1 / 15

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security. Topic 2.5 Secret Handshake. Slides by Tong Zhou. Goals. Authenticate without revealing credentials Consider two groups G 1 and G 2 , two parties A  G 1 and B  G 2 . A and B wants to authenticate each other.

garnet
Download Presentation

CSC 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 774 Advanced Network Security Topic 2.5 Secret Handshake Slides by Tong Zhou Dr. Peng Ning

  2. Goals • Authenticate without revealing credentials • Consider two groups G1 and G2, two parties AG1 and B G2. A and B wants to authenticate each other. • If G1 ≠ G2: A and B only know they are not in the same group. • If G1 = G2: A and B can authenticate to each other. • A third party learns nothing by observing conversations between A and B. Dr. Peng Ning

  3. Preliminaries: Pairing-based Cryptography • Bilinear Maps: • Two cyclic groups of large prime order q: G1 and G2 • is a bilinear map if • ê should be computable, non-degenerate and satisfies Bilinear Diffie-Hellman assumption, i.e., given P, aP, bP, cP, it is hard to compute Dr. Peng Ning

  4. Protocol Sketch • Equipped with bilinear map ê and one-way hash function H1 • CA has a master key t. • Assume a drivers and cops scenario. Dr. Peng Ning

  5. xy6542678d p65748392a Protocol Sketch Please show me your pseudonym. Driver’s licence, please. Driver’s Licence: “p65748392a”,TA Traffic cop credential: “xy6542678d”,TB TB = tH1(“xy6542678d-cop”) TA = tH1(“p65748392a-driver”) Dr. Peng Ning

  6. This guy is not a cop. xy6542678d p65748392a Protocol Sketch – Attacker Igor ??? Please show me your pseudonym. I am a cop. Driver’s licence, please. Driver’s Licence: “p65748392a”,TA Obtains Bob’s pseudonym “xy6542678d” TA = tH1(“p65748392a-driver”) Dr. Peng Ning

  7. Secret-Handshake Scheme (SHS) • SHS.CreateGroup(G): executed by an administrator, generates the group secret GroupSecretG for G. • SHS.AddUser(U,G,GroupSecretG): creates user secret UserSecretU,G for new user U. • SHS.HandShake(A,B): Users A and B authenticates each other. B discovers A G if and only if Adiscovers BG. • SHS.TraceUser:Administrator tells the user from a transcript T generated during conversation between A and B. • SHS.RemoveUser: Administrator revokes user U Dr. Peng Ning

  8. Pairing-Based Handshake (PBH) • PBH.CreateGroup: Administrator sets GroupSecretG as a random number • PBH.AddUser: Administrator generates pseudonyms for users: and then generates the corresponding secret points: where H1 is a one-way hash function. Dr. Peng Ning

  9. A A A B B B Pairing-Based Handshake (PBH) • PBH.Handshake: Dr. Peng Ning

  10. Pairing-Based Handshake (PBH) • PBH.TraceUser: Since the conversations of handshaking include the pseudonyms, administrator can easily figure out the users. • PBH.RemoveUser: Administrator removes user U by broadcasting its pseudonyms to all the other users, so that other users won’t accept pseudonyms of U. Dr. Peng Ning

  11. Computational Diffie-Hellman Instead of Bilinear Diffie-Hellman • CreateGroup: Administrator picks (p,q,g). p and q are primes, g is a generator of a subgroup inof order q. Also, picks up a private key x, and computes the public key y=gx mod p • AddUser: For user U, administrator generates idU, then generates a pair so that idU, w, t will be given to the user. Dr. Peng Ning

  12. Computational Diffie-Hellman Instead of Bilinear Diffie-Hellman • AddUser: For user U, administrator generates idU, then generates a pair so that idU, w, t will be given to the user. • How to generate the pair (w,t)? Randomly pick r, compute Dr. Peng Ning

  13. Computational Diffie-Hellman Instead of Bilinear Diffie-Hellman • Handshake: Assume user A has (idA, wA, tA) and user B has (idB, wB, tB). Define several marks (ElGamal Encryption): Dr. Peng Ning

  14. A A A A B B B B randomly picks computes randomly picks computes Computational Diffie-Hellman Instead of Bilinear Diffie-Hellman • Handshake: verifies respB verifies respA Dr. Peng Ning

  15. Intuition If A and B are in the same group, each of them can decrypt the random number (ra and rb). If not, neither of them can get any information about ra or rb. Dr. Peng Ning

More Related