Zhoujun Li

Cryptanalysis of simple three-party key exchange protocol

Recently, Lu and Cao published a novel protocol for password-based authenticated key exchanges (PAKE) in a three-party setting in Journal of Computers and Security, where two clients, each shares a human-memorable password with a trusted server, can construct a secure session key. They argued that their simple three-party PAKE (3-PAKE) protocol can resist against various known attacks. In this paper, we show that this protocol is vulnerable to a kind of man-in-the-middle attack that exploits an authentication flaw in their protocol and is subject to the undetectable on-line dictionary attack. We also conduct a detailed analysis on the flaws in the protocol and provide an improved protocol.

An efficient and non-interactive hierarchical key agreement protocol

The non-interactive identity-based key agreement schemes are believed to be applicable to mobile ad-hoc networks (MANETs) that have a hierarchical structure such as hierarchical military MANETs. It was observed by Gennaro et al. (2008) that there is still an open problem on the security of the existing schemes, i.e., how to achieve the desirable security against corrupted nodes in the higher levels of a hierarchy? In this paper, we propose a novel and very efficient non-interactive hierarchical identity-based key agreement scheme that solves the open problem and outperforms all existing schemes in terms of computational efficiency and data storage.

Enhanced McCullagh-Barreto identity-based key exchange protocols with master key forward security

Master key forward security is an important property for identity-based key exchange protocols. Unfortunately, most of existing identity-based key exchange protocols do not satisfy this property. In this paper, we firstly analyse Xies modified protocol to show that signature is undesirable for an identity-based key agreement protocol with the master key forward secrecy. Then we present two improved protocols from McCullagh-Barreto identity-based key agreement protocol to capture the master key forward security. Our first protocol is efficient and its security can be proved with the help of a decisional oracle, while the second one achieves stronger security and its security can be reduced to a computational problem in the random oracle model. The master key forward secrecy is proved under the computational Diffie-Hellman assumption.

An Integrated Approach to Automatic Management of Virtualized Resources in Cloud Environments

Cloud computing, as a newly emergent computing environment, promises dynamic flexible infrastructures required to host Internet applications and application service level objects (SLOs) guaranteed services in a pay-as-you-go manner to the public. However, an important problem that remains to be effectively addressed is how to offer a cloud resource management solution that saves hardware and operations and management costs while meeting various SLOs. It faces the following challenges: complex dynamic relationships between application workload and SLOs and resource utilization, and the virtual machine (VM) placement problem in cloud environments. In this paper, we present an integrated approach that employs three-layered resource controllers using different analytic techniques, including the feedback control theory, statistical machine learning and system identification etc. Compared with Xen, KVM is chosen as the VM monitor to implement the proposed approach. Our experimental results show that the integration of layered controllers can reasonably allocate multiple resources to applications which execute on different VMs in cloud environments to achieve application SLOs under fluctuating time-varying workloads and unpredictable variations of system situations. In addition, it provides application SLO differentiation.

Provably secure identity-based authenticated key agreement protocols with malicious private key generators

Identity-based authenticated key agreement is a useful cryptographic primitive and has received a lot of attention. The security of an identity-based system relies on a trusted private key generator (PKG) that generates private keys for users. Unfortunately, the assumption of a trusted PKG (or a curious-but-honest PKG) is considered to be too strong in some situations. Therefore, achieving security without such an assumption has been considered in many cryptographic protocols. As a PKG knows the private keys of its users, man-in-the-middle attacks (MIMAs) from a malicious PKG is considered as the strongest attack against a key agreement protocol. Although securing a key agreement process against such attacks is desirable, all existent identity-based key agreement protocols are not secure under such attacks. In this paper, we, for the first time, propose an identity-based authenticated key agreement protocol resisting MIMAs from malicious PKGs that form a tree, which is a commonly used PKG structure for distributing the power of PKGs. Users are registered at a PKG in the tree and each holds a private key generated with all master keys of associated PKGs. This structure is much more efficient, in comparison with other existing schemes such as threshold-based schemes where a user has to register with all PKGs. We present our idea in two protocols. The first protocol is not secure against MIMAs from some kinds of malicious PKGs but holds all other desirable security properties. The second protocol is fully secure against MIMAs. We provide a complete security proof to our protocols.

