Key Escrow Protocol Based on a Tripartite Authenticated Key Agreement and Threshold Cryptography

While instant messaging systems bring convenience to people’s lives and work, they also make it easier for malicious users to discuss and plot illegal activities. Therefore, determining how to balance the privacy protection requirements of user communication in the network with the authorized monitoring requirements of law enforcement agencies (LEAs) is a meaningful task. To solve this problem, a new tripartite authenticated key agreement (Tri-AKA) protocol and a session key escrow scheme based on threshold cryptography and the new Tri-AKA protocol were proposed. In the proposed scheme, the LEA participates as a normal user in the key agreement process of two users and uses (t, n) threshold cryptography to share its ephemeral private key with n key escrow agents (KEAs). When necessary, the LEA can combine t KEAs to recover the specified session key and decrypt the communications, thereby preventing malicious administrators in the LEA from arbitrarily monitoring user communications. Finally, we proved the security of the proposed Tri-AKA protocol under the Computational Diffie-Hellman (CDH) assumption with the Random Oracle Model and the security of the proposed key escrow scheme under the Elliptic Curve Discrete Logarithm (ECDL) assumption. Analysis of our session key escrow scheme and comparison with other schemes show that our scheme can avoid the “once monitor, monitor forever” scenario and achieve fine-grained control in each session. Moreover, our scheme has low storage overhead for each KEA.

[1]  Wang Sheng Provably Secure Identity-Based Authenticated Key Agreement Protocols in the Standard Model , 2007 .

[2]  M. Smid,et al.  Key escrowing today , 1994, IEEE Communications Magazine.

[3]  Urszula Ogiela,et al.  Linguistic techniques for cryptographic data sharing algorithms , 2018, Concurr. Comput. Pract. Exp..

[4]  Qiang Fan,et al.  A Key Escrow Scheme of the Escrow Agent with the Denial Right , 2013 .

[5]  Christian Fernando Libaque Saenz,et al.  An expectation-confirmation model of continuance intention to use mobile instant messaging , 2016, Telematics Informatics.

[6]  Nan Zhang,et al.  RIKE+ : using revocable identities to support key escrow in public key infrastructures with flexibility , 2015, IET Inf. Secur..

[7]  Abdullah Azfar Implementation and Performance of Threshold Cryptography for Multiple Escrow Agents in VoIP , 2011, SPIT/IPC.

[8]  Yining Liu,et al.  A novel multiple-level secret image sharing scheme , 2018, Multimedia Tools and Applications.

[9]  Zhen Wang,et al.  Enhanced Instant Message Security and Privacy Protection Scheme for Mobile Social Network Systems , 2018, IEEE Access.

[10]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[11]  Zhong Chen,et al.  Provably secure and efficient certificateless authenticated tripartite key agreement protocol , 2012, Math. Comput. Model..

[12]  Zhixin Sun,et al.  Achieving secure data access control and efficient key updating in mobile multimedia sensor networks , 2018, Multimedia Tools and Applications.

[13]  Jérôme Darmont,et al.  Secret sharing for cloud data security: a survey , 2017, The VLDB Journal.

[14]  Dariush Abbasinezhad-Mood,et al.  A Secure and Efficient Key Establishment Scheme for Communications of Smart Meters and Service Providers in Smart Grid , 2020, IEEE Transactions on Industrial Informatics.

[15]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[16]  Dariush Abbasinezhad-Mood,et al.  An Anonymous ECC-Based Self-Certified Key Distribution Scheme for the Smart Grid , 2018, IEEE Transactions on Industrial Electronics.

[17]  Mohammad Reza Aref,et al.  An attribute‐based tripartite key agreement protocol , 2015, Int. J. Commun. Syst..

[18]  Gao Zhi Efficient Identity-Based Authenticated Key Agreement Protocol in the Standard Model , 2011 .

[19]  Yi Mu,et al.  Secure Fine-Grained Access Control and Data Sharing for Dynamic Groups in the Cloud , 2018, IEEE Transactions on Information Forensics and Security.

[20]  Shivendra Shivani Multi secret sharing with unexpanded meaningful shares , 2017, Multimedia Tools and Applications.

[21]  G. P. Biswas,et al.  On Securing Bi- and Tri-partite Session Key Agreement Protocol Using IBE Framework , 2017, Wirel. Pers. Commun..

[22]  Sead Muftic,et al.  Business Information Exchange System with Security, Privacy, and Anonymity , 2016, J. Electr. Comput. Eng..

[23]  Zuowen Tan An efficient identity-based tripartite authenticated key agreement protocol , 2012, Electron. Commer. Res..

[24]  Chen Min Escrowable Identity-Based Authenticated Key Agreement in the Standard Model , 2015 .

[25]  Bin Yu,et al.  Improved Visual Secret Sharing Scheme for QR Code Applications , 2018, IEEE Transactions on Information Forensics and Security.

[26]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[27]  Ali Miri,et al.  A New Gradual Secret Sharing Scheme with Diverse Access Structure , 2018, Wirel. Pers. Commun..

[28]  G. R. BLAKLEY Safeguarding cryptographic keys , 1979, 1979 International Workshop on Managing Requirements Knowledge (MARK).

[29]  Kazuki Yoneyama,et al.  Exposure-Resilient One-Round Tripartite Key Exchange without Random Oracles , 2013, ACNS.

[30]  Mehrdad Nojoumian,et al.  Ideal social secret sharing using Birkhoff interpolation method , 2016, Secur. Commun. Networks.

[31]  Liu Dan,et al.  A key escrow scheme to IOT based on Shamir , 2013, 2013 International Conference on Communications, Circuits and Systems (ICCCAS).

[32]  Mark Manulis,et al.  Modeling Leakage of Ephemeral Secrets in Tripartite/Group Key Exchange , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[33]  Emin Anarim,et al.  A CRT-based verifiable secret sharing scheme secure against unbounded adversaries , 2016, Secur. Commun. Networks.

[34]  Hung-Yu Chien Using the Modified Diffie–Hellman Problem to Enhance Client Computational Performance in a Three-Party Authenticated Key Agreement , 2018 .

[35]  Yue Zhang,et al.  Key Escrow Scheme with the Cooperation Mechanism of Multiple Escrow Agents , 2012 .

[36]  Zhong Chen,et al.  New identity-based three-party authenticated key agreement protocol with provable security , 2013, J. Netw. Comput. Appl..

[37]  Zhenfu Cao,et al.  A dynamic threshold commercial key escrow scheme based on conic , 2005, Appl. Math. Comput..

[38]  Zhiwei Wang,et al.  A privacy-preserving and accountable authentication protocol for IoT end-devices with weaker identity , 2017, Future Gener. Comput. Syst..

[39]  Jianhua Li,et al.  Escrowable identity-based authenticated key agreement protocol with strong security , 2013, Comput. Math. Appl..

[40]  Adi Shamir,et al.  How to share a secret , 1979, CACM.