Two-party Key Agreement Protocol Research Articles

Provably secure two-party authenticated key agreement protocol for post-quantum environments

A two-party authenticated key agreement (2PAKA) protocol is a cryptographic tool employed widely to allow two users to generate a shared and fresh session key between them in each session over an insecure network. The authenticated version of a two-party key agreement protocol is popular because it can easily withstand the impersonation of the user. In the literature, many 2PAKA protocols have been put forward with the intractability assumptions of the discrete logarithm (DLP) problem and integer factorization problem (IFP). Some recent studies showed that the 2PAKA protocols based on these assumptions are insecure in post-quantum environments. To resolve this issue, we have designed a lattice-based 2PAKA (LB-2PAKA) protocol with the intractability of the ring-learning-with-errors (RLWE) problem. The proposed LB-2PAKA protocol is also analyzed in the random oracle model to measure provable security and to estimate the breaching time. To evaluate the performance, we used the LatticeCrypto Library and estimated the running time of our LB-2PAKA protocol. Besides, we analyzed the communication cost requirement of our LB-2PAKA protocol.

Two-Party Key Agreement Protocol Without Central Authority for Mobile Ad Hoc Networks

Key agreement (KA) without the use of a central authority is an elementary cryptographic problem to ensure security in MANETs because such networks consist of movable nodes with no fixed infrastructure or no central administration. The nodes communicate via wireless channels that are more prone to security attacks. A majority of the existing KA protocols assume the existence of central authority and hence, not perfectly suitable for a MANET environment. Proposed 2P-NCKA (Two-Party Non-Central authority KA) protocol creates a secret key between two users for a MANET which does not assume the use of a central authority and a prior password. It uses pairings, a verifiable secret sharing scheme and routing protocol. The AOPMDV protocol allows transmission of multiple packets across multiple node-disjoint paths in parallel so that one packet is in each path. This article also cryptanalyzes Li's KA protocol and has proven its vulnerability towards a man-in-the-middle (MITM) attack. The 2P-NCKA protocol is secure against MITM attacks and all known attacks and addresses problems of Li's protocol with a small increase in execution time.

Two-Party Attribute-Based Key Agreement Protocol with Constant-Size Ciphertext and Key

Based on mutual authentication, the session key is established for communication nodes on the open network. In order to satisfy fine-grained access control for cloud storage, the two-party attribute-based key agreement protocol (TP-AB-KA) was proposed. However, the existing TP-AB-KA protocol is high in the cost of computation and communication and is not unfit for application in a mobile cloud setting because mobile devices are generally resource constrained. To solve the above issue, we propose a TP-AB-KA protocol with constant-size ciphertext and key. Our TP-AB-KA protocol is provable security in the standard model. The concrete proof is given under the augmented multisequence of exponents' decisional Diffie-Hellman (aMSE-DDH) hypothesis in the attribute-based BJM model (AB-BJM). Compared with the existing TP-AB-KA protocols, the computation cost and communication cost of our protocol are largely reduced.

Comments on “An improved secure and efficient password and chaos-based two-party key agreement protocol”

Recently, Liu and Xue proposed a secure two-party password-based authenticated key exchange protocol by utilizing the semi-group property of the Chebyshev chaotic maps. We exploit the vulnerability of the protocol in this paper by illustrating an off-line password guessing attack. In this attack, the password of a honest user will be recover by an attacker without being noticed by the server or the victim. To overcome such problem, we propose a simple and compatible fix.

A TAXONOMY AND COMPARISON OF TWO-PARTY KEY AGREEMENT PROTOCOLS

Key Management in symmetric cryptography is to securely share a secret key between the two communicating individuals. The popular solution to this key management issue is to use public key cryptography schemes. The key management techniques are broadly classified into Key Distribution protocols and Key Agreement protocols. This paper presents the detailed classification of Key Agreement protocols and provides some of the existing ECC based protocols in each category. Recently much work has been carried out in Identity Based Cryptography IBC, Certificateless Public Key Cryptography CLPKC and Pairing Based Cryptography PBC based techniques for key agreement. This paper also presents the comparison of two-party key agreement protocols under these areas based on the computational cost calculated in the key agreement phase.

