• Title/Summary/Keyword: Internet Key Exchange

Search Result 116, Processing Time 0.025 seconds

Multi-party Password-Authenticated Key Exchange Scheme with Privacy Preservation for Mobile Environment

  • Lu, Chung-Fu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.9 no.12
    • /
    • pp.5135-5149
    • /
    • 2015
  • Communications among multi-party must be fast, cost effective and secure. Today's computing environments such as internet conference, multi-user games and many more applications involve multi-party. All participants together establish a common session key to enable multi-party and secure exchange of messages. Multi-party password-based authenticated key exchange scheme allows users to communicate securely over an insecure network by using easy-to-remember password. Kwon et al. proposed a practical three-party password-based authenticated key exchange (3-PAKE) scheme to allow two users to establish a session key through a server without pre-sharing a password between users. However, Kwon et al.'s scheme cannot meet the security requirements of key authentication, key confirmation and anonymity. In this paper, we present a novel, simple and efficient multi-party password-based authenticated key exchange (M-PAKE) scheme based on the elliptic curve cryptography for mobile environment. Our proposed scheme only requires two round-messages. Furthermore, the proposed scheme not only satisfies security requirements for PAKE scheme but also achieves efficient computation and communication.

An Implementation and Performance Evaluation of IPsec System engaged IKEv2 Protocol Engine (IPsec System에서 IKEv2 프로토콜 엔진의 구현 및 성능 평가)

  • Kim, Sung-Chan;Chun, Jun-Ho;Jun, Moon-Seog
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.16 no.5
    • /
    • pp.35-46
    • /
    • 2006
  • The current Internet Key Exchange protocol(IKE) which has been used for key exchange of security system was pointed out the faults of scalability, speed, efficiency and stability. In this research, we tried to resolve those faults, and implemented the newly designed IKEv2 protocol in the IPsec test bed system. In the trend of network expansion, the current Internet Key Exchange protocol has a limitation of network scalability, so we implemented the new Internet Key Exchange protocol as a recommendation of RFC proposal, so as to resolve the fault of the key exchange complexity and the speed of authentication process. We improved the key exchange speed as a result of simplification of complex key exchange phase, and increased efficiency with using the preexistence state value in negotiation phase.

An eCK-secure Authenticated Key Exchange Protocol without Random Oracles

  • Moriyama, Daisuke;Okamoto, Tatsuaki
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.5 no.3
    • /
    • pp.607-625
    • /
    • 2011
  • Two-party key exchange protocol is a mechanism in which two parties communicate with each other over an insecure channel and output the same session key. A key exchange protocol that is secure against an active adversary who can control and modify the exchanged messages is called authenticated key exchange (AKE) protocol. LaMacchia, Lauter and Mityagin presented a strong security definition for public key infrastructure (PKI) based two-pass protocol, which we call the extended Canetti-Krawczyk (eCK) security model, and some researchers have provided eCK-secure AKE protocols in recent years. However, almost all protocols are provably secure in the random oracle model or rely on a special implementation technique so-called the NAXOS trick. In this paper, we present a PKI-based two-pass AKE protocol that is secure in the eCK security model. The security of the proposed protocol is proven without random oracles (under three assumptions), and does not rely on implementation techniques such as the NAXOS trick.

One-round Secure Key Exchange Protocol With Strong Forward Secrecy

  • Li, Xiaowei;Yang, Dengqi;Chen, Benhui;Zhang, Yuqing
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.11
    • /
    • pp.5639-5653
    • /
    • 2016
  • Security models for key exchange protocols have been researched for years, however, lots of them only focus on what secret can be compromised but they do not differentiate the timing of secrets compromise, such as the extended Canetti-Krawczyk (eCK) model. In this paper, we propose a new security model for key exchange protocols which can not only consider what keys can be compromised as well as when they are compromised. The proposed security model is important to the security proof of the key exchange protocols with forward secrecy (either weak forward secrecy (wFS) or strong forward secrecy (sFS)). In addition, a new kind of key compromise impersonation (KCI) attacks which is called strong key compromise impersonation (sKCI) attack is proposed. Finally, we provide a new one-round key exchange protocol called mOT+ based on mOT protocol. The security of the mOT+ is given in the new model. It can provide the properties of sKCI-resilience and sFS and it is secure even if the ephemeral key reveal query is considered.

A Lightweight Three-Party Privacy-preserving Authentication Key Exchange Protocol Using Smart Card

  • Li, Xiaowei;Zhang, Yuqing;Liu, Xuefeng;Cao, Jin
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.5
    • /
    • pp.1313-1327
    • /
    • 2013
  • How to make people keep both the confidentiality of the sensitive data and the privacy of their real identity in communication networks has been a hot topic in recent years. Researchers proposed privacy-preserving authenticated key exchange protocols (PPAKE) to answer this question. However, lots of PPAKE protocols need users to remember long secrets which are inconvenient for them. In this paper we propose a lightweight three-party privacy-preserving authentication key exchange (3PPAKE) protocol using smart card to address the problem. The advantages of the new 3PPAKE protocol are: 1. The only secrets that the users need to remember in the authentication are their short passwords; 2. Both of the users can negotiate a common key and keep their identity privacy, i.e., providing anonymity for both users in the communication; 3. It enjoys better performance in terms of computation cost and security. The security of the scheme is given in the random oracle model. To the best of our knowledge, the new protocol is the first provably secure authentication protocol which provides anonymity for both users in the three-party setting.

