Two-Party Threshold Key Agreement Protocol for MANETs using Pairings

In MANET environment, the nodes are mobile i.e., nodes move in and out dynamically. This causes difficulty in maintaining a central trusted authority say Certification Authority CA or Key Generation Centre KCG. In addition most of cryptographic techniques need a key to be shared between the two communicating entities. So to introduce security in MANET environment, there is a basic need of sharing a key between the two communicating entities without the use of central trusted authority. So we present a decentralized two-party key agreement protocol using pairings and threshold cryptography ideas. Our model is based on Joux2019;s three-party key agreement protocol which does not authenticate the users and hence is vulnerable to man-in-the-middle attack. This model protects from man-in-the-middle attack using threshold cryptography

Two improved authenticated multiple key exchange protocols

Many authenticated multiple key exchange protocols were published in recent years. In 2008, Lee et al. presented an authenticated multiple key exchange protocol based on bilinear pairings. However, Vo et al. demonstrated an impersonation attack on the protocol , and it failed to provide authenticity and perfect forward secrecy as they had claimed. Later, Vo et al. proposed their enhancement protocol conforming which conforms to all desirable security properties. But, Vo\u27s protocol required any party had held the public key each other, which required a large amount of storage. In this paper, we propose two new authenticated multiple key exchange protocols based on Lee\u27s protocol, and makes them immune against Vo et al.\u27s attacks

One-round and authenticated three-party multiple key exchange protocol from parings

One round three-party authenticated key exchange protocols are extremely important to secure communications and are now extensively adopted in network communications. These protocols allow users to communicate securely over public networks simply by using easy-to-remember long-term private keys. In 2001, Harn and Lin proposed an authentication key exchange protocol in which two parties generate four shared keys in one round, and three of these keys can provide perfect forward secrecy.This work,which aims to generalize two-party multiple key agreement sets to three-party key agreement sets,presents a three-party multiple key exchange protocol based on bilinear pairing.The proposed protocol does not require server\u27s public key and requires only a single round. Compared with existing protocols, the proposed protocol is more efficient and provide greater security

Some Implementation Issues for Security Services based on IBE

Identity Based Encryption (IBE) is a public key cryptosystem where a unique identity string, such as an e-mail address, can be used as a public key. IBE is simpler than the traditional PKI since certificates are not needed. An IBE scheme is usually based on pairing of discrete points on elliptic curves. An IBE scheme can also be based on quadratic residuosity. This paper presents an overview of these IBE schemes and surveys present IBE based security services. Private key management is described in detail with protocols to authenticate users of Private Key Generation Authorities (PKG), to protect submission of generated private keys, and to avoid the key escrow problem. In the security service survey IBE implementations for smartcards, for smart phones, for security services in mobile networking, for security services in health care information systems, for secure web services, and for grid network security are presented. Also the performance of IBE schemes is estimated

A method for making password-based key exchange resilient to server compromise

Abstract. This paper considers the problem of password-authenticated key exchange (PAKE) in a client-server setting, where the server authenticates using a stored password file, and it is desirable to maintain some degree of security even if the server is compromised. A PAKE scheme is said to be resilient to server compromise if an adversary who compromises the server must at least perform an offline dictionary attack to gain any advantage in impersonating a client. (Of course, offline dictionary attacks should be infeasible in the absence of server compromise.) One can see that this is the best security possible, since by definition the password file has enough information to allow one to play the role of the server, and thus to verify passwords in an offline dictionary attack. While some previous PAKE schemes have been proven resilient to server compromise, there was no known general technique to take an arbitrary PAKE scheme and make it provably resilient to server compromise. This paper presents a practical technique for doing so which requires essentially one extra round of communication and one signature computation/verification. We prove security in the universal composability framework by (1) defining a new functionality for PAKE with resilience to server compromise, (2) specifying a protocol combining this technique with a (basic) PAKE functionality, and (3) proving (in the random oracle model) that this protocol securely realizes the new functionality.

