Download presentation
Presentation is loading. Please wait.
1
Key Establishment Protocols - 12.6 ~ 12.9 -
Seunggyu BYEON
2
Contents 12.6 Key agreement based on asymmetric techniques
12.7 Secret sharing 12.8 Conference keying 12.9 Analysis of key establishment protocols
3
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (i) Basic version of Diffie-Hellman key agreement (Exponential key exchange) The first practical solution to the key distribution problem Allowing two parties, never having met in advance or shared keying material To establish a shared secret by exchanging messages over an open channel
4
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (i) Diffie-Hellman key agreement (Exponential key exchange) Alice Bob π=23, πΌ=5 π΄= 5 6 πππ 23 π΅= πππ 23 π΄=8 π΅=19 πΎ= πππ 23 πΎ= πππ 23 πΎ=2 π₯=6 π¦=15 πΌ π₯ πΌ π¦ 1. One-time Setup 3. (a)(b) random π₯ and π¦ and sends πΌ π₯ and πΌ π¦ 2. Protocol Message Aο B : πΌ π₯ 3. (c)(d) receives πΌ π¦ and πΌ π₯ and shares πΌ π¦ π₯ = πΌ π₯ π¦
5
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (i) Diffie-Hellman key agreement (Exponential key exchange) 12.48 Note. Time-invariant Nature 12.49 Remark.
6
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (i) Diffie-Hellman key agreement (Exponential key exchange)
7
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (i) Diffie-Hellman key agreement (Exponential key exchange) 12.50 Note. Vulnerableness to not authenticated exponentials Alice Bob π=23, πΌ=5 1. One-time Setup π₯=6 π¦=15 π=π
π+1 3. (a)(b) Choose random π₯ and π¦ and sends πΌ π₯ and πΌ π¦ π΄= 5 6 πππ 23 πΌ π = πΌ πβ1 /πΉ(π) π΅= πππ 23 π΄=8 πΌ π₯ =8 πΌ π¦ =19 π΅=19 2. Protocol Message Aο B : πΌ π₯ πΌ π¦π πΌ π₯π πΎ= πβ = β1 6 =1 πΎ= 8 πβ = β1 15 =β1 Β±1 Β±1 3. (c)(d) receives πΌ π¦ and πΌ π₯ and shares πΌ π¦π π₯ = πΌ π₯π π¦ πΌ π₯π¦π πΌ π₯π¦π
8
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (ii) ElGamal key agreement in one-pass (half-certificated Diffie-Hellman) Diffie-Hellman variant providing a one-pass protocol with unilateral key authentication More simply Diffie-Hellman key agreement wherein the public exponential of the recipient is fixed and has verifiable authenticity
9
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (ii) ElGamal key agreement in one-pass (half-certificated Diffie-Hellman) Alice Bob 1. One-time Setup random π and πΌ π Included its public key π=23, πΌ=5, πΌ π =19 π=15 π₯=6 3. (a) A obtains Bβs public key A choose a random integer π₯ sends 2 π΄= 5 6 πππ 23 π΄=8 πΌ π₯ 2. Protocol Message Aο B : πΌ π₯ πΎ= πΌ π 6 πππ 23 πΎ= πππ 23 πΎ= πππ 23 3. (a) πΌ π π₯ = (b) πΌ π π₯ πΎ=2 πΎ=2
10
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iii) MTI two-pass key agreement protocols As in ElGamal key agreement, A sends to B a single message, resulting in the shared key K B independently initiates an analogous protocol with A, resulting in the shared key Kβ Each of A and B then computes k=KKβ mod p
11
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iii) MTI two-pass key agreement protocols Alice Bob Alice Bob π, πΌ, πΌ π = π§ π΅ 1. One-time Setup random π and πΌ π Included its public key π, πΌ, πΌ π = π§ π΄ π₯ π π π¦ 3. (a) A obtains Bβs public key A choose a random integer π₯ sends 2 πΌ π₯ 2. Protocol Message Aο B : πΌ π₯ πΌ π¦ π§ π΅ π₯ πΌ ππ₯ πΌ ππ¦ π§ π΄ π¦ 3. (a) πΌ π π₯ = (b) πΌ π π₯ πΎ πΎ πΎβ² πΎβ² = = πΌ ππ¦ π§ π΅ π₯ πΌ ππ₯ π§ π΄ π¦ π=πΎ πΎ β² πππ π = πΌ ππ₯+ππ¦
12
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iii) MTI two-pass key agreement protocols
13
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iii) MTI two-pass key agreement protocols β 12.54 Alice Charlie Bob 1. One-time Setup random π and πΌ π Included its public key π, πΌ, πΌ π = π§ π΄ π₯ π, πΌ, πΌ π = π§ π 3. (a) A obtains Bβs public key A choose a random integer π₯ and sends π¦ π, πΌ, πΌ π = π§ π΅ πΌ π₯ Change Source Indication πΌ π₯ 2. Protocol Message Aο B : πΌ π₯ πΌ π¦ π§ π΅ π₯ πΌ π¦ π§ π΄ π¦ 3. (a) πΌ π π₯ = (b) πΌ π π₯ πΎ πΎ = πΌ ππ¦ π§ π΅ π₯ π=πΎ πΎ β² πππ π
14
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iii) MTI two-pass key agreement protocols β 12.54 Alice Charlie Bob 1. One-time Setup random π and πΌ π Included its public key π¦ π, πΌ, πΌ π = π§ π΄ π, πΌ, πΌ ππ = π§ πΆ 3. (a) A obtains Bβs public key A choose a random integer π¦ and sends πΌ π¦ πΌ ππ¦ 2. Protocol Message Bο A : πΌ π¦ πΎ πΎ= πΌ πππ¦ πΎ believes that itβs shared with Bob believes that itβs shared with Charlie 3. (a) πΌ π π₯ = (b) πΌ π π₯ π= πΌ πππ¦+ππ₯
15
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iii) MTI two-pass key agreement protocols 12.55 Remark 12.56 Remark.