Toward an Accurate Snapshot of DHT Networks

DHTs have been widely used in designing various applications, especially P2P file sharing systems. It is crucial but difficult to get an accurate snapshot of a DHT network, since such network is serverless and peers join and depart dynamically. In this letter, we analyze and empirically verify that neither breadth-first search nor depth-first search is optimal for DHT snapshot crawling, due to uneven ID distribution of contacts in the routing table of each DHT peer. We then propose a hybrid search strategy which could both start up quickly and slow down slowly. The experiment performed on Mainline shows that this approach significantly outperforms breadth-first or depth-first search strategy.

A Note on an Improved Self-Healing Group Key Distribution Scheme

In 2014, Chen et al. proposed a one-way hash self-healing group key distribution scheme for resource-constrained wireless networks in the journal of Sensors (14(14):24358-24380, doi: 10.3390/s141224358). They asserted that their Scheme 2 achieves mt-revocation capability, mt-wise forward secrecy, any-wise backward secrecy and has mt-wise collusion attack resistance capability. Unfortunately, this paper pointed out that their scheme does not satisfy the forward security, mt-revocation capability and mt-wise collusion attack resistance capability.

A provably secure authenticated key agreement protocol for wireless communications

Designing elliptic curve password-based authenticated key agreement (ECPAKA) protocols for wireless mobile communications is a challenging task due to the limitation of bandwidth and storage of the mobile devices. Some well-published ECPAKA protocols have been proved to be insecure. We notice that until now none of the existing ECPAKA protocols for wireless mobile communication is provided any formal security analysis. In this paper, we propose a novel protocol and conduct a formal security analysis on our protocol. Compared with other ECPAKA protocol, our protocol meets all basic security properties and is the first ECPAKA protocol with formal security proof for wireless communication. We also explore the suitability of the novel protocol for 3GPP2 specifications and improve the A-Key (Authentication Key) distribution for current mobile cellular systems.

Authenticated key exchange protocol with selectable identities

In the traditional identity-based cryptography, a user, who holds multiple identities, has to manage multiple private keys, where each private key is associated with an identity. In this paper, we present a key agreement protocol, which allows a single private key to map multiple public keys (identities) that are selectable by the user. That is, the established session key is associated with an arbitrary subset of identities held by the user, while the unselected identities remain secret to other participants. As a bonus, our scheme can be considered as a credential-based key agreement, where the unique private key can be treated as a credential of the user and the user only proves that his credential is associated with some selected identities. We prove that our scheme is secure in the random oracle model. Copyright

Monitoring, analyzing and characterizing lookup traffic in a large-scale DHT

Lookup is crucial to locate peers and resources in structured P2P networks. In this paper, we measure and analyze the traffic characteristics of lookup in Kad, which is a widely used DHT network. Some previous works studied the user behaviors of Kad, yet we believe that investigating its traffic characteristics will also be beneficial, as it gives feedbacks to fine tune the system parameters, helps to uncover the abnormalities or misuses, and provides solid ground for synthesizing P2P traffic to evaluate future designs. To track the lookup requests more efficiently and from more peers in Kad, we develop an active traffic monitor, named Rememj. From the one-week data it collected, we uncover some interesting phenomena. Moreover, we characterize the traffic characteristics from the collected data in a form that can be used for constructing representative synthetic workloads for evaluating DHT optimizations or designs. In particular, the analysis exposes heterogeneous behavior that occurs in different geographical regions (i.e., Europe, Asia, and America) or during different periods of the day. The workload measures include distribution of peers, distribution of request load, distribution of targets, as well as similarity among targets.