ISSUES AND SOLUTIONS OF APPLYING IDENTITY-BASED CRYPTOGRAPHY TO MOBILE AD-HOC NETWORKS

Concept of Mobile Ad-hoc Networks (MANETs) was brought up a few decades ago with assumed prosperous future. Unfortunately, we do not see many practical applications of them in real life. Security of MANETs is a big concern considered by investors and industries, and hinders them from putting MANETs into application. Requirements of security, and difficulties to meet these requirements have been stated clearly already; yet solutions to these difficulties are not quite clear. Cryptographic technologies seem to be capable of satisfying most of the requirements, which has been proved in Internet or wired networks. However, most of the technologies, including symmetric and traditional asymmetric cryptography (such as Public Key Infrastructure (PKI)), are inapplicable or inconvenient to use inMANETs context. Identity-based Cryptography (IBC), as a special form of asymmetric cryptography, carries many features interesting for MANETs. IBC has been studied a lot recently by researchers of MANET security, and many applications have been proposed and claimed to address this difficult problem. However, it is still the case that most of the solutions are not sound enough to be used in a practical MANET. This thesis starts with an intensive survey on the proposals of applications of IBC in MANETs, and points out the issues, limitations and weaknesses in these proposals and also in IBC itself. The thesis proposes a novel framework with key management and secure routing scheme integrated aiming to address these issues. This scheme brings these contributions: compared to symmetric key solutions, it has more functionality derived from asymmetric keys, and is more secure due to using 1-to-m broadcasting key instead of only 1 group broadcasting key, and has less keys to store per node due to using asymmetric keys instead of pairwise symmetric keys; compared to traditional asymmetric cryptography solutions, the storage and communication requirements are lower due to IBC properties; compared to previous IBC solutions, it has no key management and secure routing interdependency cycle problem. Security of the proposed scheme is proved and performance of the scheme is simulated and analyzed in the thesis. To the end of a complete solution for an arbitraryMANET running in an arbitrary environment, the thesis proposes enhancements to counter various attacks and options to abate or eliminate limitations and weaknesses of IBC. The proposed scheme has a wide range of applicability for various MANETs with little or no administrative overhead depending on situations where it is considered

EFFICIENT AND SCALABLE NETWORK SECURITY PROTOCOLS BASED ON LFSR SEQUENCES

The gap between abstract, mathematics-oriented research in cryptography and the engineering approach of designing practical, network security protocols is widening. Network researchers experiment with well-known cryptographic protocols suitable for different network models. On the other hand, researchers inclined toward theory often design cryptographic schemes without considering the practical network constraints. The goal of this dissertation is to address problems in these two challenging areas: building bridges between practical network security protocols and theoretical cryptography. This dissertation presents techniques for building performance sensitive security protocols, using primitives from linear feedback register sequences (LFSR) sequences, for a variety of challenging networking applications. The significant contributions of this thesis are: 1. A common problem faced by large-scale multicast applications, like real-time news feeds, is collecting authenticated feedback from the intended recipients. We design an efficient, scalable, and fault-tolerant technique for combining multiple signed acknowledgments into a single compact one and observe that most signatures (based on the discrete logarithm problem) used in previous protocols do not result in a scalable solution to the problem. 2. We propose a technique to authenticate on-demand source routing protocols in resource-constrained wireless mobile ad-hoc networks. We develop a single-round multisignature that requires no prior cooperation among nodes to construct the multisignature and supports authentication of cached routes. 3. We propose an efficient and scalable aggregate signature, tailored for applications like building efficient certificate chains, authenticating distributed and adaptive content management systems and securing path-vector routing protocols. 4. We observe that blind signatures could form critical building blocks of privacypreserving accountability systems, where an authority needs to vouch for the legitimacy of a message but the ownership of the message should be kept secret from the authority. We propose an efficient blind signature that can serve as a protocol building block for performance sensitive, accountability systems. All special forms digital signatures—aggregate, multi-, and blind signatures—proposed in this dissertation are the first to be constructed using LFSR sequences. Our detailed cost analysis shows that for a desired level of security, the proposed signatures outperformed existing protocols in computation cost, number of communication rounds and storage overhead