Diffie-Hellman Key Agreement Protocol Research Articles

A Simple Encryption Keys Creation Scheme in Wireless Ad Hoc Networks

A mobile ad hoc network (MANET) is a collection of mobile nodes that temporarily integrate with each other to form a network. Such a network does not require the existence of a typical network infrastructure. There is no central entity with the authority to administer the services and configurations of the network. How to secure a MANET is an active field of study for researchers. However, most of the research on the topic of securing the MANETs has focused on adapting security mechanisms that were meant for traditional wired networks. This adaptation has resulted in security solutions that do not work efficiently or that make assumptions that are not in line with the properties and characterizations of MANETs. In this paper, we propose the use of security mechanisms for MANETs that are designed based on the characteristics, functionalities, and goals of such networks. We aim to initiate a paradigm shift in securing MANETs, in which the focus should be on building security solutions specifically developed for MANETs, and not on adapting solutions that were meant for conventional wired networks. We revisit the basics and propose a simple encryption keys creation scheme that is based on the Diffie-Hellman key agreement protocol. The work presented in this paper should mark the initiation of a research agenda designed to build security primitives that are specifically for MANETs, along the lines of the new paradigm.

Energy-aware Key Management in Mobile Wireless Sensor Networks

Wireless sensor networks have received wide attention recently across the indoor and outdoor applications. On the other hand, more and more application scenarios require sensor nodes to be mobile, which imposes new technological challenges for security. Key management is the core for secure data communications among the resource-constrained sensor nodes. In this paper, based on the Group Diffie-Hellman key agreement protocols and the energy level of each node in the network, we propose Energy Aware Group Diffie-Hellman key management protocol for mobile wireless sensor networks. The simulation results show that the proposed key management protocol provide significant improvement in maximizing the lifetime of networks.

A simple and rapid authentication protocol in mobile networks

ABSTRACTRecently, mobile networks are more and more popular in providing the most pursuing pervasive networking services. Many technologies are deployed in mobile networks, such as Universal Mobile Telecommunication System (UMTS). In these communication systems, user secrecy and privacy are important issues and should be managed seriously. To avoid security threats, many studies on authentication in the mobile networks are proposed. In 2008, Juang and Wu introduced an authentication scheme with user privacy protection in UMTS networks. It resisted and avoided many security attacks and threats, but there are still some problems, such as the incomplete defense against the impersonation attack and data with International Mobile Subscriber Identity exchanged outside home networks. In this paper, we proposed a simple and rapid authentication scheme in mobile networks. The proposal applies the Elliptic Curve Diffie–Hellman key agreement protocol to exchange the session key safely and Elliptic Curve Digital Signature Algorithm to improve the mobile security. It also deploys the temporary key mechanism to speed up the authentication while user is roaming in the mobile networks. The analysis shows that our mechanism not only improves Juang and Wu's proposal but also is a more secure and simple authentication protocol. Copyright © 2011 John Wiley & Sons, Ltd.

Key Agreement for Large-Scale Dynamic Peer Group

Many applications in distributed computing systems, such as IP telephony, teleconferencing, collaborative workspaces, interactive chats and multi-user games, involve dynamic peer groups. In order to secure communications in dynamic peer groups, group key agreement protocols are needed. In this paper, we come up with a new group key agreement protocol, composed of a basic protocol and a dynamic protocol, for large-scale dynamic peer groups. Our protocols are natural extensions of one round tripartite Diffie-Hellman key agreement protocol. In view of it, our protocols are believed to be more efficient than those group key agreement protocols built on two-party Diffie- Hellman key agreement protocol. In addition, our protocols have the properties of group key secrecy, forward and backward secrecy, and key independence.

An efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map

This paper proposes a new efficient and secure Diffie–Hellman key agreement protocol based on Chebyshev chaotic map. The proposed key agreement protocol uses the semi-group property of Chebyshev polynomials to agree Diffie–Hellman based session key. The proposed protocol provides strong security compared with the previous related protocols. In addition, the proposed protocol does not require any timestamp information and greatly reduces computational costs between communication parties. As a result, the proposed protocol is more practical and provides computational/communicational efficiency compare with several previously proposed key agreement protocols based on Chebyshev chaotic map.

