Global ETD Search

1	Inter-Domain Identity-Based Key Agreement Schemes Hsu, Tuan-hung 07 September 2007 (has links) Recently, many identity-based two-party and three-party key agreement schemes were proposed based on pairing cryptosystems. Multi-party (including more than three parties) key agreement protocols, which are called conference key schemes, can be applied to distributed systems and wireless environments such as Ad hoc networks. However, it is not easy to extend two or three-party schemes to multi-party ones with the guarantee of efficiency and security. In addition to the above two properties, inter-domain environments should also be considered in identity-based key agreement systems. However, only few identity-based multi-party conference key agreement schemes in single domain were proposed in the literature and they did not satisfy all of the security attributes such as forward secrecy and withstanding impersonation. In this thesis, we will propose a novel efficient single-domain identity-based multi-party conference key scheme and extend it to an inter-domain version. Finally, we will prove that the proposed schemes satisfy the required security attributes via formal methods. Conference key agreement Bilinear pairing Inter-domain key agreement Identity-based cryptosystems
2	Key establishment --- security models, protocols and usage Ustaoglu, Berkant January 2008 (has links) Key establishment is the process whereby two or more parties derive a shared secret, typically used for subsequent confidential communication. However, identifying the exact security requirements for key establishment protocols is a non-trivial task. This thesis compares, extends and merges existing security definitions and models for key establishment protocols. The primary focus is on two-party key agreement schemes in the public-key setting. On one hand new protocols are proposed and analyzed in the existing Canetti-Krawzcyk model. On the other hand the thesis develops a security model and novel definition that capture the essential security attributes of the standardized Unified Model key agreement protocol. These analyses lead to the development of a new security model and related definitions that combine and extend the Canetti-Krawzcyk pre- and post- specified peer models in terms of provided security assurances. The thesis also provides a complete analysis of a one-pass key establishment scheme. There are security goals that no one-pass key establishment scheme can achieve, and hence the two-pass security models and definitions need to be adapted for one-pass protocols. The analysis provided here includes the description of the required modification to the underlying security model. Finally, a complete security argument meeting these altered conditions is presented as evidence supporting the security of the one-pass scheme. Lastly, validation and reusing short lived key pairs are related to efficiency, which is a major objective in practice. The thesis considers the formal implication of omitting validation steps and reusing short lived key pairs. The conclusions reached support the generally accepted cryptographic conventions that incoming messages should not be blindly trusted and extra care should be taken when key pairs are reused. cryptography key establishment schemes key agreement protocols Combinatorics and Optimization
3	Security in Key Agreement: Two-Party Certificateless Schemes Swanson, Colleen Marie January 2008 (has links) The main goal of cryptography is to enable secure communication over a public channel; often a secret shared among the communicating parties is used to achieve this. The process by which these parties agree on such a shared secret is called key agreement. In this thesis, we focus on two-party key agreement protocols in the public-key setting and study the various methods used to establish and validate public keys. We pay particular attention to certificateless key agreement schemes and attempt to formalize a relevant notion of security. To that end, we give a possible extension of the existing extended Canetti-Krawzcyk security model applicable to the certificateless setting. We observe that none of the certificateless protocols we have seen in the literature are secure in this model; it is an open question whether such schemes exist. We analyze several published certificateless key agreement protocols, demonstrating the existence of key compromise impersonation attacks and even a man-in-the-middle attack in one case, contrary to the claims of the authors. We also briefly describe weaknesses exhibited by these protocols in the context of our suggested security model. key agreement certificateless key establishment key compromise impersonation Combinatorics and Optimization
4	Key establishment --- security models, protocols and usage Ustaoglu, Berkant January 2008 (has links) Key establishment is the process whereby two or more parties derive a shared secret, typically used for subsequent confidential communication. However, identifying the exact security requirements for key establishment protocols is a non-trivial task. This thesis compares, extends and merges existing security definitions and models for key establishment protocols. The primary focus is on two-party key agreement schemes in the public-key setting. On one hand new protocols are proposed and analyzed in the existing Canetti-Krawzcyk model. On the other hand the thesis develops a security model and novel definition that capture the essential security attributes of the standardized Unified Model key agreement protocol. These analyses lead to the development of a new security model and related definitions that combine and extend the Canetti-Krawzcyk pre- and post- specified peer models in terms of provided security assurances. The thesis also provides a complete analysis of a one-pass key establishment scheme. There are security goals that no one-pass key establishment scheme can achieve, and hence the two-pass security models and definitions need to be adapted for one-pass protocols. The analysis provided here includes the description of the required modification to the underlying security model. Finally, a complete security argument meeting these altered conditions is presented as evidence supporting the security of the one-pass scheme. Lastly, validation and reusing short lived key pairs are related to efficiency, which is a major objective in practice. The thesis considers the formal implication of omitting validation steps and reusing short lived key pairs. The conclusions reached support the generally accepted cryptographic conventions that incoming messages should not be blindly trusted and extra care should be taken when key pairs are reused. cryptography key establishment schemes key agreement protocols Combinatorics and Optimization