Secure Certificateless Two-Party Key Agreement with Short Message

Two-party key agreement protocol allows two communication parties to share a common key for secure communication. Constructed from the certificateless public key cryptography (CL-PKC), a certificateless key agreement (CL-KA) protocol can not only solve the key escrow problem inherited from identity-based systems, but also avoid the troublesome issue of certificate management. Although the topic of two-party CL-KA has been extensively studied during past few years, it is unknown whether such a protocol can be achieved with only one exchanged message. In this paper, we put this idea into practice and propose a new one-round CL-KA for two-party. Specifically, each party of the proposed protocol only has to transmit one group element for sharing a session key and still maintains low computational costs. Moreover, we analyze the security of our scheme in the extended Canetti-Krawzcyk (eCK) security model. DOI: http://dx.doi.org/10.5755/j01.itc.45.1.12595

A PERFORMANCE IMPROVED CERTIFICATELESS KEY AGREEMENT SCHEME OVER ELLIPTIC CURVE BASED ALGEBRAIC GROUPS

Due to the importance of key in providing secure communication, various Key Agreement protocols have been proposed in the recent years. The latest generation of Public Key Cryptosystems (PKC) called Certificateless PKC played an important role in the transformation of Key Agreement protocols. In this scientific area, several Key Agreement protocols have been proposed based on Bilinear Pairings. However, pairing operation is known as an expensive cryptographic function. Hence, utilization of pairing operation in the mentioned works made them complex from overall computational cost perspective. In order to decrease the computational cost of Key Agreement protocols, several Certificateless Key Agreement protocols have been proposed by the use of operations over Elliptic Curve based Algebraic Groups instead of using Bilinear Pairings. In this paper, we propose a Pairing-free Certificateless two-party Key Agreement protocol. Our results indicate that our secure protocol is significantly more lightweight than existing related works.

An improved secure and efficient password and chaos-based two-party key agreement protocol

Recently, chaos has been treated as a good way to reduce computational complexity while satisfying security requirements of a key agreement protocol. Guo and Zhang (Inf Sci 180(20):4069–4074, 2010) proposed an chaotic public-key cryptosystem-based key agreement protocol. Lee (Inf Sci 290:63–71, 2015) has proved that Guo et al.’s scheme cannot resist off-line password guess attack. In this paper, we furtherly demonstrate Guo et al.’s scheme has redundancy in protocol design and still has some security flaws. Furthermore, we present an improved secure password and chaos-based two-party key agreement protocol, which can solve the security threats of replay and denial-of-service attacks. Meanwhile, we simplify the protocol steps to reduce redundancy in protocol design. From security and performance analysis, our proposed protocol can resist the security flaws in related works, and it has less communication overhead and computational complexity.

Frontier technologies of trust computing and network security

The increasing complexity of computer systems and communication networks induces tremendous requirements for trust and security. This special issue includes topics on trusted computing, risk and reputation management, network security and survivable computer systems/networks. These issues have evolved into an active and important area of research and development. The past decade has witnessed a proliferation of concurrency and computation systems for practice of highly trust, security and privacy, which has become a key subject in determining future research and development activities in many academic and industrial branches. This special issue aims to present and discuss advances of current research and development in all aspects of trusted computing and network security. In addition, this special issue provides snapshots of contemporary academia work in the field of network trusted computing. We prepared and organized this special issue to record state-of-the-art research, novel development and trends for future insight in this domain. In this special issue, 14 papers have been accepted for publication, which demonstrate novel and original work in this field. A detailed overview of the selected works is given below.

Presentation of a Two-Party Key Agreement Protocol based on Chaos

Presentation of a Two-Party Key Agreement Protocol based on Chaos

New two-party key agreement protocol in separate networks

There is much research about key agreement focus on the secure communication in the same Key Generation Center(KGC),i.e.all the parameters of different participants should be provided by one KGC.To realize the secure communication between two users in different KGCs,adopting elliptic curve cryptography algorithm,a new two-party ID-based key agreement protocol was proposed.This new scheme realized key agreement protocol in separate networks between two participants.Then the improved Blake-Wilson model was used to prove the security of the scheme.After being analyzed,the new protocol was proved to be secure,efficient and of lower computational cost.Therefore,the new scheme will be compatible with low-power and lightweight devices.

Revocable Attribute-based Key Agreement Protocol without Random Oracles

In this paper, we present a two-party attribute-based key agreement protocol, which is secure in the standard model (without random oracle s ), under the truncated decision q-ABDHE assumption. Then we give a modified version of this scheme, in which the users can be revoked efficiently. The attribute-based key agreement protocol is based on the attribute-based encryption scheme, which is a generalization of identity-based cryptosystems, incorporates attributes as inputs to its cryptographic primitives. These kinds of schemes not only preserve the advantages of traditional identity-based key agreement protocol, but also provide some new properties, such as hiding the identity information of the individual, increasing the flexibility of key management, and providing efficient means to revoke users from the system.

