Mengbo Hou

A Two-party certificateless authenticated key agreement protocol without pairing

Authenticated key agreement (AK) protocol is crucial in providing data confidentiality and integrity for subsequent communications among two or more parties over a public network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional public key cryptography (PKC). Unfortunately, construction of CL-PKC and AK protocols has so far depended on the use of identity-based encryption, which results in the bilinear pairing-based schemes that need costly operations. We present a secure certificateless authenticated key agreement protocol without paring, based on the certificateless encryption scheme proposed by J. Baek et al. It shows that the newly proposed scheme is of nice efficiency and practical. Moreover, it provides perfect forward secrecy, PKG forward secrecy and almost all the other known security attributes, such as known-key secrecy, key-compromise impersonation resilience, unknown key-share resilience, known session-specific temporary information security, message independence and no key control.

Key Replicating Attack on Certificateless Authenticated Key Agreement Protocol

Authenticated key agreement protocol is crucial in providing data confidentiality and integrity to subsequent communications among two or more parties over a public network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional PKI. In 2007, Y.J Shi and J.H Li proposed a two-party authenticated key agreement protocol based on the certificateless encryption scheme proposed by B. Libert and J.J. Quisquater. It is found that the scheme is vulnerable to the key replicating attack (one form of the man-in-the-middle attack), so it doesn’t possess the security attribute of implicit key authentication and key control. We analyze such an attack of this protocol in the BR93 model in detail, and demonstrate that the protocol is not secure if the adversary is allowed to send a reveal query to reveal non-partner players who had accepted the same session key.

Constructing Secure Two-Party Authenticated Key Agreement Protocol Based on Certificateless Public Key Encryption Scheme

Authenticated key agreement protocol is one of the important cryptographic primitives to ensure secure communication in an open network. Certificateless public key cryptography (CL-PKC) represents an interesting and potentially useful balance between public key cryptography based on certificates and identity-based cryptography. The topic of CL-PKC has undergone quite rapid development with schemes being proposed for encryption and signatures, while certificateless authenticated key agreement protocols are seldom discussed. In this paper, we present a secure two-party authenticated key agreement protocol based on an efficient certificateless public key encryption with pairing. Such a scheme achieves almost all of the security attributes, including known-key secrecy, perfect forward secrecy, PKG forward secrecy, key-compromise impersonation resilience, unknown key-share resilience, known session-specific temporary information security, message independence and no key control. Meanwhile, it is also practical with nice efficiency.

An efficient and secure one-round authenticated key agreement protocol without pairings

Two-Party Authenticated key agreement protocol is essential for setting up the common session key for parties to establish secure channel for network communication in the open environment. Most of proposed schemes require expensive bilinear pairing operation and only provide limited security attributes. So such protocols are unsuitable for real-world applications that require stronger sense of secrecy. In this paper, we first analysis two schemes recently proposed by Cao etc., and then present a one-round ID-based authenticated key agreement protocol with more desired security attributes, which need no pairing operations while still achieve nice computational efficiency. These security attributes include known-key secrecy, perfect forward secrecy, PKG forward secrecy, key-compromise impersonation resilience, unknown key-share resilience and no key control. Moreover, it captures the enhanced security attributes - known session-specific temporary key information secrecy, which means that even the ephemeral secret key were compromised, the adversary can hardly acquire the agreed session key.

Secure and Efficient Two-Party Authenticated Key Agreement Protocol from Certificateless Public Key Encryption Scheme

As the fundamental building block for secure communication in the open network, authenticated key agreement protocols are usually constructed in the public key setting. Certificateless public key cryptography combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional PKI. In this paper, we present a secure and efficient two-party authenticated key agreement protocol based on the efficient certificateless public key encryption scheme due to Cheng and Comley. Security analysis shows that it achieves perfect forward secrecy, PKG forward secrecy and almost all the other known security attributes for authenticated key agreement protocol, such as known-key secrecy, key-compromise impersonation resilience, unknown key-share resilience, known session-specific temporary information security, message independence and no key control. Compared to other comparable schemes, it is more secure and has nice efficiency.

