Upload
garan
View
39
Download
0
Embed Size (px)
DESCRIPTION
Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network. Authors: Z. B. Xu and Z. W. Li Source: The 2nd IEEE International Conference on Information Management and Engineering (ICIME), pp. 272-276, 2010 Speaker: Shu-Fen Chiou ( 邱淑芬 ). 1. Alice. - PowerPoint PPT Presentation
Citation preview
11
Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network
Authors: Z. B. Xu and Z. W. LiSource: The 2nd IEEE International Conference on Information Management and Engineering (ICIME), pp. 272-276, 2010Speaker: Shu-Fen Chiou (邱淑芬 )
2
Introduction
Alice Bob
Key Generation Center(KDC)
Certificate CACertificate CB
Mutual authentication with certificates
•Certificateless Public Key Cryptography
3
Alice
Key Generation CenterMaster-key: s
KGC public key: P0=sP
Partial private keyDA = sQA
Where QA=H1(IDA)
Private keySA = <DA,xA>
Public keyPA = xAP
CL-PKC (Certificateless Public Key Cryptography)
3
Bob
Partial private keyDB = sQB
Where QB=H1(IDB)
Private keySB = <DB,xB>
Public keyPB = xBP
Based on ECC
4
Hybrid P2P network
In the same domain In different domain
5
Requirements Certificateless Implicit key authentication Perfect forward secrecy Known-key secrecy Key-compromise impersonation Unknown key-share resilience Known session-specific temporary
information security No key control
5
6
Proposed scheme
In the same domain
6
77
K1=KA1=e(QB, P0)a
=e(QB, P)sa
=e(sQB, aP) =e(DB, TA)=KB1
P0=sPDA = sQA
DB = sQB
K2=KA2=e(DA, TB) =e(sQA, bP) =e(QA, P)sb
=e(QA, P0)b=KB2
K3=KA3=xA-2MB
=xA-2xB
-1PA
=xA-1xB
-1P =(xA
-1 .xBP).xB-1xB
-1
=xB-2MA=KB3
K4=KA4=aTB=abP=bTA=KB4
K5=KA5=aPB=axBP=xBTA=KB5
K6=KA6=xATB=xAbP=bPA=KB6
b
8
Proposed scheme Across the domain
Alice
P1=s1PDA = s1QA
QA=H1(IDA)SA = <DA,xA>PA = xAPTA=aPMA=xA
-1PB
P2=s2PDB = s2QB
QB=H1(IDB)SB = <DB,xB>PB = xBPTB=bPMB=xb
-1PA
KA1=e(QB, P2)a=e(QB, P)s2a
KA2=e(DA, TB)=e(s1QA, bP)=e(QA, P)s1b
TA, MA
TB, MB
KB1=e(DB, TA) =e(s2QB, aP)=e(QB, P)s2aKB2=e(QA, P1)b=e(QA, P)s1b
K1’=KA1=KB1=e(QB, P)s2a
K2’=KA2=KB2=e(QA, P)s1b
SK=KAB=KBA
=H2(K1’||K2’||K3||K4|| K5||K6||TA||TB)
9
Analysis Implicit key authentication
Eve personate Bob: Eve computes TE=eP and ME=XE
-1PA, Eve cannot compute KA5 or KB5. (DLP problem)
Perfect forward secrecy Eve knows SA, SB, and s. But he needs to solve abP.
(CDH problem) Known-key secrecy
Each run, a, b are random and secret. Even if session has been compromised, Eve cannot compute the past or future session keys.
9
KA5=aPB=axBP=xBTA=KB5
10
Analysis Key-compromise impersonation
Eve replace the Bob’s public key PB=xeP, Eve cannot compute KA1 or KB1.
Eve knows s, but he cannot generate KA5 or KB5. Unknown key-share resilience
Including the identity information, the Eve cannot ask Alice to share a session key to him, while Alice thinks that Eve is Bob.
Known session-specific temporary information security
Eve get the ephemeral keys of Alice and Bob. He cannot compute the partial session key K3.
No key control Since a result of using a randomly selected
ephemeral key in generating the common session key, neither peer can decide the final key.
KA3=xA-2MB
=xA-2xB
-1PA
=xA-1xB
-1P =(xA
-1 .xBP).xB-1xB
-1
=xB-2MA=KB3
11
Comment
Reduce the keys (K1-K6) with session key.
SK=KAB=KBA
=H2(K1||K2||K3||K4||K5||K6||TA||TB)
SK=KAB=KBA
=H2(K1||K2||TA||TB)
12
Discrete Logarith problem (DLP)Given <g,q>, find an element a, such that ga = q
EC Discrete Logarithm problemGiven <P,Q>, find an element a, such that aP = Q
EC Computational Diffie-Hellman (CDH) problemGiven <P,aP,bP>, compute abP
Bilinear Diffie-Hellman (BDH) problemGiven <P,aP,bP,cP>, compute ê(P,P)abc
DLP > CDHP > BDHPexample: ê(abP,cP) = ê(P,cP)ab = ê(P,P)abc
Computational Problems