Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang."— Presentation transcript:

1 Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang

2 Outline Introduction New Model: Cross-Realm PSAKE Security Proposed Scheme Conclusion

3 Introduction YB scheme  Secure Cross-Realm C2C-PAKE Protocol, 2006,(27) WZ scheme  A New Security Model for Cross-Realm C2C-PAKE Protocol, 2007,(1)

4 Outline Introduction New Model: Cross-Realm PSAKE Security Proposed Scheme Conclusion

5 New Model Execute( ) :  This query models passive attacks.  The output of this query consists of messages that were exchanged during the honest execution of the protocol among.

6 New Model SendClient(U l,m) :  This query models active attacks against a client.  The output of this query consists of the message that the client instance U l would generate on receipt of message m.

7 New Model SendServer(S l,m) :  This query models active attacks against servers.  The output of this query consists of the message that the server instance S l would generate on receipt of message m.

8 New Model SessionReveal(U l ) :  This query models the misuse of session keys.  The output of this query consists of the session key held by the client instance U l if the session is completed for U l. Otherwise, return ⊥.

9 New Model StaticReveal(P) :  This query models leakage of the static secret of P (i.e., the password between the client and the corresponding server, or the private information for the server).  The output of this query consists of the static secret of P.

10 New Model EphemeralReveal(P l ) :  This query models leakage of all session-specific information (ephemeral key) used by P l.  The output of this query consists of the ephemeral key of the instance P l.

11 New Model EstablishParty(U l, pw U ) :  This query models the adversary to register a static secret pw U on behalf of a client.  In this way the adversary totally controls that client.  Clients against whom the adversary did not issue this query are called honest.

12 New Model Test(U l ) :  This query does not model the adversarial ability, but in distinguishability of the session key.  At the beginning a hidden bit b is chosen.  If no session key for the client instance U l is defined, then return the undefined symbol ⊥.  Otherwise, if b = 1, return the session key for the client instance U l if b = 0, a random key from the same space.

13 New Model TestPassword(U, pw) :  This query does not model the adversarial ability, but no leakage of the password.  If the guessed password pw is just the same as the client U’s password pw, then return 1.  Otherwise, return 0. Note that, the adversary can only one TestPassword query at any time during the experiment.

14 Outline Introduction New Model: Cross-Realm PSAKE Security Proposed Scheme Conclusion

15 Proposed Scheme p, q :  the large primes such that p = 2q + 1 A,B ∈ U :  the identities of two clients in two different realms SA,SB ∈ S:  the identities of their corresponding servers respectively.

16 Proposed Scheme Gen(1 k ) :  key generation algorithm Enc pk (m; ω) :  encryption algorithm of a message m using a public key pk and randomness ω Dec sk (c) :  decryption algorithm of a cipher-text c using a private key sk.

17 Proposed Scheme Public information :  G, g, p,H 1,H 2 Long-term secret of clients :  pw A for A and pw B for B Long-term secret of servers :  (pw A, sk SA ) for SA and (pw B, sk SB ) for SB

18 Proposed Scheme

19

20 Outline Introduction New Model: Cross-Realm PSAKE Security Proposed Scheme Conclusion

21 setting# of rounds for clients UDonDALEP of servers KCIChannel between servers YBpassword-only2insecure secure channel WZpassword-only2+Psecureinsecure secure channel [19] password and public-key crypto 7secureinsecuresecurenone [20] password and smart cards 4secureinsecuresecurenone Ours password and public-key crypto 2secure Authentic ated channel Where P denote the number of moves of a secure 2-party PAKE. UDonDA: undetectable on-line dictionary attacks LEP: leakage of ephemeral private keys of servers KCI: key-compromise impersonation

Download ppt "Cross-Realm Password-Based Server Aided Key Exchange Source: WISA 2010, LNCS 6513, pp. 322–336, 2011(0) Author: Kazuki Yoneyama Presenter: Li-Tzu Chang."

Similar presentations

TCC 2006 Research on Password-Authenticated Group Key Exchange Jeong Ok Kwon, Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai (Kyushu.

TCC 2006 Research on Password-Authenticated Group Key Exchange Jeong Ok Kwon, Ik Rae Jeong, and Dong Hoon Lee (CIST, Korea Univ.) Kouchi Sakurai (Kyushu.
Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.

Cryptanalysis of a Communication-Efficient Three-Party Password Authenticated Key Exchange Protocol Source: Information Sciences in review Presenter: Tsuei-Hung.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Encryption Public-Key, Identity-Based, Attribute-Based.

Encryption Public-Key, Identity-Based, Attribute-Based.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.

Rennes, 23/10/2014 Cristina Onete Putting it all together: using multiple primitives together.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
Copyright Justin Klein Keane InfoSec Training Encryption.

Copyright Justin Klein Keane InfoSec Training Encryption.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,

1 Three-Party Encrypted Key Exchange Without Server Public-Keys C. L. Lin, H. M. Sun, M. Steiner, and T. Hwang IEEE COMMUNICATIONS LETTER, VOL. 5, NO.12,
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.

Co-operative Private Equality Test(CPET) Ronghua Li and Chuan-Kun Wu (received June 21, 2005; revised and accepted July 4, 2005) International Journal.
1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date : 2008-06-03.

1 Identity-Based Encryption form the Weil Pairing Author : Dan Boneh Matthew Franklin Presentered by Chia Jui Hsu Date :
Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.

Practical Techniques for Searches on Encrypted Data Author: Dawn Xiaodong Song, David Wagner, Adrian Perrig Presenter: 紀銘偉.
1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.

1 How to securely outsource cryptographic computations Susan Hohenberger and Anna Lysyanskaya TCC2005.

Similar presentations

Ads by Google