67 research outputs found
Provably Secure Three-party Password Authenticated Key Exchange Protocol Based On Ring Learning With Error
Three-party Password Authenticated Key Exchange (3PAKE) protocol is an important cryptographic primitive, where clients can establish a session key using easy-to-remember passwords. A number of 3PAKE protocols based on traditional mathematical problems have been presented in the literature, but these protocols are not able to resist attacks using quantum computers. In this paper, we construct the first 3PAKE protocol from lattices. Lattice-based cryptography is a promising post-quantum cryptography approach. We then prove its security in the random oracle model, and implement the proposed protocol using LatticeCrypto. The implementation results shows our protocol is very efficient in practice
On Protocols for Information Security Services
Now-a-days, organizations are becoming more and more dependent on their information systems due to the availability of high technology environment.Information is also treated as vital like other important assets of an organization. Thus, we require Information Security Services (ISS) protocols to protect this commodity. In this thesis, investigations have been made to protect information by developing some ISS protocols. We proposed a key management protocol, which stores one-way hash of the password at the server, instead of storing plaintext version of password.Every host and server agrees upon family of commutative one-way hash functions. Due to this prevention mechanism, online and offline guessing attacks are defeated. The protocol provides host authentication. As a result, man-in-the-middle attack is averted. It also withstands malicious insider attack
Comments on two password based protocols
Recently, M. Hölbl et al. and I. E. Liao et al. each proposed an user
authentication protocol. Both claimed that their schemes can withstand
password guessing attack. However, T. Xiang et al. pointed out
I. E. Liao et al.\u27s protocol suffers three kinds of attacks, including
password guessing attacks. We present an improvement protocol to get
rid of password guessing attacks. In this paper, we first point out
the security loopholes of M. Hölbl et al.\u27s protocol and review
T. Xiang et al.\u27s cryptanalysis on I. E. Liao et al.\u27s protocol. Then,
we present the improvements on M. Hölbl et al.\u27s protocol and
I. E. Liao et al.\u27s protocol, respectively
A Secure and efficient elliptic curve based authentication and key agreement protocol suitable for WSN
Authentication and key agreement protocols play an important role in wireless sensor communication networks. Recently Xue et al\u27. suggested a key agreement protocols for WSN which in this paper we show that the protocol has some security flaws. Also we introduce an enhanced authentication and key agreement protocol for WSN satisfying all the security requirements
On the Application of Identity-Based Cryptography in Grid Security
This thesis examines the application of identity-based cryptography
(IBC) in designing security infrastructures for grid applications.
In this thesis, we propose a fully identity-based key infrastructure
for grid (IKIG). Our proposal exploits some interesting properties
of hierarchical identity-based cryptography (HIBC) to replicate
security services provided by the grid security infrastructure (GSI)
in the Globus Toolkit. The GSI is based on public key infrastructure
(PKI) that supports standard X.509 certificates and proxy
certificates. Since our proposal is certificate-free and has small
key sizes, it offers a more lightweight approach to key management
than the GSI. We also develop a one-pass delegation protocol that
makes use of HIBC properties. This combination of lightweight key
management and efficient delegation protocol has better scalability
than the existing PKI-based approach to grid security.
Despite the advantages that IKIG offers, key escrow remains an issue
which may not be desirable for certain grid applications. Therefore,
we present an alternative identity-based approach called dynamic key
infrastructure for grid (DKIG). Our DKIG proposal combines both
identity-based techniques and the conventional PKI approach. In this
hybrid setting, each user publishes a fixed parameter set through a
standard X.509 certificate. Although X.509 certificates are involved
in DKIG, it is still more lightweight than the GSI as it enables the
derivation of both long-term and proxy credentials on-the-fly based
only on a fixed certificate.
We also revisit the notion of secret public keys which was
originally used as a cryptographic technique for designing secure
password-based authenticated key establishment protocols. We
introduce new password-based protocols using identity-based secret
public keys. Our identity-based techniques can be integrated
naturally with the standard TLS handshake protocol. We then discuss
how this TLS-like identity-based secret public key protocol can be
applied to securing interactions between users and credential
storage systems, such as MyProxy, within grid environments
Improvements on two password-based authentication protocols
Recently, Liao et al. and Hölbl et al. each proposed a user authentication protocol, respectively. Both claimed that their schemes can withstand various attacks. However, Xiang et al. pointed out Liao et al.’s protocol suffers from three kinds of attacks, the replay attack, the guessing attack, and the Denial-of-service (DoS) attack. Moreover, we and Munilla et al. also found Hölbl et al.’s protocol suffers from the password guessing attack. In this paper, we will propose the two protocols’ improvements respectively. After analyses and comparisons, we conclude that our improvements are not only more secure but also more efficient in communication cost than all of the proposed password based schemes that we know
- …