1 / 6

Secure E-mail Protocols Providing Perfect Forward Secrecy

Secure E-mail Protocols Providing Perfect Forward Secrecy. Authors: Hung-Ming Sun, Bin-Tsan Hsieh and Hsin-Jia Hwang Src: IEEE Comm. Letter, Vol9, No1, pp 58-60, 2005 E-mail with Secure Communication. B (sender). S (Mail Server). A (Receiver). Sending Phase. ID A ,Encp PKA (k),E k [M].

atira
Download Presentation

Secure E-mail Protocols Providing Perfect Forward Secrecy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure E-mail Protocols Providing Perfect Forward Secrecy • Authors: • Hung-Ming Sun, Bin-Tsan Hsieh and Hsin-Jia Hwang • Src: • IEEE Comm. Letter, Vol9, No1, pp 58-60, 2005 • E-mail with Secure Communication B(sender) S(Mail Server) A(Receiver) SendingPhase IDA,EncpPKA(k),Ek[M] IDA,Password EncpPKA(k),EK[M] ReceivingPhase K=DecSKA(EncpPKA(k))M=Dk(EK[M])

  2. Secure Protocol E-mail System Using Smart Card B(Sender) S(Mail Server) A(Receiver) random x(Smart Card) Pre_computation gx mod p,Signa(gx mod p) random y IDA,gy mod p,Sigb(gy mod p) SendingPhase gx mod p,Signa(gx mod p) k=(gx)y mod p h(k||gx mod p),Ek[M] New Mail Request ReceivingPhase gy mod p,h(k||gx mod p)Ek[M],Sigb(gy mod p)

  3. Secure Protocol E-mail System Without Using Smart Card B(Sender) S(Mail Server) A(Receiver) r=gx mod p; s=b+h(IDA,r) mod p-1Signb(IDA)=(r,s)W=gw mod pV=r(PKA)w mod pEncPKA(r)=(W,V) Pre_computation IDA,EncPKA(r), Cert random y SendingPhase gy mod p,Signms(gy mod p) k=(gy)x mod p h(k||gy mod p),Ek[M] New Mail Request Encpwd[y] h(k||gy mod p),Ek[M] EncPKA(r),Cert,EncPKA(y) ReceivingPhase

  4. Apdx:Flaw in an E-Mail Protocol of Sun, Hsieh, and Hwang • Authors: Alexander W. Dent • Src: IEEE Comm. Letters, Vol9, No8, pp 718-719, 2005 • Certificate of Encrypted Message Being a Signature (CEMBS) • Not Schnorr Signature • s=x+bh(IDA||r) mod p-1 • Signature (h(IDA||r),s) not (r,s) • CEMBS for DSA-like signature scheme • Main problem • A need all information to compute key K • K can be computed from r and y • S encrypt y under a password • S can derive the key K • Without PKA, S cannot have r or x

  5. Apdx: Schnorr Signature Scheme Initial:p, q are primes; q|(p-1)gq≡1(mod p) PV=x; PK=y=gx mod p Alice Bob random k r=gk mod p e=H(r,M) s=(k-xe) mod q r’=gsye mod p e’=H(r’, M) e’ ?= e M,(e,s)

  6. Bob金鑰產生 y:Bob之公鑰x:Bob之祕鑰 p:大質數g:與p互質的原根 y=gx mod p Alice加密(以Bob之公鑰加密) 選一亂數r 計算 b=gr mod p ; c=M·yr mod p 送出(b,c)予Bob Bob解密 M=c·(bx)-1 mod p Apdx: ElGamal Cryptosystem Alice random rb=gr mod pc=Myr mod p Bob (b,c) M=c(bx)-1 mod p

More Related