Reparable key distribution protocols for Internet environments

A new concept of reparable key distribution protocol is introduced in this paper. The merit of a reparable protocol is in that once all compromised keys have been replaced by secure keys, the protocol is secure. We show that the key distribution protocol of Lu et al. (1989), for Internet is not reparable. A reparable one is proposed instead     

A survey of light-weight transport protocols for high-speednetworks

A comparative survey is presented of techniques used at the transport layer in eight representative protocols, most of which were designed to improve the protocol processing rate. The protocols are the relevant portions of the APPN, Datakit, Delta-t, NETBLT, OSI/TP4, TCP, VMTP, and XTP architectures. The protocols are described, and the functions under consideration are defined. No distinction is made as to whether these functions are carried out in a LAN, MAN, or WAN environment. The objective is to provide reliable, end-to-end transmission of data. The mechanisms required to support connection management, acknowledgements, flow control, and error handling are examined. Suitable techniques for designing light-weight transport protocols are identified. A discussion is presented as to which technique seems the most promising     

Comment on “Reparable key distribution protocols for Internetenvironments” [and reply]

For original paper see Hwang and Ku (IEEE Trans. Commun., vol.43, p.1947-9, 1995 May). The present authors find that the key distribution protocol KDP2 proposed in the original paper is, in fact, not reparable, as was claimed by the original authors. A reparable revised version of this KPD2 is then introduced. In a reply Hwang presents an example to show that the Lin et al. revised reparable KDP2 did not solve the problem which they proposed     

The OMLP family of optimal multiprocessor real-time locking protocols

This paper presents the first suspension-based multiprocessor real-time locking protocols with asymptotically optimal blocking bounds (under certain analysis assumptions). These protocols can be applied under any global, clustered, or partitioned job-level fixed-priority scheduler and support mutual exclusion, reader-writer exclusion, and k-exclusion constraints. Notably, the reader-writer and k-exclusion protocols are the first analytically-sound suspension-based multiprocessor real-time locking protocols of their kind. To formalize a notion of “optimal blocking,” precise definitions of what constitutes “blocking” in a multiprocessor real-time system are given and a simple complexity metric for real-time locking protocols, called maximum priority-inversion blocking (pi-blocking), is introduced. It is shown that, in a system with m processors, Ω(m) maximum pi-blocking is unavoidable. This bound is shown to be asymptotically tight with the introduction of the O(m) multiprocessor locking protocol (OMLP) family presented herein, which includes protocols that ensure an upper bound on maximum pi-blocking that is approximately within a factor of two of the lower bound. In addition to the coarse-grained asymptotic bounds, detailed blocking bounds suitable for schedulability analysis are derived using holistic blocking analysis. Based on the detailed bounds, the proposed locking protocols are compared with each other and with previously-proposed protocols in an empirical schedulability study involving more than one billion task sets. In this study, the OMLP was found to perform better than two variants of the classic (but non-optimal) multiprocessor priority-ceiling protocol (MPCP).     

New multiparty authentication services and key agreement protocols

Many modern computing environments involve dynamic peer groups. Distributed simulation, multiuser games, conferencing applications, and replicated servers are just a few examples. Given the openness of today's networks, communication among peers (group members) must be secure and, at the same time, efficient. This paper studies the problem of authenticated key agreement in dynamic peer groups with the emphasis on efficient and provably secure key authentication, key confirmation, and integrity. It begins by considering two-party authenticated key agreement and extends the results to group Diffie-Hellman (1976) key agreement. In the process, some new security properties (unique to groups) are encountered and discussed     

Weaknesses in some recent key agreement protocols

B. Arazi ( see ibid., vol. 29, no. 11, p. 966-7, 1993 ) recently proposed a way to integrate the DSS (digital signature standard) to the Diffie-Hellman key exchange system to obtain an authenticated key establishment mechanism for secret session keys. The authors point out the following weakness in the Arazi system: if one key is compromised then the others will be disclosed as well. A similar weakness appears also in another recently presented key distribution system     

Methods and protocols for secure key negotiation using IKE

The IETF has advanced the IPsec protocols to draft standard status. These protocols include mechanisms for the establishment of a secure channel, via cryptographic key exchange, over an insecure medium. Such a channel can then be used for ensuring the confidentiality, authentication, and/or integrity of the communications between two parties. We explain the algorithms and protocols of IPsec's Internet Key Exchange (IKE) and discuss the types of security that the various IKE modes provide     

密钥交换协议前向安全性的自动化分析

会话密钥的安全影响了整个通信网络的安全,前向安全性是密钥交换协议中保证会话密钥安全的一种特殊的安全属性。首先扩展了应用PI演算,增加了阶段进程语法描述协议的前向安全性;然后提出了一个基于一阶定理证明器Pro Verif的前向安全性自动化分析方法;最后运用这种方法分析了两种典型的密钥交换协议,STS协议和MTI协议的前向安全性,分析结果表明该方法简单可靠。     

基于IDA的密钥分存方案

本文详细介绍了IDA(Information Dispersal Algorithm)算法。该算法实现了将一个长为L的文件F分割成n份,每份长度为L/m,任何m份都可以重构原文件。还给出了基于该算法的密钥分存方案,分析了该方案的特点。     

Distributed collaborative key agreement and authentication protocols for dynamic peer Groups

