Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrating Identity based Cryptosystem (IBC) with CGA in Mobile IPv6 draft-cao-mipshop-ibc-cga-00.txt Zhen Cao Hui Deng IETF #67.

Published byValentine Hancock Modified over 9 years ago

Similar presentations

Presentation on theme: "Integrating Identity based Cryptosystem (IBC) with CGA in Mobile IPv6 draft-cao-mipshop-ibc-cga-00.txt Zhen Cao Hui Deng IETF #67."— Presentation transcript:

1 Integrating Identity based Cryptosystem (IBC) with CGA in Mobile IPv6 draft-cao-mipshop-ibc-cga-00.txt Zhen Cao Hui Deng IETF #67

2 Outline Issues with CGA-based drafts Issues with address ownership problem On our draft: IBC-CGA

3 Problem with CGA-based drafts: Quote from RFC 3972 Section 7.4 A strong cautionary note has to be made about using CGA for purpose other than SEND –“ Each protocol MUST define its own type tag values as explained ” : to defend against “ related protocol ” attacks –“ The minimum RSA key length of 384 bits may be too short for many applications and the impact of key compromise on the particular protocol must be evaluated ” : more considerations are necessary –“ If the goal is not to verify claims about IPv6 addresses, CGA signatures are probably not the right solution ” : not a sufficient security mechanism

4 Several attacks to CGA AttacksBig Integer Factoring Hash collision Related protocol attack Auto-configure Cost for attackers Expensive O(2^(n/2)) Medium O(2^(59+H)) LowestLow O(2^(16*Sec)) HazardHolds unless key changes Holds until address changes Reply attackHolds unless attackers being discovered DefenseLonger keyHash extension Define ‘ Type tag ’ Trust relationship n: public key length H: hash extension provided by CGA

5 Address ownership problem By signing a message with a private key, the CGA verifier asserts that: –(a) the address is owned by somebody –(b) the message is coming from the address owner It cannot tell whether the address owner is a trusted party. How to address this trust relationship problem is an issue.

6 What is IBC ? Identity Based Cryptosystem: a cryptosystem in which the public key is retrieved from an identity of the entity, and the private key is securely distributed by the Key Distribution Center. –K + = F (pub, ID), pub is publicly known –K - = F ’ (sec, ID), sec is known only to KDC and the client Is not new to IETF

7 What is IBC-CGA ? Using IBC to broke trust relations through a trusted third party (e.g. Key Distribution Center) IBC-CGA –MN registers IBC-ID on KDC, get K + and K - –Get CGA: CGA = F (K+) –Signature: CGA-Sign (K -, M) –IBC-CGA parameter: containing an IBC-ID instead of a public key –Trust: by verifying the CGA signature, the verifier can convince whether the sender is an entity trusted by the KDC as well as address ownership

8 Comparison PKICGAIBCIBC-CGA Infrastructure CANoneKDC Authenticity Signature Trust relationship Rooted in CA NoneRooted in KDC Address ownership NoneYesNoneYes Efficiency Not goodOKIt depends

9 Acknowledgement Discussion with Christian Vogt, James Kempf, Wassim Haddad in the ML, thanks for your comments and advice.

10 Thanks for your attention Questions ?

Download ppt "Integrating Identity based Cryptosystem (IBC) with CGA in Mobile IPv6 draft-cao-mipshop-ibc-cga-00.txt Zhen Cao Hui Deng IETF #67."

Similar presentations

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Cryptographic Technologies

Cryptographic Technologies
1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.

1 Digital Signatures CSSE 490 Computer Security Mark Ardis, Rose-Hulman Institute April 12, 2004.
Key Distribution CS 470 Introduction to Applied Cryptography

Key Distribution CS 470 Introduction to Applied Cryptography
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

Similar presentations

Ads by Google