Cryptanalysis and improvement of an elliptic curve Diffie-Hellman key agreement protocol

In SAC'05, Strangio proposed protocol ECKE- 1 as an efficient elliptic curve Diffie-Hellman two-party key agreement protocol using public key authentication. In this letter, we show that protocol ECKE-1 is vulnerable to key-compromise impersonation attacks. We also present an improved protocol - ECKE-1N, which can withstand such attacks. The new protocol's performance is comparable to the well-known MQV protocol and maintains the same remarkable list of security properties.

Identity based group key agreement in multiple PKG environment

Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated group key agreement in multiple private key generators (PKG) environment. It is inspired on a new two-party identity-based key agreement protocol first proposed by Hoonjung Leeet al. In our scheme, although each member comes from different domain and belongs to different PKGs which do not share the common system parameters, they can agree on a shared secret group key. We show that our scheme satisfies every security requirements of the group key agreement protocols.

난수 재사용 기법을 이용한 다중 키 교환 프로토콜

이 논문에서 우리는 여러 사용자들이 동시에 세션키를 교환하는 키 교환 스킴에 대해서 연구한다. 이런 상황은 사용자들을 그래프 노드들로 표현하고 두 사용자간에 키를 만들어야 하는 상황을 에지로 표현하는 키 그래프에 의해서 묘사될 수 있다. 우리는 키 그래프에 있는 모든 에지들을 위한 세션키들을 하나의 세션에서 동시에 만드는 키 교환 스킴을 설계한다. 키 그래프를 위한 키 교환은 양자간 키 교환의 확장판이라고 할 수 있다. 우리는 양자간 키 교환 안전성 모델을 확장해서 키 그래프를 위한 키 교환 안전성 모델을 제안한다. 우리는 란수 직 산용 테크닉을 사용해서 두개의 키 그래프를 위한 키 교환 스킴을 설계하며 안전성을 증명한다. 우리가 제안하는 스킴들의 안전성은 decisional Diffie-Hellman 가정에 의존한다. 첫 번째 스킴은 일 라운드 키 교환 프로토콜이며 키 독립성을 보장한다. 두 번째 스킴은 일 라운드이며 전방위 안전성을 보장한다. 제안하는 두 가지 스킴들의 안전성은 모두 표준 모델에서 증명된다. 제안되는 프로토콜들은 최초의 다중 키 교환 프로토콜이며, 단순히 양자간 키 교환 프로토콜들을 반복 사용해서 키들을 만드는 것보다 훨씬 효율적이다. 예로서 한 사용자가 n명의 다른 사용자와 키를 만든다고 가정하자. 가장 단순한 프로토콜은 각각의 사용자들과의 키 교환을 위해서 양자간 키 교환을 사용하는 것으로서, 이 때는 계산량과 메시지 전송량이 n에 비례하게 된다. 제안되는 프로토콜들은 n개의 키를 만드는데 있어서 계산량은 n에 비례하나 전송되는 메시지의 양은 교환되는 키들의 수에 상관없이 일정하다. In the paper we study key agreement schemes when a party needs to establish a session key with each of several parties, thus having multiple session keys. This situation can be represented by a graph, tailed a key graph, where a vertex represents a party and an edge represents a relation between two parties sharing a session key. graphs to establish all session keys corresponding to all edges in a key graph simultaneously in a single session. A key agreement protocol of a key graph is a natural extension of a two-party key agreement protocol. We propose a new key exchange model for key graphs which is an extension of a two-party key exchange model. using the so-called randomness re-use technique which re-uses random values to make session keys for different sessions, we suggest two efficient key agreement protocols for key graphs based on the decisional Diffie-Hellman assumption, and prove their securities in the key exchange model of key graphs. Our first scheme requires only a single round and provides key independence. Our second scheme requires two rounds and provides forward secrecy. Both are proven secure In the standard model. The suggested protocols are the first pairwise key agreement protocols and more efficient than a simple scheme which uses a two-party key exchange for each necessary key. Suppose that a user makes a session key with n other users, respectively. The simple scheme's computational cost and the length of the transmitted messages are increased by a factor of n. The suggested protocols's computational cost also depends on n, but the length of the transmitted messages are constant.