Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu.

Slides:



Advertisements
Similar presentations
Boneh-Franklin Identity-based Encryption. 2 Symmetric bilinear groups G = ágñ, g p = 1 e: G G G t Bilinear i.e. e(u a, v b ) = e(u, v) ab Non-degenerate:
Advertisements

E W H A W U New Nominative Proxy Signature Scheme for Mobile Communication April Seo, Seung-Hyun Dept. of Computer Science and.
Anonymity without Sacrificing Performance Enhanced Nymble System with Distributed Architecture CS 858 Project Presentation Omid Ardakanian * Nam Pham *
An Introduction to Pairing Based Cryptography Dustin Moody October 31, 2008.
多媒體網路安全實驗室 An efficient and security dynamic identity based authentication protocol for multi-server architecture using smart cards 作者 :JongHyup LEE 出處.
BY JYH-HAW YEH COMPUTER SCIENCE DEPT. BOISE STATE UNIVERSITY Proxy Credential Forgery Attack to Two Proxy Signcryption Schemes.
11 Efficient and Secure Certificateless Authentication and Key Agreement Protocol for Hybrid P2P Network Authors: Z. B. Xu and Z. W. Li Source: The 2nd.
A Pairing-Based Blind Signature
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
New Efficient Searchable Encryption Schemes from Bilinear Pairings Author:Chunxiang Gu and Yuefei Zhu International Journal of Network Security, 2007 Presenter:
A novel and efficient unlinkable secret handshakes scheme Author: Hai Huang and Zhenfu Cao (PR China) Source: IEEE Comm. Letters 13 (5) (2009) Presenter:
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Efficient deniable authentication protocol based on generalized ElGamal signature scheme From ELSEVIER Computer Standards & Interface Author: Zuhua Shao.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Identity-based authenticated key agreement protocol based on Weil pairing N.P.Smart ELECTRONICS LETTERS 20 th June 2002 vol.38 No13 p Present by.
Certificateless Authenticated Two-Party Key Agreement Protocols
Inter-Domain Identity-Based Authenticated Key Agreement Protocols from Weil Pairing Authors: Hong-bin Tasi, Yun-Peng Chiu and Chin-Laung Lei From:ISC2006.
Identity-based authenticated key agreement protocol based on Weil pairing N.P. Smart IEE Electronics Letters 2002 Presented By Kuang-Ling Lin 10/7/2003.
1 Hidden Exponent RSA and Efficient Key Distribution author: He Ge Cryptology ePrint Archive 2005/325 PDFPDF 報告人:陳昱升.
Identity Base Threshold Proxy Signature Jing Xu, Zhenfeng Zhang, and Dengguo Feng Form eprint Presented by 魏聲尊.
Integrating Diffie-Hellman Key Exchange into the Digital Signature Algorithm IEEE Communications Letters, March 2004 Lein Harn, Manish Metha and Wen- Jung.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Improvement of Hwang-Lo-Lin scheme based on an ID-based cryptosystem No author given (Korea information security Agency) Presented by J.Liu.
1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.
Computer Science Public Key Management Lecture 5.
By Jyh-haw Yeh Boise State University ICIKM 2013.
“Security Weakness in Bluetooth” M.Jakobsson, S.Wetzel LNCS 2020, 2001 The introduction of new technology and functionality can provides its users with.
Bilinear Mappings in Formal Cryptography
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
Cyrtographic Security Identity-based Encryption 1Dennis Kafura – CS5204 – Operating Systems.
Computer Science CSC 774 Advanced Network Security Topic 2.6 ID Based Cryptography #2 Slides by An Liu.
An ID-Based Mutual Authentication and Key Exchange Protocol for Low- Power Mobile Devices Authors: Tsu-Yang Wu and Yuh-Min Tseng Source: The Computer Journal.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Center for Information Security Technologies ID-based Authenticated Key Exchange for Low-Power Mobile Devices K. Y. Choi, J. Y. Hwang, D. H. Lee CIST,
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Linkability of Some Blind Signature Schemes Swee-Huay Heng 1, Wun-She Yap 1 Khoongming Khoo 2 1 Multimedia University, 2 DSO National Laboratories.
Department of Computer Engineering, Kyungpook National University Author : Eun-Jun Yoon, Wan-Soo Lee, Kee-Young Yoo Speaker : Wan-Soo Lee
Secure Communication between Set-top Box and Smart Card in DTV Broadcasting Authors: T. Jiang, Y. Hou and S. Zheng Source: IEEE Transactions on Consumer.
Cryptanalysis of Some Proxy Signature Schemes without Certificates Wun-She Yap, Swee-Huay Heng Bok-Min Goi Multimedia University.
多媒體網路安全實驗室 Anonymous ID Signature Scheme with Provable Identity Date: Reporter :Chien-Wen Huang 出處: 2008 Second International Conference on Future.
Hyunsung Kim Dept. of Cyber Security, Kyungil University Korea Non-interactive Hierarchical Key Agreement Protocol over WHMS.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Identity based signature schemes by using pairings Parshuram Budhathoki Department of Mathematical Science FAU 02/21/2013 Cyber Security Seminar, FAU.
Password-only Authenticated Key Agreement Protocols Based on Self-certified Approach Tzong-Chen Wu and Yen-Ching Lin Department of Information Management.
An Improved Efficient Secret Handshakes Scheme with Unlinkability Author: Jie Gu and Zhi Xue Source: IEEE Comm. Letters 15 (2) (2011) Presenter: Yu-Chi.
A new provably secure certificateless short signature scheme Authors: K.Y. Choi, J.H. Park, D.H. Lee Source: Comput. Math. Appl. (IF:1.472) Vol. 61, 2011,
Pairing based IBE. Some Definitions Some more definitions.
Robust and Efficient Password- Authenticated Key Agreement Using Smart Cards Authors: Wen-Shenq Juang, Sian-Teng Chen and Horng-Twu Liaw Src: IEEE Transaction.
Key Management Network Systems Security Mort Anvari.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Diffie-Hellman Key Exchange first public-key type scheme proposed by Diffie & Hellman in 1976 along with the exposition of public key concepts – note:
ID-base Signature from Pairings on Elliptic Curve Kenneth G. Paterson From IACR Server 2002/004 Reference :Identity-Based Encryption from the Weil Pairing.
Key Generation Protocol in IBC Author : Dhruti Sharma and Devesh Jinwala 論文報告 2015/12/24 董晏彰 1.
An Introduction to Pairing Based Cryptography
Identity Based Encryption
Boneh-Franklin Identity Based Encryption Scheme
Certificateless signature revisited
SAKAWP: Simple Authenticated Key Agreement Protocol Based on Weil Pairing Authors: Eun-Jun Yoon and Kee-Young Yoo Src: International Conference on Convergence.
Identity-based deniable authentication protocol
An Introduction to Pairing Based Cryptography
Source: Ad Hoc Networks, Vol. 71, pp , 2018
Date:2011/09/28 報告人:向峻霈 出處: Ren-Chiun Wang  Wen-Shenq Juang 
A Note on Secure Key Issuing in ID-based Cryptography
Biometrics-based RSA Cryptosystem for Securing Real-Time Communication
Presentation transcript:

Weakness of Shim’s New ID- base Tripartite Multiple-key Agreement Protocol Authors: J.S. Chou, C.H.Lin and C.H. Chiu ePrint/2005/457 Presented by J. Liu

Outline Introduction Background Shim’s protocol Attack Conclusion

Introduction The first one round tripartite D-H key agreement protocol was proposed by Joux in Vulnerable to man-in-middle attack Eight session keys Unknown-key-share attack Shim’s protocol Impersonation attack

Background Bilinear pairing from G 1  G 1  G 2, where G 1 is a cyclic group generated by P, which has order q, and G 2 is a cyclic multiplicative group of order q. 1.e(aP,bQ)=e(P,Q) ab 2.There exists P,Q  G 1 such that e(P,Q)  1. 3.Computability.

Shim’s protocol Setup: KGC set up P pub = sP and public the system parameters {G 1, G 2, q, e, P, P pub, H, H 1 }, where H, H 1 are hash functions. Private key extraction: 1. User A submits his ID to KGC. 2. KGC computes Q ID = H 1 (ID) and S ID = sQ ID.

Three parties key-agreement A (B, C) randomly chooses a and a’ (respectively, (b, b’), (c, c’)). A computes P A = aP, P A ’ = a’P and T A = S A +a 2 P+a’P pub. B computes P B = bP, P B ’ = b’P and T B = S B +b 2 P+b’P pub. C computes P C = cP, P C ’ = c’P and T C = S C +c 2 P+c’P pub.

User A verifies… computes e(T B +T C,P) = e(S B +b 2 P+b’P pub +S C +c 2 P+c’P pub, P) = e(sP B +b’sP+sP C +c’sP, P)e(b 2 P,P)e(c 2 P, P) = e(Q B +Q C +P’ B +P’ C,P pub )e(P B,P B )e(P C,P C ) K A1 = e(P B,P C ) a, K A2 = e(P B,P’ C ) a K A3 = e(P’ B,P C ) a, K A4 = e(P’ B,P’ C ) a K A5 = e(P B,P C ) a’, K A6 = e(P B,P’ C ) a’ K A7 = e(P’ B,P C ) a’, K A8 = e(P’ B,P’ C ) a’ ?

Keys K 1 = e(P,P) abc, K 2 = e(P,P) abc’, K 3 = e(P,P) ab’c, K 4 = e(P,P) ab’c’, K 5 = e(P,P) a’bc, K 6 = e(P,P) a’bc’, K 7 = e(P,P) a’b’c, K 8 = e(P,P) a’b’c’

Attack Attacker X impersonate B to communication with A and C. (gets four valid keys) X computes P X = xP, P X ’ = x’P-Q B and T X = x 2 P+x’P pub. e(T X +T C,P) = e(x 2 P+x’P pub +S C +c 2 P+c’P pub, P) = e(x’P+Q C +c’P, P pub )e(x 2 P+c 2 P, P) = e(P x ’+Q B +Q C +c’P,P pub )e(P X,P X )e(P C,P C ) = e(Q B +Q C +P’ X +P’ C,P pub )e(P X,P X )e(P C,P C )

Conclusion Shim’s protocol cannot resist impersonation attack. The memory of Falling-Star.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.