Wang proposed two improved protocols. However, in this letter, we show that the Lo protocol is vulnerable to an active off-line dictionary attack and the Yang-Wang protocol is vulnerable to a passive off-line dictionary attack.     

Communication in key distribution schemes

A (g, b) key distribution scheme allows conferences of g users to generate secret keys, such that disjoint coalitions of b users cannot gain any information on the generated key (in the information-theoretic sense). We study the relationships between communication and space efficiency of key distribution schemes. We prove that communication does not help in the context of unrestricted schemes. On the other hand, we show that for restricted schemes, which are secure only when used by a limited number of conferences, communication can substantially improve the space efficiency. We also present lower bounds on the space efficiency of restricted schemes     

Identity-based conference key distribution system

We propose an identity-based key distribution system to generate a common secret conference key for three or more users. Users are connected in a ring so that each user sends messages to the neighbouring user to generate a conference key. These messages are authenticated using each user's identification information.