基于身份的密钥协商协议研究

提出了两种基于身份的密钥协商协议.在这些协议中,所有用户共享一个秘密信息,通过较少的步骤实现密钥协商,用户无须复杂的证书管理,且提出的协议满足较高的安全性.     

Identity-based key agreement protocols from pairings

In recent years, a large number of identity- based key agreement protocols from pairings have been proposed. Some of them are elegant and practical. However, the security of this type of protocol has been surprisingly hard to prove, even in the random oracle model. The main issue is that a simulator is not able to deal with reveal queries, because it requires solving either a computational problem or a decisional problem, both of which are generally believed to be hard (i.e., computationally infeasible). The best solution so far for security proofs uses the gap assumption, which means assuming that the existence of a decisional oracle does not change the hardness of the corresponding computational problem. The disadvantage of using this solution to prove security is that such decisional oracles, on which the security proof relies, cannot be performed by any polynomial time algorithm in the real world, because of the hardness of the decisional problem. In this paper we present a method incorporating a built-in decisional function into the protocols. The function transfers a hard decisional problem in the proof to an easy decisional problem. We then discuss the resulting efficiency of the schemes and the relevant security reductions, in the random oracle model, in the context of different pairings one can use. We pay particular attention, unlike most other papers in the area, to the issues which arise when using asymmetric pairings.     

Security weaknesses of authenticated key agreement protocols

In this paper, we analyze the protocols of Tan, Lim et al., Chen et al. and five protocols of Hölbl et al. After the analysis, we found that Tan et al.?s, Lim et al.?s and two protocols of Hölbl et al. are insecure against the impersonation attack and the man-in-the-middle attack, Chen et al.?s protocol cannot withstand the key-compromise impersonation attack, one protocol of Hölbl et al. is vulnerable to the insider attack, one allows an adversary to compute the private key of any user and one protocol allows her to compute the shared secret key.     

On expected constant-round protocols for Byzantine agreement

In a seminal paper, Feldman and Micali show an n-party Byzantine agreement protocol in the plain model that tolerates $t<n/3$ malicious parties and runs in expected constant rounds. Here, resolving a question that had been open since their work, we show an expected constant-round protocol for authenticated Byzantine agreement assuming honest majority (i.e., $t<n/2$), and relying only on the existence of signature schemes and a public-key infrastructure. Combined with existing results, this gives the first expected constant-round protocol for secure computation with honest majority in a point-to-point network under the same assumptions. Our key technical tool — a new primitive we introduce called moderated VSS — also yields a simpler proof of the Feldman–Micali result.In addition, we show a simple technique for sequential composition of Byzantine agreement protocols that do not achieve simultaneous termination, something that is inherent for protocols using $o(t)$ rounds.     

Strongly secure identity-based authenticated key agreement protocols

In this paper, we present a strongly secure identity-based (ID-based) two-party authenticated key agreement (AKA) protocol, which captures all basic desirable security properties including master key forward secrecy, ephemeral secrets reveal resistance and so on, and is provably secure in the extended Canetti-Krawczyk (eCK) model. The security of the protocol can be reduced to the standard Computational Bilinear Diffie-Hellman assumption in the random oracle model. Our scheme is secure as long as each party has at least one uncompromised secret. Also, we give a strongly secure variant of the protocol. The variant has a much lower computational overhead than the original scheme, while its security relies on the Gap Bilinear Diffie-Hellman assumption. Currently, there are few ID-based AKA protocols that are provably secure in the strong eCK model. Compared with previous ID-based AKA schemes, our protocols have advantages over them in security or efficiency.     

Potential weaknesses of AuthA password-authenticated key agreement protocols

In this paper we point out potential weaknesses of AuthA protocols which are in the process of being standardized by IEEE; IEEE P1363-Password-based authentication and key agreement protocols. More precisely, we present chosen protocol attacks on AuthA password-authenticated key agreement protocols. We make suggestions for improvement.     

