1 / 12

Authors: Z. B. Xu and Z. W. Li

Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network. Authors: Z. B. Xu and Z. W. Li Source: The 2nd IEEE International Conference on Information Management and Engineering (ICIME), pp. 272-276, 2010 Speaker: Shu-Fen Chiou ( 邱淑芬 ). 1. Alice.

garan
Download Presentation

Authors: Z. B. Xu and Z. W. Li

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd IEEE International Conference on Information Management and Engineering (ICIME), pp. 272-276, 2010 Speaker: Shu-Fen Chiou (邱淑芬) 1

  2. Alice Bob Introduction Key Generation Center (KDC) Certificate CB Certificate CA Mutual authentication with certificates • Certificateless Public Key Cryptography

  3. CL-PKC (Certificateless Public Key Cryptography) Based on ECC Key Generation Center Master-key: s KGC public key: P0=sP Partial private key DA = sQA Where QA=H1(IDA) Partial private key DB = sQB Where QB=H1(IDB) Alice Bob Private key SA = <DA,xA> Private key SB = <DB,xB> Public key PA = xAP Public key PB = xBP 3

  4. Hybrid P2P network In different domain In the same domain

  5. Requirements • Certificateless • Implicit key authentication • Perfect forward secrecy • Known-key secrecy • Key-compromise impersonation • Unknown key-share resilience • Known session-specific temporary information security • No key control 5

  6. Proposed scheme • In the same domain 6

  7. b P0=sP DA = sQA DB = sQB K1=KA1=e(QB, P0)a =e(QB, P)sa =e(sQB, aP) =e(DB, TA)=KB1 K2=KA2=e(DA, TB) =e(sQA, bP) =e(QA, P)sb =e(QA, P0)b=KB2 K3=KA3=xA-2MB =xA-2xB-1PA =xA-1xB-1P =(xA-1 .xBP).xB-1xB-1 =xB-2MA=KB3 K4=KA4=aTB=abP=bTA=KB4 K5=KA5=aPB=axBP=xBTA=KB5 7 K6=KA6=xATB=xAbP=bPA=KB6

  8. Proposed scheme P2=s2P DB = s2QB QB=H1(IDB) SB = <DB,xB> PB = xBP TB=bP MB=xb-1PA • Across the domain KB1=e(DB, TA) =e(s2QB, aP)=e(QB, P)s2a KB2=e(QA, P1)b=e(QA, P)s1b TA, MA TB, MB K1’=KA1=KB1=e(QB, P)s2a K2’=KA2=KB2=e(QA, P)s1b SK=KAB=KBA =H2(K1’||K2’||K3||K4|| K5||K6||TA||TB) P1=s1P DA = s1QA QA=H1(IDA) SA = <DA,xA> PA = xAP TA=aP MA=xA-1PB Alice KA1=e(QB, P2)a=e(QB, P)s2a KA2=e(DA, TB)=e(s1QA, bP)=e(QA, P)s1b

  9. Analysis KA5=aPB=axBP=xBTA=KB5 • Implicit key authentication • Eve personate Bob: Eve computes TE=eP and ME=XE-1PA, Eve cannot compute KA5 or KB5. (DLP problem) • Perfect forward secrecy • Eve knows SA, SB, and s. But he needs to solve abP. (CDH problem) • Known-key secrecy • Each run, a, b are random and secret. Even if session has been compromised, Eve cannot compute the past or future session keys. 9

  10. Analysis KA3=xA-2MB =xA-2xB-1PA =xA-1xB-1P =(xA-1 .xBP).xB-1xB-1 =xB-2MA=KB3 • Key-compromise impersonation • Eve replace the Bob’s public key PB=xeP, Eve cannot compute KA1 or KB1. • Eveknows s, but he cannotgenerate KA5 or KB5. • Unknown key-share resilience • Including the identity information, the Eve cannot ask Alice to share a session key to him, while Alice thinks that Eve is Bob. • Known session-specific temporary information security • Eve get the ephemeral keys of Alice and Bob. He cannot compute the partial session key K3. • No key control • Since a result of using a randomly selected ephemeral key in generating the common session key, neither peer can decide the final key.

  11. Comment • Reduce the keys (K1-K6) with session key. SK=KAB=KBA =H2(K1||K2||K3||K4||K5||K6||TA||TB) SK=KAB=KBA =H2(K1||K2||TA||TB)

  12. Computational Problems • Discrete Logarith problem (DLP)Given <g,q>, find an element a, such that ga = q • EC Discrete Logarithm problemGiven <P,Q>, find an element a, such that aP = Q • EC Computational Diffie-Hellman (CDH) problemGiven <P,aP,bP>, compute abP • Bilinear Diffie-Hellman (BDH) problemGiven <P,aP,bP,cP>, compute ê(P,P)abc • DLP > CDHP > BDHPexample: ê(abP,cP) = ê(P,cP)ab = ê(P,P)abc

More Related