Secure certificateless-based authenticated key agreement protocol in the client-server setting

E-learning communication security should be considered to ensure sensitive message transmission. Authenticated key agreement protocol in the client- server setting is the fundamental building block for ensuring client-server entity authentication, data confidentiality and integrity. So far, great deals of two- party authenticated key agreement protocols were proposed based on traditional public key cryptography and identity-based cryptography, but the certificateless-based authenticated key agreement protocol is seldom discussed. In this paper, we propose such a secure protocol from a certificateless public key encryption scheme due to Park et al. Compared to other comparable protocols, it achieves more security attributes, such as no-key escrow, perfect forward secrecy, known session-specific temporary information security and no-key control etc. Meanwhile, it keeps nice efficiency.

On the Security of Certificateless Authenticated Key Agreement Protocol (CL-AK) for Grid Computing

Grid Security Infrastructure (GSI) provides an efficient mechanism to solve security problems using conventional public key infrastructure (PKI). The notion of certificateless public key cryptography gives another efficient cryptographic primitive to support Grid security services. In the recent work, Wang et al. proposed the first certificateless authentication and key agreement protocol (CL-AK) for Grid computing based on the Diffie-Hellman key agreement protocol and certificateless public key cryptography, which fits well with the GSI and provides a more lightweight key management approach for entity or data authentication and confidential protection. The authors declare that the protocol achieves many security goals. However, we found the scheme cannot withstand key compromise impersonation attack and key replicating attack, thus it doesn’t possess some desirable security attributes, such as key compromise impersonation resilience and key integrity. We analyze the key replicating attack against the protocol in the BR93 security model in more detail.

An Efficient Certificate Revocation and Verification Scheme from Multi-Hashing

Even though Public Key Infrastructure (PKI) and X.509 certificate has been a prominent security model for a variety of e-commerce applications and large scale distributed computing, it has not been sufficiently investigated in the certificate revocation and verification mechanism. In this paper, we discuss the need and importance of certificate revocation and verification, and analyze the limitations of several certificate validation schemes that are widely used in PKI environments. Then we propose an alternative scheme. The underlying idea is that the certificate holder provides certificate validation proof (CVP) to the verifiers in manner of initiative. According to this scheme, The CVP is a proof issued by a trusted third party (TTP) for the certificate stating whether it was revoked or not. For both parties in any transaction, the certificate holder provides the CVP to the verifier, the verifier knows about the validity status of the certificate by verifying CVP efficiently without any extra information except the certificate. The CVP is created by multi-operations with a HASH function and operations are associated with the current time. The suggested scheme is principally simple with characteristics of distributed processing, high security, low communication costs and good practicability.

Secure and efficient two-party certificateless authenticated key agreement protocol

Authenticated key agreement protocol is used to provide data confidentiality and integrity to subsequent communications among two or more parties over a public network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional PKI. In this paper, we present a secure and efficient two-party authenticated key agreement protocol based on the certificateless encryption scheme due to Libert and Quisquater. Security analysis shows that it achieves perfect forward secrecy, PKG forward secrecy and almost all the other known security attributes, such as known-key secrecy, key-compromise impersonation resilience, unknown key-share resilience, known session-specific temporary information security, message independence and no key control. Compared to other comparable schemes, it is more secure and efficient.

A Secure ID-Based Explicit Authenticated Key Agreement Protocol without Key Escrow

Key agreement protocols are essential for secure communications in open and distributed environments. Identity-based cryptography has become extremely fashionable in the last few years for its special advantages. In this paper, we point out some flaw in the scheme proposed by Wang et al., then we present a two-party identity-based explicit authenticated key agreement protocol with key confirmation, which was inspired on a new identity-based encryption scheme first proposed by Gentry and can be used properly in the escrowless mode. The scheme captures the attributes of known-key secrecy, key-compromise impersonation resilience, unknown key-share resilience, perfect forward secrecy, and no-key control. Especially, the scheme captures the PKG forward secrecy property. The PKG still could not recover all the users’ past session keys even he knows the long-term private keys of all users.