5	Security in Key Agreement: Two-Party Certificateless Schemes Swanson, Colleen Marie January 2008 (has links) The main goal of cryptography is to enable secure communication over a public channel; often a secret shared among the communicating parties is used to achieve this. The process by which these parties agree on such a shared secret is called key agreement. In this thesis, we focus on two-party key agreement protocols in the public-key setting and study the various methods used to establish and validate public keys. We pay particular attention to certificateless key agreement schemes and attempt to formalize a relevant notion of security. To that end, we give a possible extension of the existing extended Canetti-Krawzcyk security model applicable to the certificateless setting. We observe that none of the certificateless protocols we have seen in the literature are secure in this model; it is an open question whether such schemes exist. We analyze several published certificateless key agreement protocols, demonstrating the existence of key compromise impersonation attacks and even a man-in-the-middle attack in one case, contrary to the claims of the authors. We also briefly describe weaknesses exhibited by these protocols in the context of our suggested security model. key agreement certificateless key establishment key compromise impersonation Combinatorics and Optimization
6	An Anonymous Authentication and Key Agreement Scheme in VANETs Liu, Jian-You 23 July 2012 (has links) Vehicular ad-hoc network (VANETs) has been a hot research topic in recent years. In this environment, each vehicle can broadcast messages to other vehicles and inform drivers to change their route right away in order to enhance the efficiency of driving and to avoid accidents. Since vehicles communicate through wireless tunnel, many malicious attacks may occur during the transmission of messages. Consequently, ensuring the correctness of receiving messages and verifying the authenticity of the sender is necessary. Besides, we also need to protect the real identities of vehicles from revealing to guarantee the privacy. To satisfy these security properties, many related researches have been proposed. However, they all have some drawbacks. For example: 1. The cost of the certificate management and the exposure problem of the certificate. 2. Waiting for RSU to verify the messages: Once more vehicles need RSU, RSU will have much more overhead and it can¡¦t achieve real-time authentication. In this thesis, we come up with an anonymous authentication and key agreement scheme based on chameleon hashing and ID-based cryptography in the vehicular communication environment. In our scheme, every vehicle can generate many different chameleon hash values to represent itself, and others can prove the ownership of chameleon hash value. Furthermore, unlike other pseudonymous authentication schemes, we also achieve one-to-one private communication via ID-based cryptography. Finally, we not only overcome some problems in previous works but also fulfill some necessary security requirements in vehicular communication environment. VANETs Anonymous Authentication ID-based Cryptography Key Agreement Chameleon hashing
7	Security Architecture for the TEAMDEC System Wang, Haiyuan 06 August 1999 (has links) The prevalence of the Internet, client/server applications, Java, e-commerce, and electronic communications offers tremendous opportunities for business, education and communication, while simultaneously presenting big challenges to network security. In general, the web was designed with little concern for security. Thus, the issue of security is important in the design of network-based applications. The software architecture proposed in this thesis allows for the secure and efficient running of a team-based decision support system, specifically TEAMDEC. Based on the system's requirements and architecture, three types of possible attacks to the system are identified and a security solution is proposed that allows for user authentication, secure communication, and script access control. The implementation of these features will reduce security risk and allow effective use of the valuable system information data. / Master of Science Network Security Cryptography Authentication Digital Signature Key Agreement Java TEAMDEC
8	Acordo de chaves criptográficas hierárquico e sem certificado / Hierarchical certificateless criptographic key agreement Rufino, Vilc Queupe 19 November 2009 (has links) Apresentamos um novo esquema de acordo de chaves criptográficas hierárquico, não Interativo e seguro contra comprometimento de múltiplos nós. Esquemas para Acordo de chaves criptográficas (KAS - Key Agreement Scheme), são usados quando duas ou mais entidades desejam compartilhar uma chave secreta única, afim de para realizar uma comunicação segura por meio de um protocolo de criptografia simétrico. O acordo de chaves proposto possui as seguintes características: Não interativo: Chaves compartilhadas são calculadas sem interação dos nós participantes; Chaves Públicas sem certificados (Certificateless): Para o cálculo da chave compartilhada o nó utiliza sua chave secreta e a chave pública do destinatário, que é certificada pela identidade do destinatário; Hierárquico: Permite que seja utilizado