16
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iv) Station-to-Station Protocol (STS) the establishment of a shared secret key between two parties with mutual entity authentication and mutual explicit key authentication The protocol also facilitates anonymity β the identities of A and B may be protected from Eaves
17
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iv) Station-to-Station Protocol (STS) Alice Bob 1. One-time Setup π=23, πΌ=5 , π π΄ , π π΄ πππ π π΄ π₯=6 π¦=15 4. (a) A obtains Bβs public key A choose a random integer π₯ sends B π΄= 5 6 πππ 23 4. (b) computes πΌ π¦ and signs the concatenates of both exp., encrypts it using the key π΄=8 3. Protocol Message Aο B : πΌ π₯ AοB : πΌ π¦ , πΈ π π π΅ πΌ π¦ , πΌ π₯ Aο B : πΈ π π π΄ πΌ π₯ , πΌ π¦ πΌ π₯ π= πππ 23 πΌ π¦ = πππ 23 =19 πΌ π¦ , πΈ π π π΅ πΌ π¦ , πΌ π₯ 4. (c) computes the shared key, Decrypts the encrypted data, uses Bβs public key to verifyβ¦ π= πππ 23 4. (d) Decrypts the encrypted data, uses Aβs public key to verifyβ¦ Verification of π π΅ πΈ π π π΄ πΌ π₯ , πΌ π¦ Verification of π π΄ 4. (a) πΌ π π₯ = (b) πΌ π π₯ π=2 π=2
18
12.6 Key agreement based on asymmetric techniques
Diffie-Hellman and related key agreement protocols (iv) Station-to-Station Protocol (STS) 12.58 Remark
19
12.7 Secret Sharing 12.7 Secret Sharing γ΄γ·γ
20
12.7.1 Simple shared control schemes
12.7 Secret Sharing Simple shared control schemes (i) Dual control by modular addition
21
12.7.1 Simple shared control schemes
12.7 Secret Sharing Simple shared control schemes (ii) Unanimous consent control by modular addition 12.68 Remark
22
12.7 Secret Sharing 12.7.2 Threshold schemes 12.69 Definition
12.70 Remark
23
12.7 Secret Sharing Threshold schemes Shamirβs threshold scheme
24
12.7.3 Generalized secret sharing
25
12.7.3 Generalized secret sharing
26
12.8 Conference keying Generalized secret sharing
27
12.7.3 Generalized secret sharing
12.8 Conference keying Generalized secret sharing Burmester-Desmedt conference keying protocol
28
12.7.3 Generalized secret sharing
12.8 Conference keying Generalized secret sharing Burmester-Desmedt conference keying protocol
29
12.7.3 Generalized secret sharing
12.8 Conference keying Generalized secret sharing Unconditionally secure conference keying
30
12.9 Analysis of key establishment protocols
Attack strategies and classic protocol flaws Attack 1: Intruder-in-the-middle
31
12.9 Analysis of key establishment protocols
Attack strategies and classic protocol flaws Attack 2: Reflection attack
32
12.9 Analysis of key establishment protocols
Attack strategies and classic protocol flaws Attack 3: Interleaving attack
33
12.9 Analysis of key establishment protocols
Attack strategies and classic protocol flaws Attack 4: Misplaced trust in server
34
12.9 Analysis of key establishment protocols
Analysis objectives and methpds Definition
35
12.9 Analysis of key establishment protocols
Analysis objectives and methpds Definition
36
I appreciate your deep interest
Similar presentations
