1 / 8

SAKA WP : Simple Authenticated Key Agreement Protocol Based on Weil Pairing

SAKA WP : Simple Authenticated Key Agreement Protocol Based on Weil Pairing. Authors: Eun-Jun Yoon and Kee-Young Yoo Src: International Conference on Convergence Information Technology, 21-23 Nov. 2007 pp. 2096 - 2101 Presenter: Jung-wen Lo ( 駱榮問 ). Outline. Introduction

conlan
Télécharger la présentation

SAKA WP : Simple Authenticated Key Agreement Protocol Based on Weil Pairing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAKAWP: Simple Authenticated Key Agreement Protocol Based on Weil Pairing Authors: Eun-Jun Yoon and Kee-Young YooSrc: International Conference on Convergence Information Technology, 21-23 Nov. 2007 pp. 2096 - 2101 Presenter: Jung-wen Lo (駱榮問)

  2. Outline • Introduction • Notation • SAKAWP Protocol • Security Analysis • Performance comparison • Conclusion & Comment

  3. Introduction • Simple Authenticated Key Agreement • Seo and Sweeney • Electronics Letters, 35(13), pp.1073-1074,1999 • Elliptic curve cryptosystem • V. Miller (1986), N. Koblitz (1987) • A. Joux (LNCS 1838, 2000) • Weil Diffie-Hellman problem can be considered as a new security assumption to develop cryptosystems • Bilinear pairing • Effective method of reducing the complexity of the discrete log problem in a finite field and they provide an appropriate setting for the Weil Diffie-Hellman problem • Modified Weil pairing Let p be a prime such that q|(p − 1) for a large prime q. Let G1 and G2 be two cyclic groups of order q. The modified Weil pairing is a mapping e : G1 × G1 → G2 which satisfies the following properties: • Bilinear: e(aP, bQ) = e(P,Q)ab, for all P,Q ∈ G1 and all a, b ∈ Zq. • Non-degenerate: There exists a point P ∈ G1 such that e(P,P) ≠ 1. • Computable: e(P,Q) can be computed in polynomial time.

  4. Notation • IDA,IDS: Identity of user A and authentication server S, individually. • PWA: The common password shared between A and S. • p: A prime such that p = (2 mod 3) and p = 6q − 1 for a large prime q. • E: A super-singular curve defined by y2 = x2+1 over finite field Fp. • P ∈ E/Fp: A generator of the group of points of order q. • Eq: The group generated by P. • μq: The subgroup of F∗p2of order q. • e : Eq×Eq → μq: A modified Weil pairing. • H(·): A cryptographic one-way hash function which maps a string to an element of Fp. • G(·): A cryptographic one-way hash function which maps a string to a point of G1. • sid: A session identifier. • a: A secret random number ∈ Z∗q chosen by A • b: A secret random number ∈ Z∗q chosen by S • SK: A shared common session key between A and B

  5. SAKAWP Protocol A S (IDA, Eserverk(PWA)) 1.Random aZ*qX=aPX1=X+G(sid,IDA,PWA) sid,IDA,X1 2.Random bZ*qY=bPX=X1-G(sid,IDA,PWA)U=G(sid, IDA, IDS) KS=e(X,bU)=e(P,U) abMACKS=H(sid,X,KS) 3.U’=G(sid, IDA, IDS) KA=e(Y,aU’)=e(P,U’) abH(sid,X,KA)?=MACKSMACKA=H(sid,Y,KA)SK=H(sid,IDA,IDS,KA) sid,IDS,Y,MACKS sid,MACKA 4.H(sid,Y,KS)?=MACKASK=H(sid,IDA,IDS,KS)

  6. Security Analysis • Replay attack • Intercept X1 still need correct PWA • KA need correct b => ECDLP • Password guessing attack • ECDLP & WDH • Man-in-the-middle attack • Mutual password PWA • Modification attack • Check KA=KS and Validity of X1 & Y • Known-key security • Each run produce unique session key • Session key security • Key is only known by A & S • a,b protected by WDH & hash function • Perfect forward secrecy • PWA compromised => WDH

  7. Performance comparison

  8. Conclusion & Comment • Conclusion • Secure • Efficient • Mutual authentication • Comment • Try 2 rounds • Provide password change

More Related