On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings

This paper studies the relationships between the traditional Diffie-Hellman key agreement protocol and the identity-based (ID-based) key agreement protocol from pairings. For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that identical to the Diffie-Hellman protocol, the SOK key agreement protocol also has three variants, namely \emph{ephemeral}, \emph{semi-static} and \emph{static} versions. Upon this, we build solid relations between authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key agreement (IB-AK) protocols, whereby we present two \emph{substitution rules} for this two types of protocols. The rules enable a conversion between the two types of protocols. In particular, we obtain the \emph{real} ID-based version of the well-known MQV (and HMQV) protocol. Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key transport protocol underlining the SK ID-based encryption scheme (which we call the "SK protocol") has its non-ID counterpart, namely the Hughes protocol. Based on this observation, we establish relations between corresponding ID-based and non-ID-based protocols. In particular, we propose a highly enhanced version of the McCullagh-Barreto protocol

Cryptanalysis of an e_cient three-party password-based key exchange scheme

AbstractIn order to secure communications between two clients with a trusted server's help in public network environments, a three-party password-based authenticated key exchange (3PAKE) scheme is used to provide the transaction confidentiality and e_ciency. In 2010, Lou-Huang proposed a new simple three-party password-based authenticated key exchange (LH-3PAKE) scheme based on elliptic curve cryptography (ECC). By analysis, Lou-Huang claimed that the proposed LH- 3PAKE scheme is not only secure against various attacks, but also more e_cient than previously proposed 3PAKE schemes. However, this paper demonstrates LH-3PAKE scheme is vulnerable to o_-line password guessing attacks by an attacker

Analysis of two pairing-based three-party password authenticated key exchange protocols

Password-Authenticated Key Exchange (PAKE) protocols allow parties to share secret keys in an authentic manner based on an easily memorizable password. Recently, Nam et al. showed that a provably secure three-party password-based authenticated key exchange protocol using Weil pairing by Wen et al. is vulnerable to a man-in-the-middle attack. In doing so, Nam et al. showed the flaws in the proof of Wen et al. and described how to fix the problem so that their attack no longer works. In this paper, we show that both Wen et al. and Nam et al. variants fall to key compromise impersonation by any adversary. Our results underline the fact that although the provable security approach is necessary to designing PAKEs, gaps still exist between what can be proven and what are really secure in practice

Efficient Three Party Key Exchange Protocol

Key exchange protocols allow two or more parties communicating over a public network to establish a common secret key called a session key. In 1976, Diffie and Hellman proposed the first practical key exchange (DH key exchange) protocol. In 2005, Abdalla and Pointcheval suggested a new variation of the computational DH assumption called chosen based computational Diffie Hellman (CCDH) and presented simple password based authenticated key exchange protocols. Since then several three party password authenticated key agreement protocols have been proposed In 2007, Lu and Cao proposed a simple 3 party authenticated key exchange (S-3PAKE) protocol. Kim and Koi found that this protocol cannot resist undetectable online password guessing attack and gave fixed STPKE' protocol as a countermeasure using exclusive-or operation. Recently, Tallapally and Padmavathy found that STPKE' is still vulnerable to undetectable online password guessing attack and gave a modified STPKE' protocol. Unfortunately, we find that, although modified STPKE' protocol can resist undetectable online password guessing attack but it is vulnerable to man in the middle attack. Also, we propose and analyze an efficient protocol against all the known attacks

An enhanced watermarking protocol for electronic copyright management

In Piva et al\u27s watermarking scheme for electronic copyright management system (ECMS), authors were considered trusted potentially, so a dishonest author could authorize more than one distributor to sell her one document, named &quot;One Document to Multi-distributor&quot; problem, which would damage the benefit of the distributors. To resolve the problem, in this paper, we propose an enhanced watermarking protocol based on Piva et al\u27s scheme by introducing document nature code (DNC) and register records table. In addition, our protocol offers the distributor an efficient means to verify his right to an authorized digital document.<br /

Survey on Lightweight Primitives and Protocols for RFID in Wireless Sensor Networks

The use of radio frequency identification (RFID) technologies is becoming widespread in all kind of wireless network-based applications. As expected, applications based on sensor networks, ad-hoc or mobile ad hoc networks (MANETs) can be highly benefited from the adoption of RFID solutions. There is a strong need to employ lightweight cryptographic primitives for many security applications because of the tight cost and constrained resource requirement of sensor based networks. This paper mainly focuses on the security analysis of lightweight protocols and algorithms proposed for the security of RFID systems. A large number of research solutions have been proposed to implement lightweight cryptographic primitives and protocols in sensor and RFID integration based resource constraint networks. In this work, an overview of the currently discussed lightweight primitives and their attributes has been done. These primitives and protocols have been compared based on gate equivalents (GEs), power, technology, strengths, weaknesses and attacks. Further, an integration of primitives and protocols is compared with the possibilities of their applications in practical scenarios