An Identity-Based Key Agreement Protocol for the Network Layer

A new identity-based key agreement protocol designed to operate on the network layer is presented. Endpoint addresses, namely IP and MAC addresses, are used as public keys to authenticate the communication devices involved in a key agreement, which allows us to piggyback much of the security overhead for key management to the existing network infrastructure. The proposed approach offers solutions to some of the open problems of identity-based key agreement schemes when applied to the network layer, namely multi-domain key generation, key distribution, multi-domain public parameter distribution, inter-domain key agreement and network address translation traversal.

[1]  Ueli Maurer,et al.  A Non-interactive Public-Key Distribution System , 1996, Des. Codes Cryptogr..

[2]  J. M. Pollard,et al.  Theorems on factorization and primality testing , 1974, Mathematical Proceedings of the Cambridge Philosophical Society.

[3]  Fayez Al-Shraideh,et al.  Host Identity Protocol , 2006, International Conference on Networking, International Conference on Systems and International Conference on Mobile Communications and Learning Technologies (ICNICONSMCL'06).

[4]  Clifford C. Cocks An Identity Based Encryption Scheme Based on Quadratic Residues , 2001, IMACC.

[5]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 2000, RFC.

[6]  Glen Zorn,et al.  IEEE 802.1X Remote Authentication Dial In User Service (RADIUS) Usage Guidelines , 2003, RFC.

[7]  Paulo S. L. M. Barreto,et al.  A New Two-Party Identity-Based Authenticated Key Agreement , 2005, CT-RSA.

[8]  Eric Allman,et al.  DomainKeys Identified Mail (DKIM) Signatures , 2007, RFC.

[9]  Nigel P. Smart,et al.  AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[10]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[11]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[12]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[13]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[14]  Eiji Okamoto,et al.  Key Distribution Systems Based on Identification Information , 1987, CRYPTO.

[15]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[16]  Ronald L. Rivest,et al.  Lightweight Email Signatures (Extended Abstract) , 2006, SCN.

[17]  Liqun Chen,et al.  Identity-based key agreement protocols from pairings , 2017, International Journal of Information Security.

[18]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[19]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[20]  Allan C. Rubens,et al.  Remote Authentication Dial In User Service (RADIUS) , 1997, RFC.

[21]  Alfred Menezes,et al.  Topics in Cryptology – CT-RSA 2005 , 2005 .

[22]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’89 , 1991, Lecture Notes in Computer Science.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[24]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[25]  Guido Appenzeller,et al.  Minimal-Overhead IP Security using Identity Based Encryption , 2002 .

[26]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[27]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[28]  Eiji Okamoto,et al.  Key distribution system based on identification information , 1989, IEEE J. Sel. Areas Commun..

[29]  Ben Lynn,et al.  Toward Hierarchical Identity-Based Encryption , 2002, EUROCRYPT.

[30]  Tuomas Aura,et al.  Cryptographically Generated Addresses (CGA) , 2005, ISC.

[31]  Eric Allman,et al.  DomainKeys Identified Mail (DKIM) , 2005 .

[32]  Zhang Ya-juan,et al.  An identity-based key-exchange protocol , 2008, Wuhan University Journal of Natural Sciences.

[33]  Carl Pomerance,et al.  Advances in Cryptology — CRYPTO ’87 , 2000, Lecture Notes in Computer Science.

[34]  Masao Kasahara,et al.  ID based Cryptosystems with Pairing on Elliptic Curve , 2003, IACR Cryptol. ePrint Arch..

[35]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[36]  Diana K. Smetters,et al.  Domain-Based Administration of Identity-Based Cryptosystems for Secure Email and IPSEC , 2003, USENIX Security Symposium.

[37]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.