Controllability of multi-agent systems based on agreement protocols

This paper investigates the controllability of multi-agent systems based on agreement protocols. First, for a group of single-integrator agents, the controllability is studied in a unified framework for both networks with leader-following structure and networks with undirected graph. Some new necessary/sufficient conditions for the controllability of networks of single-integrator agents are established. Second, we prove that, under the same topology and same prescribed leaders, a network of high-order dynamic agents is completely controllable if and only if so is a network of single-integrator agents. Third, how the selection of leaders and the coupling weights of graphs affect the controllability is analyzed. Finally, some numerical simulations are presented to demonstrate the effectiveness of the theoretical results.     

Two improved two-party identity-based authenticated key agreement protocols

Many authenticated key agreement protocols based on identity information were published in recent years. Hsieh et al. presented their protocol in 2002. However, Tseng et al. found a flaw in the protocol which resulted in a key compromise impersonation attack. Later, Tseng proposed his protocol conforming which conforms to all desirable security properties and is efficient. In this paper we propose two new two-party identity-based authenticated key agreement protocols. The first is based on Hsieh et al.'s protocol and makes it immune against Tseng et al.'s attack, while the second is an efficiently improved protocol based on Tseng's protocol.     

无线传感网动态可认证群组密钥交换协议

无线传感器网络中节点电池电量有限、节点计算能力及存储能力受限,使得现有的大部分群组密钥交换技术不适用于无线传感器网络。针对该问题,提出一种动态的可认证群组密钥交换协议。采用双线性映射技术实现无线传感器网络中节点之间的群组密钥交换。该协议具有可认证性,避免群组密钥交换过程中遭到欺骗攻击及中间人攻击;具有动态性,适用于无线传感器网络节点动态部署;在双线性计算Diffie-Hellman(bilinear computation Diffie-Hellman,BCDH)困难性假设下是可证安全的。分析结果表明,该协议具有较高的安全性和较好的性能。     

Vulnerability analysis of RFID protocols for tag ownership transfer

In RFIDSec’08, Song proposed an ownership transfer scheme, which consists of an ownership transfer protocol and a secret update protocol [7]. The ownership transfer protocol is completely based on a mutual authentication protocol proposed in WiSec’08 [8]. In Rizomiliotis et al. (2009) [6], van Deursen and Radomirovic (2008), the first weaknesses to be identified (tag and server impersonation) were addressed and this paper completes the consideration of them all. We find that the mutual authentication protocol, and therefore the ownership transfer protocol, possesses certain weaknesses related to most of the security properties initially required in protocol design: tag information leakage, tag location tracking, and forward traceability. Moreover, the secret update protocol is not immune to de-synchronization attacks.     

Cryptanalysis of tripartite and multi-party authenticated key agreement protocols

Al-Riyami and Paterson proposed four authenticated tripartite key agreement protocols which make use of the Weil pairing. Recently, Lee et al. extended the protocols to a multi-party setting assuming the existence of cryptographic multilinear forms. In this paper we show that the tripartite and multi-party authenticated key agreement protocols are insecure against several active attacks.     

Two-party quantum key agreement protocols under collective noise channel

Recently, quantum communication has become a very popular research field. The quantum key agreement (QKA) plays an important role in the field of quantum communication, based on its unconditional security in terms of theory. Among all kinds of QKA protocols, QKA protocols resisting collective noise are widely being studied. In this paper, we propose improved two-party QKA protocols resisting collective noise and present a feasible plan for information reconciliation. Our protocols’ qubit efficiency has achieved 26.67%, which is the best among all the two-party QKA protocols against collective noise, thus showing that our protocol can improve the transmission efficiency of quantum key agreement.     

Constant round group key agreement protocols: A comparative study

The scope of this paper is to review and evaluate all constant round Group Key Agreement (GKA) protocols proposed so far in the literature. We have gathered all GKA protocols that require 1,2,3,4 and 5 rounds and examined their efficiency. In particular, we calculated each protocol’s computation and communication complexity and using proper assessments we compared their total energy cost. The evaluation of all protocols, interesting on its own, can also serve as a reference point for future works and contribute to the establishment of new, more efficient constant round protocols.     

