Security in Key Agreement: Two-Party Certificateless Schemes

The main goal of cryptography is to enable secure communication over a public channel; often a secret shared among the communicating parties is used to achieve this. The process by which these parties agree on such a shared secret is called key agreement. In this thesis, we focus on two-party key agreement protocols in the public-key setting and study the various methods used to establish and validate public keys. We pay particular attention to certificateless key agreement schemes and attempt to formalize a relevant notion of security. To that end, we give a possible extension of the existing extended Canetti-Krawzcyk security model applicable to the certificateless setting. We observe that none of the certificateless protocols we have seen in the literature are secure in this model; it is an open question whether such schemes exist. We analyze several published certificateless key agreement protocols, demonstrating the existence of key compromise impersonation attacks and even a man-in-the-middle attack in one case, contrary to the claims of the authors. We also briefly describe weaknesses exhibited by these protocols in the context of our suggested security model.

[1]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[2]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[3]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[4]  Zhenfu Cao,et al.  Cryptanalysis and improvement of an elliptic curve Diffie-Hellman key agreement protocol , 2008, IEEE Communications Letters.

[5]  Zhenfu Cao,et al.  Escrow-free certificate-based authenticated key agreement protocol from pairings , 2006, Wuhan University Journal of Natural Sciences.

[6]  Liqun Chen,et al.  Identity-based key agreement protocols from pairings , 2017, International Journal of Information Security.

[7]  Chae Hoon Lim,et al.  A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp , 1997, CRYPTO.

[8]  Wang Shengbao,et al.  Efficient certificateless authenticated key agreement protocol from pairings , 2006, Wuhan University Journal of Natural Sciences.

[9]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[10]  Quan Yuan,et al.  A New Efficient ID-Based Authenticated Key Agreement Protocol , 2005, IACR Cryptol. ePrint Arch..

[11]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[12]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[13]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[16]  Shahrokh Saeednia Identity-Based and Self-Certified Key-Exchange Protocols , 1997, ACISP.

[17]  Alfred Menezes,et al.  Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard , 2008, ASIACCS '08.

[18]  Douglas R. Stinson,et al.  Cryptography: Theory and Practice , 1995 .

[19]  Li Jianhua,et al.  Two-party authenticated key agreement in certificateless public key cryptography , 2007 .

[20]  Peter Gutmann,et al.  PKI: It's Not Dead, Just Resting , 2002, Computer.

[21]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[22]  Sanggon Lee,et al.  Cryptanalysis on Improved Chou et al.'s ID-Based Deniable Authentication Protocol , 2008, 2008 International Conference on Information Science and Security (ICISS 2008).

[23]  Kenneth G. Paterson,et al.  CBE from CL-PKE: A Generic Construction and Efficient Schemes , 2005, Public Key Cryptography.

[24]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[25]  Kenneth G. Paterson,et al.  Certificateless Public Key Cryptography , 2003 .

[26]  Shahrokh Saeednia,et al.  A note on Girault's self-certified model , 2003, Inf. Process. Lett..

[27]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[28]  Shao Zu-hua,et al.  Efficient authenticated key agreement protocol using self-certified public keys from pairings , 2008, Wuhan University Journal of Natural Sciences.

[29]  Je Hong Park,et al.  Is it possible to have CBE from CL-PKE? , 2005, IACR Cryptol. ePrint Arch..

[30]  Yi Mu,et al.  Malicious KGC attacks in certificateless cryptography , 2007, ASIACCS '07.

[31]  SHAOZu-hua,et al.  Efficient Authenticated Key Agreement Protocol Using Self-Certified Public Keys from Pairings , 2005 .

[32]  Maurizio Adriano Strangio,et al.  Efficient Diffie-Hellmann two-party key agreement protocols based on elliptic curves , 2005, SAC '05.

[33]  Eun-Jun Yoon,et al.  An Efficient ID-Based Authenticated Key Agreement Protocol from Pairings , 2004, NETWORKING.

[34]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[35]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[36]  Liqun Chen,et al.  A Built-in Decisional Function and Security Proof of ID-based Key Agreement Protocols from Pairings , 2006, IACR Cryptol. ePrint Arch..

[37]  Antoine Joux,et al.  Why Textbook ElGamal and RSA Encryption Are Insecure , 2000, ASIACRYPT.

[38]  Maurizio Adriano Strangio Revisiting an Efficient Elliptic Curve Key Agreement Protocol , 2007, IACR Cryptol. ePrint Arch..

[39]  Dimitrios Hristu-Varsakelis,et al.  On the Key-Compromise Impersonation Vulnerability of One-Pass Key Establishment Protocols , 2007, SECRYPT.

[40]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[41]  이필중 Identity-based Cryptography in Public Key Management , 2004 .

[42]  Nigel P. Smart,et al.  AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[43]  Chik How Tan,et al.  Certificateless Authenticated Two-Party Key Agreement Protocols , 2006, ASIAN.

[44]  Zhenfu Cao,et al.  Security of an Efficient ID-Based Authenticated Key Agreement Protocol from Pairings , 2005, ISPA Workshops.

[45]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[46]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[47]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..

[48]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[49]  Berkant Ustaoglu Key establishment - security models, protocols and usage , 2008 .

[50]  Maurizio Adriano Strangio On the Resilience of Key Agreement Protocols to Key Compromise Impersonation , 2006, EuroPKI.

[51]  Craig Gentry,et al.  Certificate-Based Encryption and the Certificate Revocation Problem , 2003, EUROCRYPT.

[52]  Jianhua Li,et al.  Two-party authenticated key agreement in certificateless public key cryptography , 2006, Wuhan University Journal of Natural Sciences.