Security analysis of standard authentication and key agreement protocols utilising timestamps

We propose a generic modelling technique that can be used to extend existing frameworks for theoretical security analysis in order to capture the use of timestamps. We apply this technique to two of the most popular models adopted in literature (Bellare-Rogaway and Canetti-Krawczyk). We analyse previous results obtained using these models in light of the proposed extensions, and demonstrate their application to a new class of protocols. In the timed CK model we concentrate on modular design and analysis of protocols, and propose a more efficient timed authenticator relying on timestamps. The structure of this new authenticator implies that an authentication mechanism standardised in ISO-9798 is secure. Finally, we use our timed extension to the BR model to establish the security of an efficient ISO protocol for key transport and unilateral entity authentication

Scalable Compilers for Group Key Establishment : Two/Three Party to Group

This work presents the first scalable, efficient and generic compilers to construct group key exchange (GKE) protocols from two/three party key exchange (2-KE/3-KE) protocols. We propose three different compilers where the first one is a 2-KE to GKE compiler (2-TGKE) for tree topology, the second one is also for tree topology but from 3-KE to GKE (3-TGKE) and the third one is a compiler that constructs a GKE from 3-KE for circular topology. Our compilers 2-TGKE and 3-TGKE are first of their kind and are efficient due to the underlying tree topology. For the circular topology, we design a compiler called 3-CGKE. 2-TGKE and 3-TGKE compilers require a total of $\mathcal{O}\left(n\lg n \right)$ communication, when compared to the existing compiler for circular topology, where the communication cost is $\mathcal{O}\left(n^2 \right)$. By extending the compilers 2-TGKE and 3-TGKE using the techniques in \cite{DLB07}, scalable compilers for tree based authenticated group key exchange protocols (2-TAGKE/3-TAGKE), which are secure against active adversaries can be constructed. As an added advantage our compilers can be used in a setting where there is asymmetric distribution of computing power. Finally, we present a constant round authenticated group key exchange (2-TAGKE) obtained by applying Diffie-Hellman protocol and the technique in \cite{DLB07} to our compiler 2-TGKE. We prove the security of our compilers in a stronger Real or Random model and do not assume the existence of random oracles

Database of audio records

Diplomka a prakticky castDiplome with partical part

TrusNet: Peer-to-Peer Cryptographic Authentication

Originally, the Internet was meant as a general purpose communication protocol, transferring primarily text documents between interested parties. Over time, documents expanded to include pictures, videos and even web pages. Increasingly, the Internet is being used to transfer a new kind of data which it was never designed for. In most ways, this new data type fits in naturally to the Internet, taking advantage of the near limit-less expanse of the protocol. Hardware protocols, unlike previous data types, provide a unique set security problem. Much like financial data, hardware protocols extended across the Internet must be protected with authentication. Currently, systems which do authenticate do so through a central server, utilizing a similar authentication model to the HTTPS protocol. This hierarchical model is often at odds with the needs of hardware protocols, particularly in ad-hoc networks where peer-to-peer communication is prioritized over a hierarchical model. Our project attempts to implement a peer-to-peer cryptographic authentication protocol to be used to protect hardware protocols extending over the Internet. The TrusNet project uses public-key cryptography to authenticate nodes on a distributed network, with each node locally managing a record of the public keys of nodes which it has encountered. These keys are used to secure data transmission between nodes and to authenticate the identities of nodes. TrusNet is designed to be used on multiple different types of network interfaces, but currently only has explicit hooks for Internet Protocol connections. As of June 2016, TrusNet has successfully achieved a basic authentication and communication protocol on Windows 7, OSX, Linux 14 and the Intel Edison. TrusNet uses RC-4 as its stream cipher and RSA as its public-key algorithm, although both of these are easily configurable. Along with the library, TrusNet also enables the building of a unit testing suite, a simple UI application designed to visualize the basics of the system and a build with hooks into the I/O pins of the Intel Edison allowing for a basic demonstration of the system

A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)

We study the question of how to build compilers that transform a unilaterally authenticated (UA) key-exchange protocol into a mutually-authenticated (MA) one. We present a simple and efficient compiler and characterize the UA protocols that the compiler upgrades to the MA model, showing this to include a large and important class of UA protocols. The question, while natural, has not been studied widely. Our work is motivated in part by the ongoing work on the design of TLS 1.3, specifically the design of the client authentication mechanisms including the challenging case of post-handshake authentication. Our approach supports the analysis of these mechanisms in a general and modular way, in particular aided by the notion of functional security that we introduce as a generalization of key exchange models and which may be of independent interest

Cryptanalysis of a group key establishment protocol

In this paper, we analyze the security of a group key establishment scheme proposed by López-Ramos et al. This proposal aims at allowing a group of users to agree on a common key. We present several attacks against the security of the proposed protocol. In particular, an active attack is presented, and it is also proved that the protocol does not provide forward secrecy