um gerenciamento hierárquico, para concessão, revogação e distribuição de chaves; e Resistente: Permite segurança do sistema mesmo quando nós dentro da hierarquia são comprometidos em qualquer ordem e quantidade. Este trabalho é uma nova abordagem do artigo \"Strongly-Resilent and Non-Interactive Hierarchical Key-Agreement in MANETs\" onde substituímos o uso de sistemas baseados na identidade por sistemas sem certificado, eliminando a custódia de chaves em todos os níveis hierárquicos, aumentando a segurança do sistema quanto ao comprometimento de nós. É apresentado ainda uma discussão sobre a segurança do esquema proposto e de acordos de chaves não interativos. / This work presents a new resilient, hierarchical, non-interactive and certificateless key agreement scheme. Cryptographic key agreement schemes (KAS) are used when two or more entities want to share a secret key, in order to realize secure communication using a symmetric encryption protocol. The proposed key agreement has the following characteristics: Non-interactive: Any two nodes can compute a unique shared secret key without interaction; Certificateless: To compute the shared secret key, each node only needs its own secret key, the identity of its peer and his public key implicitly certified; Hierarchical: The scheme is decentralized through a hierarchy where all nodes in the hierarchy can derive the secret keys for each of its children without any limitations or prior knowledge on the number of such children or their identities; Resilient: The scheme is resilient against compromise of any number of nodes in the hierarchy. This work is a new approach about article ``Strongly-Resilient and Non-Interactive Hierarchical Key-Agreement in MANETs\" which replaces id based system for certificateless system, eliminating the key escrow on all levels, increasing system security against compromised nodes. It also presents a discussion on the security of the proposed scheme and non-interactive key agreement. certificateless chave pública criptografia criptography hierarchy hierarquia key agreement public key security segurança sem certificado
9	Efficient Secure Electronic Mail Protocols with Forward Secrecy Hsu, Hsing 07 September 2007 (has links) In 1976, Diffie and Hellman proposed the concept of public key cryptosystem (PKC). The application and research of public key cryptography are arisen in the modern cryptography. In 2005, Sun, Hsieh, and Hwang (S.H.H.) proposed an electronic mail protocol based on classic public key cryptography. The technique of the Certificate of Encrypted Message Being a Signature (CEMBS) that Bao proposed in 1998 is applied on session key sharing of their e-mail system. In the same year, Dent pointed out that the first one of S.H.H.¡¦s e-mail protocols cannot suffice the property of forward secrecy. Thus, Kim, Koo, and Lee (K.K.L.) proposed two e-mail protocols based on signcryption concept which is proposed by Zheng in 1997 to overcome the flaw of S.H.H.¡¦s e-mail protocol in 2006. Lin, Lin, and Wang (L.L.W.) pointed out that the second one of S.H.H.¡¦s protocols cannot achieve forward secrecy and then they improved the protocol. In 2007, Yoon and Yoo claimed that the second one of K.K.L.¡¦s protocols is still vulnerable to two possible forgery attacks. In this thesis, we will make deep discussions about secure e-mail protocols based on PKC with providing the property of forward secrecy and then build a novel e-mail protocol to withstand the above attacks. Our proposed e-mail protocol can achieve the properties of authentication, confidentiality, integrity, non-repudiation and forward secrecy. Forward Secrecy Signcryption Authentication Electronic Mail Protocols Key Agreement Public Keys
10	GROUP KEY SCHEMES FOR SECURITY IN MOBILE AD HOC NETWORKS Li, Depeng 06 April 2010 (has links) In dynamic peer group communications, security has been in high demand by many applications in recent years. One of the more popular mechanisms to satisfy these security requirements is the group key scheme in which the group key is to be shared by each group communication participant. However, how to establish and manage the group key efficiently in order to protect such communications imposes new challenges - especially when such schemes are to be deployed on resource-limited networks such as Mobile Ad hoc Networks (MANETs). The basic needs of such network settings require that the group key schemes must demonstrate not only high performance but also fault-tolerance. Furthermore, to encrypt group communication messages efficiently is essential. Therefore, it is anticipated that the contributions of this thesis will address the development of lightweight and high performance key management protocols for group communications while guaranteeing the same level of security as other approaches. These contributions are listed below: First, two efficient individual rekey schemes, in which most group members process one-way hash functions and other members perform Diffie-Hellman operations, are proposed to obtain performance efficiency. Second, a periodic batch rekey scheme is proposed to handle the out-of-sync problem resulting from individual rekeying schemes in cases where there is a high rate of group member requests for joining/leaving. Third, scalable maximum matching algorithms (M2) are designed to incorporate a tree-based group key generation scheme to forward the partial keys to other group members. Fourth, a hybrid group key management architecture is proposed as well to combine the advantages of centralized and contributory group key schemes. Fifth, a Fast Encryption Algorithm for Multimedia (FEA-M) is enhanced to overcome the vulnerabilities of its original solution and its former improved variant. Performance analyses and experimental results indicate that the proposed approaches reduce computational costs and communication overhead as compared to other popular protocols. contributory group communication group key agreement applied cryptography wireless network communication security technology

Search results