We consider several distributed collaborative key agreement and authentication protocols for dynamic peer groups. There are several important characteristics which make this problem different from traditional secure group communication. They are: 1) distributed nature in which there is no centralized key server; 2) collaborative nature in which the group key is contributory (i.e., each group member will collaboratively contribute its part to the global group key); and 3) dynamic nature in which existing members may leave the group while new members may join. Instead of performing individual rekeying operations, i.e., recomputing the group key after every join or leave request, we discuss an interval-based approach of rekeying. We consider three interval-based distributed rekeying algorithms, or interval-based algorithms for short, for updating the group key: 1) the Rebuild algorithm; 2) the Batch algorithm; and 3) the Queue-batch algorithm. Performance of these three interval-based algorithms under different settings, such as different join and leave probabilities,is analyzed. We show that the interval-based algorithms significantly outperform the individual rekeying approach and that the Queue-batch algorithm performs the best among the three interval-based algorithms. More importantly, the Queue-batch algorithm can substantially reduce the computation and communication workload in a highly dynamic environment. We further enhance the interval-based algorithms in two aspects: authentication and implementation. Authentication focuses on the security improvement, while implementation realizes the interval-based algorithms in real network settings. Our work provides a fundamental understanding about establishing a group key via a distributed and collaborative approach for a dynamic peer group.     

一种新的无证书可认证多方密钥协商协议

Joux提出的三方密钥协商方案虽然简洁、高效,但不能抵抗中间人攻击。基于无证书公钥密码体制,提出一种新的无证书可认证多方密钥协商方案,新方案将Joux的三方协议拓展至多方,并且具有认证功能。由于新方案中所用的签名为短签名,所以整个认证过程计算效率较高,另外,新方案还具有简单证书管理、无密钥托管的优点,新方案满足无密钥控制、抗中间人的主动攻击、前向安全性和抗密钥泄露伪装攻击等多种安全特性。     

Automated verification of a key management architecture for hierarchical group protocols

Emerging applications require secure group communications involving hierarchical architecture protocols. Designing such secure hierarchical protocols is not straightforward, and their verification becomes a major issue in order to avoid any possible security attack and vulnerability. Several attempts have been made to deal with formal verification of group protocols, but to our knowledge, none of them did address the security of hierarchical ones. In this paper, we present the specific challenges and security issues of hierarchical secure group communications, and the work we did for their verification. We show how the AtSe back-end of the avispa tool was used to verify one of these protocols.     

Identity-based conference key distribution system

We propose an identity-based key distribution system to generate a common secret conference key for three or more users. Users are connected in a ring so that each user sends messages to the neighbouring user to generate a conference key. These messages are authenticated using each user's identification information.     

A conference key distribution system

Encryption is used in a communication system to safeguard information in the transmitted messages from anyone other than the intended receiver(s). To perform the encryption and decryption the transmitter and receiver(s) ought to have matching encryption and decryption keys. A clever way to generate these keys is to use the public key distribution system invented by Diffie and Hellman. That system, however, admits only one pair of communication stations to share a particular pair of encryption and decryption keys, The public key distribution system is generalized to a conference key distribution system (CKDS) which admits any group of stations to share the same encryption and decryption keys. The analysis reveals two important aspects of any conference key distribution system. One is the multitap resistance, which is a measure of the information security in the communication system. The other is the separation of the problem into two parts: the choice of a suitable symmetric function of the private keys and the choice of a suitable one-way mapping thereof. We have also shown how to use CKDS in connection with public key ciphers and an authorization scheme.     

Communication in key distribution schemes

A (g, b) key distribution scheme allows conferences of g users to generate secret keys, such that disjoint coalitions of b users cannot gain any information on the generated key (in the information-theoretic sense). We study the relationships between communication and space efficiency of key distribution schemes. We prove that communication does not help in the context of unrestricted schemes. On the other hand, we show that for restricted schemes, which are secure only when used by a limited number of conferences, communication can substantially improve the space efficiency. We also present lower bounds on the space efficiency of restricted schemes     

自由空间量子密钥分配的发展状况

简要介绍了基于单光子几种量子密钥分配协议,从基于单光子偏振和基于光子纠缠两个方面综述了国内外量子理论和实验现状,说明了自由空间量子密钥分配面临的挑战,最后提出了全球量子通信存在的问题及发展方向.     

光纤量子密钥分发系统中密钥传输率和误码率的研究

通过理论分析和计算,研究了光纤损耗、色散和单光子探测器暗计数等因素对量子密钥分发系统密钥传输率和误码率的影响.研究表明,光纤损耗是影响密钥传输率的主要因素.而量子比特误码率则与光纤损耗、色散、脉冲宽度、单光子探测器暗计数以及瑞利反向散射等因素有关.在实验中,应尽量降低光纤损耗、色散和单光子探测器的暗计数,同时选择适当的初始脉宽,从而提高密钥传输率并降低误码率,进而提高量子密钥分发系统的传输距离.     

基于KryptoKnight的移动用户认证协议

本文基于KryptoDnight[6],为个人通信系统设计了一轻量级认证与密钥分配协议．该协议与现有的协议相比，新协议具有很高的安全性和运行效率，特别适合用作PCS移动环境中的低层网络协议     

Cryptanalysis of an authentication and key distribution protocol

We point out that a previously proposed authentication and key distribution protocol is not secure from both the viewpoints of authentication and key distribution requirements