An Efficient Multiple PKG Compatible Identity Based Authenticated Key Agreement protocol

In this paper we propose an efficient single-round, two-party identity based authenticated key agreement protocol in the setting of multiple Private Key Generators (PKGs). One of the major advantages of our construction is that it does not involve any pairing operations. To date, existing protocols in the Identity Based Key Agreement domain revolves around a single PKG environment. Efforts to exploit the multiple PKGs paradigm have placed excessive reliance on Elliptic Curve Cryptography and bilinear pairings. These are computationally intensive and cannot be used when computation is premium, specially in applications such as in a Vehicular Ad-Hoc Network (VANET) where the vehicles in a VANET may need to perform a large number of key agreement sessions. Previous attempts to model identity based key agreement in multiple PKG scenario by Chen and Kundla, McCullagh have very limited scope and provide weak security guarantees. We propose a new security model for identity based key agreement protocols involving multiple PKGs based on the eCK security model which is much more stronger than the existing models and captures additional properties like Key Compromise Impersonation and forward secrecy that were not captured by the previous models. Our protocol is proven secure in this new security model under the Gap Diffie Hellman (GDH) assumption in the Random Oracle (RO) model

Biometric identity-based cryptography for e-Government environment

Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols

Modelling and simulation of a biometric identity-based cryptography

Government information is a vital asset that must be kept in a trusted environment and efficiently managed by authorised parties. Even though e-Government provides a number of advantages, it also introduces a range of new security risks. Sharing confidential and top-secret information in a secure manner among government sectors tend to be the main element that government agencies look for. Thus, developing an effective methodology is essential and it is a key factor for e-Government success. The proposed e-Government scheme in this paper is a combination of identity-based encryption and biometric technology. This new scheme can effectively improve the security in authentication systems, which provides a reliable identity with a high degree of assurance. In addition, this paper demonstrates the feasibility of using Finite-state machines as a formal method to analyse the proposed protocols

Cryptographic Key Management in Delay Tolerant Networks (DTNs): A survey

Since their appearance at the dawn of the second millennium, Delay or Disruption Tolerant Networks (DTNs) have gradually evolved, spurring the development of a variety of methods and protocols for making them more secure and resilient. In this context, perhaps, the most challenging problem to deal with is that of cryptographic key management. To the best of our knowledge, the work at hand is the first to survey the relevant literature and classify the various so far proposed key management approaches in such a restricted and harsh environment. Towards this goal, we have grouped the surveyed key management methods into three major categories depending on whether the particular method copes with a) security initialization, b) key establishment, and c) key revocation. We have attempted to provide a concise but fairly complete evaluation of the proposed up-to-date methods in a generalized way with the aim of offering a central reference point for future research

Some Implementation Issues for Security Services based on IBE

Identity Based Encryption (IBE) is a public key cryptosystem where a unique identity string, such as an e-mail address, can be used as a public key. IBE is simpler than the traditional PKI since certificates are not needed. An IBE scheme is usually based on pairing of discrete points on elliptic curves. An IBE scheme can also be based on quadratic residuosity. This paper presents an overview of these IBE schemes and surveys present IBE based security services. Private key management is described in detail with protocols to authenticate users of Private Key Generation Authorities (PKG), to protect submission of generated private keys, and to avoid the key escrow problem. In the security service survey IBE implementations for smartcards, for smart phones, for security services in mobile networking, for security services in health care information systems, for secure web services, and for grid network security are presented. Also the performance of IBE schemes is estimated

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Building Trust Networks

The common agreement in the industry is that the Public Key Infrastructure is complex and expensive. From the year 1976 with the introduction of public key cryptography and the introduction of PKI concept in 1977 a lot of scientific resources has been spent on creation of usable key exchange systems and concepts to build trust networks. Most EU Member States have implemented their own national Public Key Infrastructure solutions mainly to enable strong authentication of citizens. They are however not the only systems within the EU to utilize PKI. Due to the nature of the PKI it is most convenient or suitable in an environment with stakeholders with similar agendas. This has resulted in several new PKI developments for specific purposes, within one industry or one vertical such as healthcare. Some Member States have tried to incorporate vertical needs with an all-purpose PKI solution, such as the Austrian eID card with so called sector specific certificates (http://ec.europa.eu/idabc/en/document/4486/5584). From the CIA (Confidentiality, Integrity, Availability) triangle public key cryptography provides confidentiality and integrity. The modern world however has more requirements in environments where sensitive information is being exchanged. It is not enough to know identity of the entity trying to access the information, but to also know the entity permissions or privileges regarding the requested resource. The authorization process grants the user specific permissions to e.g. access, modify or delete resources. A pure PKI does not allow us to build complex authorization policies, and therefore some of the Member States have built (authentication and) authorization solutions on top of existing authentication infrastructures, especially in the eGovernment sector. The scientific community has also tried to solve this issue by creating extensions to the basic PKI concept, and some of these concepts have been successful. Another problem with large scales systems is the key distribution. Managing a large number of keys using a central solution such as PKI has proven to be problematic in certain conditions. Either there are tradeoffs in security, or problems with application support. The last issue deals with public key cryptography itself. Current cryptography relies on the fact that it provides enough security based on availability of the resources, i.e. computational power. New approaches have been introduced both scientifically and commercially by moving away from the mathematics to other areas such as quantum mechanics. This paper is a quick review on some of the existing systems and their benefits and inherent challenges as well as a short introduction to new developments in the areas of authentication, authorization and key distribution.JRC.G.6-Security technology assessmen