60 likes | 221 Views
Secure E-mail Protocols Providing Perfect Forward Secrecy. Authors: Hung-Ming Sun, Bin-Tsan Hsieh and Hsin-Jia Hwang Src: IEEE Comm. Letter, Vol9, No1, pp 58-60, 2005 E-mail with Secure Communication. B (sender). S (Mail Server). A (Receiver). Sending Phase. ID A ,Encp PKA (k),E k [M].
E N D
Secure E-mail Protocols Providing Perfect Forward Secrecy • Authors: • Hung-Ming Sun, Bin-Tsan Hsieh and Hsin-Jia Hwang • Src: • IEEE Comm. Letter, Vol9, No1, pp 58-60, 2005 • E-mail with Secure Communication B(sender) S(Mail Server) A(Receiver) SendingPhase IDA,EncpPKA(k),Ek[M] IDA,Password EncpPKA(k),EK[M] ReceivingPhase K=DecSKA(EncpPKA(k))M=Dk(EK[M])
Secure Protocol E-mail System Using Smart Card B(Sender) S(Mail Server) A(Receiver) random x(Smart Card) Pre_computation gx mod p,Signa(gx mod p) random y IDA,gy mod p,Sigb(gy mod p) SendingPhase gx mod p,Signa(gx mod p) k=(gx)y mod p h(k||gx mod p),Ek[M] New Mail Request ReceivingPhase gy mod p,h(k||gx mod p)Ek[M],Sigb(gy mod p)
Secure Protocol E-mail System Without Using Smart Card B(Sender) S(Mail Server) A(Receiver) r=gx mod p; s=b+h(IDA,r) mod p-1Signb(IDA)=(r,s)W=gw mod pV=r(PKA)w mod pEncPKA(r)=(W,V) Pre_computation IDA,EncPKA(r), Cert random y SendingPhase gy mod p,Signms(gy mod p) k=(gy)x mod p h(k||gy mod p),Ek[M] New Mail Request Encpwd[y] h(k||gy mod p),Ek[M] EncPKA(r),Cert,EncPKA(y) ReceivingPhase
Apdx:Flaw in an E-Mail Protocol of Sun, Hsieh, and Hwang • Authors: Alexander W. Dent • Src: IEEE Comm. Letters, Vol9, No8, pp 718-719, 2005 • Certificate of Encrypted Message Being a Signature (CEMBS) • Not Schnorr Signature • s=x+bh(IDA||r) mod p-1 • Signature (h(IDA||r),s) not (r,s) • CEMBS for DSA-like signature scheme • Main problem • A need all information to compute key K • K can be computed from r and y • S encrypt y under a password • S can derive the key K • Without PKA, S cannot have r or x
Apdx: Schnorr Signature Scheme Initial:p, q are primes; q|(p-1)gq≡1(mod p) PV=x; PK=y=gx mod p Alice Bob random k r=gk mod p e=H(r,M) s=(k-xe) mod q r’=gsye mod p e’=H(r’, M) e’ ?= e M,(e,s)
Bob金鑰產生 y:Bob之公鑰x:Bob之祕鑰 p:大質數g:與p互質的原根 y=gx mod p Alice加密(以Bob之公鑰加密) 選一亂數r 計算 b=gr mod p ; c=M·yr mod p 送出(b,c)予Bob Bob解密 M=c·(bx)-1 mod p Apdx: ElGamal Cryptosystem Alice random rb=gr mod pc=Myr mod p Bob (b,c) M=c(bx)-1 mod p