On reusing ephemeral keys in Diffie-Hellman key agreement protocols

A party may choose to reuse ephemeral public keys in a Diffie-Hellman key agreement protocol in order to reduce its computational workload or to mitigate against denial-of-service attacks. In this note, we show that small-subgroup attacks can be successfully launched on some Diffie-Hellman protocols that reuse ephemeral keys if domain parameters are not appropriately selected or if public keys are not appropriately validated.

PSKA: Usable and Secure Key Agreement Scheme for Body Area Networks

A body area network (BAN) is a wireless network of health monitoring sensors designed to deliver personalized healthcare. Securing intersensor communications within BANs is essential for preserving not only the privacy of health data, but also for ensuring safety of healthcare delivery. This paper presents physiological-signal-based key agreement (PSKA), a scheme for enabling secure intersensor communication within a BAN in a usable (plug-n-play, transparent) manner. PSKA allows neighboring nodes in a BAN to agree to a symmetric (shared) cryptographic key, in an authenticated manner, using physiological signals obtained from the subject. No initialization or predeployment is required; simply deploying sensors in a BAN is enough to make them communicate securely. Our analysis, prototyping, and comparison with the frequently used Diffie-Hellman key agreement protocol shows that PSKA is a viable intersensor key agreement protocol for BANs.

A constant rounds group key agreement protocol without using hash functions

AbstractIt is important to encrypt and authenticate messages sent over networks to achieve security. Network users must therefore agree upon encryption keys and authentication keys. The authenticated Diffie–Hellman key agreement protocol is used to provide authentication in communication systems. In this paper we present a group key agreement protocol without using one‐way hash functions that are based on the DDH problem. The protocol achieves efficiency in both communication and computation aspects. We analyzed the security in the security model formalized by Bresson et al. Copyright © 2009 John Wiley & Sons, Ltd.

Efficient and provably secure password-based group key agreement protocol

This paper considers the issue on authenticated group key agreement protocol among n users broadcasting communication over an insecure public network. Many authenticated group Diffie-Hellman key agreement protocols have been proposed to meet the challenges. However, existing protocols are either limited by the use of public key infrastructure or by their scalability, requiring O(n) rounds. To overcome these disadvantages, we propose an efficient password-based group key agreement protocol resistant to the dictionary attacks by adding password-authentication services to a non-authenticated multi-party key agreement protocol proposed by Horng. The proposed protocol is very efficient since it only requires constant rounds to agree upon a session key, and each user broadcasts a constant number of messages and only requires four exponentiations. Under the Decisional Diffie-Hellman assumption, we will show the proposed protocol is provably secure in both the ideal-cipher model and the random-oracle model.

Authenticated Diffie-Hellman key agreement protocol with forward secrecy

Forward secrecy is an important security property in key agreement protocol. Based on Harn’s protocol, in this paper a new authenticated Diffie-Hellman key agreement protocol with half forward secrecy is proposed. This protocol is also based on a single cryptographic assumption, and is user authentication and shared key authentication. More importantly, our protocol provides forward secrecy with respect to one of the parties. For this reason, besides the advantages of Harn’s protocol, in practice, our protocol can reduce the damages resulted from the disclosure of the user’s secret key and it is very beneficial to today’s communication with portable devices.

Cryptanalysis and improvement of an elliptic curve Diffie-Hellman key agreement protocol

In SAC'05, Strangio proposed protocol ECKE- 1 as an efficient elliptic curve Diffie-Hellman two-party key agreement protocol using public key authentication. In this letter, we show that protocol ECKE-1 is vulnerable to key-compromise impersonation attacks. We also present an improved protocol - ECKE-1N, which can withstand such attacks. The new protocol's performance is comparable to the well-known MQV protocol and maintains the same remarkable list of security properties.

Fast generators for the Diffie–Hellman key agreement protocol and malicious standards

The Diffie–Hellman key agreement protocol is based on taking large powers of a generator of a prime-order cyclic group. Some generators allow faster exponentiation. We show that to a large extent, using the fast generators is as secure as using a randomly chosen generator. On the other hand, we show that if there is some case in which fast generators are less secure, then this could be used by a malicious authority to generate a standard for the Diffie–Hellman key agreement protocol which has a hidden trapdoor.

