Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg. 966-967 May 1993 Adviser:

Published byHilda Pierce Modified over 9 years ago

Similar presentations

Presentation on theme: "Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg. 966-967 May 1993 Adviser:"— Presentation transcript:

1 Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg. 966-967 May 1993 Adviser: Min-Shiang Hwang Student: CSONGK ( 鍾松剛 ) Weaknesses In Some Recent Key Agreement Protocols K. Nyberg, R.A. Rueppel Electronics Letters Vol. 30, No. 1, Pg. 26-27 January 1994 Integrating Diffie-Hellman Key Exchange Into The Digital Signature Algorithm (DSA) Lein Harn, M. Mehta, W.-J. Hsin IEEE Communications Letters Vol. 8, No. 3, Pg. 198-200 March 2004

2 The Motivations (Arazi, 1993) The DSS is only suitable to generate signatures on documents which are also transmitted in clear  The distribution of secret keys by DSS is ruled out The DH can not authenticate the actual involved parties Solution: Join them up!!

3 Review of DSA Select two primes  p (2 L-1 < p < 2 L ), 512 ≦ L ≦ 1024  q (2 159 < q < 2 160 ) Compute g = h (p-1)/q mod p >1 y = g x mod p, {p, q, g, y} are public value and {x} is user’s private key r = (g k mod p) mod q s =[k -1 (H(m)+xr)] mod q a = (s’) -1 mod q, u1 = [H(m’)a] mod q, u2 = (r’a) mod q b = [(g u1 * y u2 ) mod p] mod q If b = r’, the signature is verified m, r, s Alice Bob

4 Review to DH Deffie-Hellman: Select p and g, P is a large prime, g is a generator with order p-1 in Alice Bob Select xSelect y mAmA mBmB K1=K2

5 Arazi’s system Alice Bob Public key y A = g x A mod p Randomly select a secret v m A = g v mod p r A = m A mod q s A = v -1 [H(m A ) + x A r A ] mod q Public key y B = g x B mod p Randomly select a secret w m B = g w mod p r B = m B mod q s B = w -1 [H(m B ) + x B r B ] mod q m A, s A m B, s B Verification: r B = m B mod q a = (s B ) -1, u1 = H(m B )˙a, u2 = r B ˙a b = [(g u1 * y B u2 ) mod p] mod q = g H(m B ) ˙w [H(m B ) + x B r B ] -1 ˙g x B (r B ˙ w [H(m B ) + x B r B ] -1 ) = g [ H(m B )+x B r B ] ˙w ˙ [H(m B ) + x B r B ] -1 = [g w mod p] mod q = r B K = m B v = m A w mod p

6 Known key attack (Nyberg et al. 1994) Except K and g x A x B mod p, all quantities are publicly known If K is know, g x A x B mod p can be easily computed and vice versa

7 Harn et al.’s scheme One-round protocol  Support non-interactive protocol Secure e-mail transmission Two-round protocol  Provide authenticated key exchange for interactive communications Thee-round protocol  Provide authenticated, key confirmation and non- playback key exchange

8 Three-round protocol : y A = g x A mod p : y B = g x B mod p Shared key Not sent

9 Security analysis (known key attack 1/2)

10 Known key attack 2/2 K AB and K BA I can compute g x A x B g x A x B K AB OR K BA I face discrete logarithm problem to obtain another shared secret key However, if

11 Summary of contribution Provide multiple secret keys, one for each direction  Conforms with most standard protocols, e.g. SSL and IPSec The shared key is included in the signature equation  Prevent known key attack and key replay attack Three-round protocol achieves key confirmation  Prevent unknown key-share attack

Download ppt "Integrating A Key Distribution Procedure Into The Digital Signature Standard B. Arazi Electronics Letters Vol. 29, No. 11, Pg. 966-967 May 1993 Adviser:"

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,

Digital Signature Algorithm (DSA) Kenan Gençol presented in the course BIL617 Cryptology instructed by Asst.Prof.Dr. Nuray AT Department of Computer Engineering,
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.

Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
Key Establishment Techniques: Key Distribution and Key Agreement

Key Establishment Techniques: Key Distribution and Key Agreement

Similar presentations

Ads by Google