1 / 12

Improved Deniable Authentication Protocol based on Diffie-Hellman Algorithm

This paper presents an improved deniable authentication protocol based on the Diffie-Hellman algorithm. It addresses the weaknesses of Fan et al.'s protocol and provides better security against masqueraders and inquisitors. The proposed protocol ensures that the receiver can verify the source of the message, while third parties cannot prove the message source. The protocol is applicable in electronic voting systems and other scenarios requiring deniable authentication.

cascio
Download Presentation

Improved Deniable Authentication Protocol based on Diffie-Hellman Algorithm

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Improvement of Fan et al.’s deniable authentication protocol based on Diffie-Hellman algorithm ELSEVIER, Applied Mathematics and Computation 167 (2005) 274-280 Eun-Jun Yoon, Eun-Kyung Ryu, Kee-Young Yoo Presented by 張簡琮倫(2005/11/30)

  2. Outline • Introduction • Related works • Overview of the Fan et al.’s scheme • Proposed deniable authentication scheme • Security analysis • Conclusion

  3. Introduction • Deniable authentication protocol: • The receiver can verify the source of the message as the traditional authentication protocol. • The receiver cannot prove the source of the message to the third party. • Application • Electronic voting systems.

  4. Related Works (1/2) • In 1998, Dwork et al. proposed a deniable authentication protocol based on zero-knowledge proof. • Aumann and Rabin also proposed deniable authentication protocol based on factoring in 1998. • Den et al. proposed two deniable authentication protocols based on the factoring and the discrete logarithm problem respectively. • All of above protocol need public directory, which is trusted by the sender and the receiver.

  5. Related Works (2/2) • Fan et al. proposed a simple deniable authentication protocol based on the Diffie-Hellman key distribution protocol. • An intruder masquerades as a receiver to a sender and persuades a sender to initiate a protocol with him.

  6. Review of the Fan et al.’s scheme Sender Receiver X’ Y

  7. Cryptanalysis of the Fan et al.’s scheme (1/2) Sender Intruder Receiver X’ X’

  8. Cryptanalysis of the Fan et al.’s scheme (2/2) • Inquisitor (INQ) is able to intercept the traffic between the sender and the receiver • INQ can identify the source of • If INQ is sure that the message M and X’ come from the same source, he can also identify the source of the message.

  9. Proposed deniable authentication scheme Sender Receiver X’

  10. Security analysis • The proposed protocol is deniable. • R can construct a message M’ and compute D’=H(K,M’). • The proposed protocol authenticates the source of the message. • If someone proves (D,M) to R, which D=H(K,M), he must be S. • The proposed protocol resists person-in-middle attack. • The message is encrypted with KSprv and KRpub.

  11. Security analysis • An attack developed by Lowe on the Fan et al.’s protocol cannot work successfully in proposed protocol. • An intruder can intercept the messages Y and Y’ from R, but he cannot act as R to negotiate a session key with S because S confirms that session key is valid. • An INQ cannot identify the source of the message. • INQ is able to intercept the traffic between the sender and the receiver, but INQ cannot identify the source of

  12. Conclusion • This paper demonstrated the weaknesses of Fan et al.’s deniable authentication protocol and proposed an improved protocol to solve their problems. • Anyone cannot masquerades the receiver and inquisitor cannot identify the source of the message.

More Related