Dictionary Attacks against Password-Based Authenticated Three-Party Key Exchange Protocols

  • Nam, Junghyun;Choo, Kim-Kwang Raymond;Kim, Moonseong;Paik, Juryon;Won, Dongho
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.7 no.12
    • /
    • pp.3244-3260
    • /
    • 2013
  • A three-party password-based authenticated key exchange (PAKE) protocol allows two clients registered with a trusted server to generate a common cryptographic key from their individual passwords shared only with the server. A key requirement for three-party PAKE protocols is to prevent an adversary from mounting a dictionary attack. This requirement must be met even when the adversary is a malicious (registered) client who can set up normal protocol sessions with other clients. This work revisits three existing three-party PAKE protocols, namely, Guo et al.'s (2008) protocol, Huang's (2009) protocol, and Lee and Hwang's (2010) protocol, and demonstrates that these protocols are not secure against offline and/or (undetectable) online dictionary attacks in the presence of a malicious client. The offline dictionary attack we present against Guo et al.'s protocol also applies to other similar protocols including Lee and Hwang's protocol. We conclude with some suggestions on how to design a three-party PAKE protocol that is resistant against dictionary attacks.

An Implementation and Evaluation of Improved Anti-DoS IKE Protocol Engine for Interaction with IPsec System (IPsec과 연동되는 개선된 Anti-DoS IKE 프로토콜 엔진의 구현 및 평가)

  • Kim, Sung-Chan;Choun, Jun-Ho;Jun, Moon-Seog
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.31 no.11B
    • /
    • pp.1005-1016
    • /
    • 2006
  • As the increment usage of Internet, the security systems's importance is emphasized. The current Internet Key Exchange protocol(IKE) which has been used for key exchange of security system, was pointed out a problem of efficiency and stability. In this research, we try to resolve those problems, and evaluate the newly designed Key Exchange protocol in the IPsec interaction test bed system environment. In this research we implemented the new Key Exchange Protocol as a recommendation of RFC proposal, so as to resolve the problem which was pointed out the key exchange complexity and the speed of authentication process. We also designed the defense mechanism against the Denial of Service attack. We improved the key exchange speed as a result of simplification of complex key exchange phase, and increased efficiency as a result of reuse the preexistence state value when it's renegotiated.

Practical Password-Authenticated Three-Party Key Exchange

  • Kwon, Jeong-Ok;Jeong, Ik-Rae;Lee, Dong-Hoon
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.2 no.6
    • /
    • pp.312-332
    • /
    • 2008
  • Password-based authentication key exchange (PAKE) protocols in the literature typically assume a password that is shared between a client and a server. PAKE has been applied in various environments, especially in the “client-server” applications of remotely accessed systems, such as e-banking. With the rapid developments in modern communication environments, such as ad-hoc networks and ubiquitous computing, it is customary to construct a secure peer-to-peer channel, which is quite a different paradigm from existing paradigms. In such a peer-to-peer channel, it would be much more common for users to not share a password with others. In this paper, we consider password-based authentication key exchange in the three-party setting, where two users do not share a password between themselves but only with one server. The users make a session-key by using their different passwords with the help of the server. We propose an efficient password-based authentication key exchange protocol with different passwords that achieves forward secrecy in the standard model. The protocol requires parties to only memorize human-memorable passwords; all other information that is necessary to run the protocol is made public. The protocol is also light-weighted, i.e., it requires only three rounds and four modular exponentiations per user. In fact, this amount of computation and the number of rounds are comparable to the most efficient password-based authentication key exchange protocol in the random-oracle model. The dispensation of random oracles in the protocol does not require the security of any expensive signature schemes or zero-knowlegde proofs.

A Novel Key Sharing Fuzzy Vault Scheme

  • You, Lin;Wang, Yuna;Chen, Yulei;Deng, Qi;Zhang, Huanhuan
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.10 no.9
    • /
    • pp.4585-4602
    • /
    • 2016
  • A novel key sharing fuzzy vault scheme is proposed based on the classic fuzzy vault and the Diffie-Hellman key exchange protocol. In this proposed scheme, two users cooperatively build their fuzzy vault for their shared key using their own biometrics. Either of the users can use their own biometrics to unlock the fuzzy vault with the help of the other to get their shared key without risk of disclosure of their biometrics. Thus, they can unlock the fuzzy vault cooperatively. The security of our scheme is based on the security of the classic fuzzy vault scheme, one-way hash function and the discrete logarithm problem in a given finite group.

A Fair-Exchange E-Payment Protocol For Digital Products With Customer Unlinkability

  • Yen, Yi-Chung;Wu, Tzong-Chen;Lo, Nai-Wei;Tsai, Kuo-Yu
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.11
    • /
    • pp.2956-2979
    • /
    • 2012
  • Along with the development of Information Technology, online transactions through Internet have become more popular for the reasons of convenience and efficiency. In order to provide secure and reliable online transactions, an effective electronic payment protocol is crucial. In this paper, we propose a novel electronic payment protocol for digital product transactions with an offline arbiter to achieve fair exchange, automated dispute resolution, customer anonymity, and customer unlinkability. In our protocol a product token is adopted to eliminate the need of key management for digital product decryption in the offline arbiter. In addition, Elliptic Curve Cryptography (ECC)-based self-certified public key is utilized to further reduce computing overheads. According to our analysis, the efficiency of our protocol can be greatly increased in comparison with previous literatures.