Security weaknesses of a signature scheme and authenticated key agreement protocols

At ACISP 2012, a novel deterministic identity-based (aggregate) signature scheme was proposed that does not rely on bilinear pairing. The scheme was formally proven to be existentially unforgeable under an adaptive chosen message and identity attack. The security was proven under the strong RSA assumption in the random oracle model. In this paper, unfortunately, we show that the signature scheme is universally forgeable, i.e., an adversary can recover the private key of a user and use it to generate forged signatures on any messages of its choice having on average eight genuine signatures. This means, that realizing a deterministic identity-based signature scheme in composite order groups is still an open problem. In addition, we show that a preliminary version of the authenticated key exchange protocol proposed by Okamoto in his invited talk at ASIACRYPT 2007 is vulnerable to the key-compromise impersonation attack and therefore cannot be secure in the eCK model. We also show that the two-party identity-based key agreement protocol of Hölbl et al. is vulnerable to the unknown key-share attack.     

Strongly secure identity-based authenticated key agreement protocols in the escrow mode

Escrowable identity-based authenticated key agreement(AKA) protocols are desirable under certain circumstances especially in certain closed groups applications.In this paper,we focus on two-party identitybased AKA schemes in the escrow mode,and present a strongly secure escrowable identity-based AKA protocol which captures all basic desirable security properties including perfect forward secrecy,ephemeral secrets reveal resistance and so on.The protocol is provably secure in the extended Canetti-Krawczyk model,and its security can be reduced to the standard computational bilinear Diffie-Hellman assumption in the random oracle model.Assuming no adversary can obtain the master private key for the escrow mode,our scheme is secure as long as each party has at least one uncompromised secret.Also,we present two strongly secure variants of the protocol,which are computationally more efficient than the original scheme.     

动态对等环境中组密钥协商协议的健壮性研究

总结提出了一种健壮的安全组通信系统一般模型,比较分析了多种组密钥协商协议,基于安全性和效率的考虑,从中选择了三种作为研究对象,描述了它们对各种异步网络事件和组成员关系变化的处理过程。在此基础上,探讨了它们不同的健壮性,并阐明了利用它们来构建健壮、可靠和安全的组通信系统的基本思路。     

Performance evaluation of two multiple-access protocols

A real-time, microprocessor-based simulator was designed to study the packet transmission of voice on a broadcast type local area network, based on the CSMA/CD and Hymap multiple-access protocols. The speech quality is evaluated subjectively. A packetization-frozen protocol is used to eliminate the successive collisions due to possible synchronization of packet generation among stations. The variance of the network delay is bounded by discarding packets which have not been transmitted within a certain amount of time. Smooth speech output can be obtained by introducing additional buffer delay at the receiver.     

Provably secure identity-based authenticated key agreement protocols with malicious private key generators

Identity-based authenticated key agreement is a useful cryptographic primitive and has received a lot of attention. The security of an identity-based system relies on a trusted private key generator (PKG) that generates private keys for users. Unfortunately, the assumption of a trusted PKG (or a curious-but-honest PKG) is considered to be too strong in some situations. Therefore, achieving security without such an assumption has been considered in many cryptographic protocols. As a PKG knows the private keys of its users, man-in-the-middle attacks (MIMAs) from a malicious PKG is considered as the strongest attack against a key agreement protocol. Although securing a key agreement process against such attacks is desirable, all existent identity-based key agreement protocols are not secure under such attacks. In this paper, we, for the first time, propose an identity-based authenticated key agreement protocol resisting MIMAs from malicious PKGs that form a tree, which is a commonly used PKG structure for distributing the power of PKGs. Users are registered at a PKG in the tree and each holds a private key generated with all master keys of associated PKGs. This structure is much more efficient, in comparison with other existing schemes such as threshold-based schemes where a user has to register with all PKGs. We present our idea in two protocols. The first protocol is not secure against MIMAs from some kinds of malicious PKGs but holds all other desirable security properties. The second protocol is fully secure against MIMAs. We provide a complete security proof to our protocols.     

A machine learning-based scheme for the security analysis of authentication and key agreement protocols

Neural Computing and Applications - This paper proposes a novel machine learning-based scheme for the automatic analysis of authentication and key agreement protocols. Considering the traditional...