植基於双线性配对算的鉴别式金钥协议协定.pptVIP

Outline Introduction Bilinear pairings and some assumptions Joux’s protocol LZC protocol Weakness in the LZC protocol Shim-Woo’s modified protocol Our improved protocol Security and efficiency analysis Conclusion Introduction Key agreement (key exchange) - allow two or more parties to share a secret over an insecure channel Diffie-Hellmam protocol (1976) - man-in-the-middle attack (MITM attack) Joux’s protocol (2000) - the first one round tripartite key agreement protocol with pairing - MITM attack Boneh and Franklin (2001) - ID-based Encryption from the weil pairing Liu et al. (2003) proposed an ID-based one round authenticated tripartite key agreement protocol (LZC protocol) - to overcome the MITM attack in Joux’s protocol - it can create eight session keys per one instance - Unknown key-share attack Shim et al. (2005) proposed a modified protocol (Shim-Woo protocol) - satisfies all the required security attributes - dose not require any one-way hash functions Our improved protocol - more efficient and suitable for smart card and mobile devices - satisfies all the required security attributes Key agreement ─ How to secure communication in an insecure channel? – confidentiality, data integrity Man-in-the-middle attack Desirable security attributes Known-Key Security - learned previous session keys ? can’t deduce future session keys Forward Secrecy - lost long-term secrets ? the secrecy of previous session keys is not affected Key-Compromise Impersonation resilience Unknown Key-Share resilience - A can’t be coerced into sharing a key with others without A’s knowledge A?B, B?C≠A, ? A has a unknown key share with C Key Control - the key should be determined jointly by all communicating entities (Alice and Bob) Elliptic Curve Cryptography (ECC) E: y2 = x3 + ax + b If x3 + ax + b contains no repeated factors, or equivalently if 4a3 + 27b2 is not 0, then the elliptic curve y2 = x3 + ax + b can be used to form a algebraic group. addition: P + Q = R Mul