Key Agreement in Peer-to-Peer Wireless Networks

We present a set of simple techniques for key establishment over a radio link in peer-to-peer networks. Our approach is based on the Diffie-Hellmankey agreement protocol, which is known to be vulnerable to the "man-in-the-middle" attack if the two users involved in the protocol do not share any authenticated information about each other (e.g., public keys, certificates, passwords,shared keys, etc.) prior to the protocol execution. In this paper, we solve the problem by leveraging on the natural ability of users to authenticate each other by visual and verbal contact. We propose three techniques. The first is based on visual comparison of short strings, the second on distance bounding, and the third on integrity codes; in each case, the users do not need to enter any password or other data, nor do they need physical or infrared connectivity between their devices. We base our analysis on a well-established methodology that leads us to a rigorous modularization and a thorough robustness proof of our proposal.

A password authentication scheme over insecure networks

Authentication ensures that system's resources are not obtained fraudulently by illegal users. Password authentication is one of the simplest and the most convenient authentication mechanisms over insecure networks. The problem of password authentication in an insecure networks is present in many application areas. Since computing resources have grown tremendously, password authentication is more frequently required in areas such as computer networks, wireless networks, remote login, operation systems, and database management systems. Many schemes based on cryptography have been proposed to solve the problem. However, previous schemes are vulnerable to various attacks and are neither efficient, nor user friendly. Users cannot choose and change their passwords at will. In this paper, we propose a new password authentication scheme to achieve the all proposed requirements. Furthermore, our scheme can support the Diffie–Hellman key agreement protocol over insecure networks. Users and the system can use the agreed session key to encrypt/decrypt their communicated messages using the symmetric cryptosystem.

An improved authenticated key agreement protocol

In 1999, Seo and Sweeney proposed a simple authenticated key agreement protocol that was designed to act as a Diffie-Hellman key agreement protocol with user authentication. Various attacks on this protocol are described and enhanced in the literature. Recently, Ku and Wang proposed an improved authenticated key agreement protocol, where they asserted the protocol could withstand the existing attacks. This paper shows that Ku and Wang’s protocol is still vulnerable to the modification attack and presents an improved authenticated key agreement protocol to enhance the security of Ku and Wang’s protocol. The protocol has more efficient performance by replacing exponentiation operations with message authentication code operations.

A nonlinear elliptic curve cryptosystem based on matrices

We propose a new mathematical problem that is applicable to public key cryptography. Based on the Discrete Logarithm Problem (DLP), it uses certain elements formed by two matrices with elements in a finite field and a matrix whose elements are points of an elliptic curve. With this system, we get a larger key space without increasing the underlying elliptic curve and, consequently, without the computational requirements inherent to the set up of elliptic curves at random. Also, we expose the Diffie–Hellman key agreement protocol with this system acting as the underlying mathematical problem.

Authenticated Diffie–Hellman key agreement protocol using a single cryptographic assumption

In modern communication systems, a popular way of providing authentication in an authenticated Diffie–Hellman key agreement protocol is to sign the result of a one-way hash function (such as MD5) of a Diffie–Hellman public key. The security of such a protocol is based on the weakest of all the cryptographic assumptions of the algorithms involved: Diffie–Hellman key distribution, digital signature and a one-way hash function. If a protocol can be constructed using one cryptographic assumption, it would be at least as secure as that with multiple assumptions. The authors propose three authenticated Diffie–Hellman key-agreement protocols, each of which is based on one cryptographic assumption. In particular, the first protocol is based on a discrete logarithm, the second on an elliptic curve and the third on RSA factoring. The main objective of the paper is to show that the security of a protocol should be assessed at the protocol level as a whole, rather than at the level of individual algorithms that are used to build the protocol.

Key agreement in ad hoc networks

We encounter new types of security problems in ad hoc networks because such networks have little or no support infrastructure. In this paper we consider one such problem: a group of people in a meeting room do not have access to public key infrastructure or third party key management service, and they do not share any other prior electronic context. How can they set up a secure session among their computers? We examine various alternatives and propose new protocols for password-based multi-party key agreement in this scenario. Our protocols may be applicable in other scenarios, too. We also present a fault-tolerant version of a multi-party Diffie–Hellman key agreement protocol which can be of independent interest.

Simple authenticated key agreement algorithm

A password-based method is described which modifies the Diffie-Hellman key agreement protocol to provide user authentication. It is simpler than previously published schemes, prevents the man-in-the-middle attack and requires only two packets to agree on the secret session key. An optional exchange of two more packets allows the key agreement to be verified.