Group key establishment protocols: Pairing cryptography and verifiable secret sharing scheme

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2013Includes bibliographical references (leaves: 97-103)Text in English; Abstract: Turkish and Englishx, 154 leavesThe aim of this study is to establish a common secret key over an open network for a group of user to be used then symmetrical secure communication between them. There are two methods of GKE protocol which are key agreement and key distribution. Key agreement is a mechanism whereby the parties jointly establish a common secret. As to key distribution, it is a mechanism whereby one of the parties creates or obtains a secret value and then securely distributes it to other parties. In this study, both methods is applied and analyzed in two different GKE protocols. Desirable properties of a GKE are security and efficiency. Security is attributed in terms of preventing attacks against passive and active adversary. Efficiency is quantified in terms of computation, communication and round complexity. When constructing a GKE, the challenge is to provide security and efficiency according to attributed and quantified terms. Two main cryptographic tools are selected in order to handle the defined challenge. One of them is bilinear pairing which is based on elliptic curve cryptography and another is verifiable secret sharing which is based on multiparty computation. In this thesis, constructions of these two GKE protocols are studied along with their communication models, security and efficiency analysis. Also, an implementation of four-user group size is developed utilizing PBC, GMP and OpenSSL Libraries for both two protocols

Comparison of group key establishment protocols

Recently group-oriented applications over unsecure open networks such as Internet or wireless networks have become very popular. Thus, group communication security over unsecure open networks has become a vital concern. Group key establishment (GKE) protocols are used to satisfy the confidentiality requirement of a newly started communication session by the generation or sharing of an ephemeral common key between the group members. In this study, we analyze the computation and communication efficiency of GKE protocols. Besides confidentiality, the security characteristics of identification and integrity control are also required for all steps of the protocol implementations. Thus, the main contribution of this work is to provide the computation and communication efficiency analysis of the same GKE protocols along with the identification of the group entities and integrity control of messages during the protocol steps. The specific implementation and analysis of GKE protocols are performed by group key agreement (GKA) with pairing- based cryptography and group key distribution (GKD) with verifiable secret sharing, respectively. Finally, a comparison of GKA and GKD protocols on the basis of their strong points and cost characteristics are also provided to inform potential users

Recent cyberwar spectrum and its analysis

11th European Conference on Information Warfare and Security 2012, ECIW 2012; Laval; France; 5 July 2012 through 6 July 2012War is an organized, armed, and often prolonged conflict that is carried on between states, nations or other parties. Every war instance includes some basic components like rising conditions, battlespace, weapons, strategy, tactics, and consequences. Recent developments in the information and communication technologies have brought about changes on the nature of war. As a consequence of this change, cyberwar became the new form of war. In this new form, the new battlespace is cyber space and the contemporary weapons are constantly being renovated viruses, worms, trojans, denial-of-service, botnets, and advanced persistent threat. In this work, we present recent cyberwar spectrum along with its analysis. The spectrum is composed of the Estonia Attack, Georgia Attack, Operation Aurora, and Stuxnet Worm cases. The methodology for analysis is to identify reasons, timeline, effects, responses, and evaluation of each individual case. Moreover, we try to enumerate the fundamental war components for each incident. The analysis results put evidences to the evolution of the weapons into some new forms such as advanced persistent threat. Another outcome of the analysis is that when approaching to the end, confidentiality and integrity attributes of information are being compromised in addition to the availability. Another important observation is that in the last two cases, the responsive actions were not possible due to the lack of the identities of the offending parties. Thus, attribution appears as a significant concern for the modern warfare. The current sophistication level of the cyber weapons poses critical threats to society. Particularly developed countries that have high dependence on information and communication technologies are potential targets since the safety of the critical infrastructures like; healthcare, oil and gas production, water supply, transportation and telecommunication count on the safety of the computer networks. Being aware of this fact, every nation should attach high priorities to cyber security in his agenda and thus behave proactively