| | SLO | ENG | Cookies and privacy

Bigger font | Smaller font

Show document

Title:RAZVOJ OVERJENIH PROTOKOLOV ZA IZMENJAVO KLJUČEV NA TEMELJU IDENTITETE
Authors:Hölbl, Marko (Author)
Welzer Družovec, Tatjana (Mentor) More about this mentor... New window
Rijmen, Vincent (Co-mentor)
Files:.pdf DR_Holbl_Marko_i2009.pdf (7,74 MB)
 
Language:Slovenian
Work type:Dissertation (m)
Organization:FERI - Faculty of Electrical Engineering and Computer Science
Abstract:Protokoli za izmenjavo ključev omogočajo dvema ali več entitetam vzpostavitev skupnega sejnega ključa, ki se kasneje uporabi za zagotavljanje kriptografskega cilja, kot je šifriranje podatkov pri prenosu po nezavarovanih omrežjih. Overjeni protokoli za izmenjavo ključev dodatno zagotavljajo tudi overitev sodelujočih entitet. Pri razvoju overjenih protokolov za izmenjavo ključev lahko uporabimo različne pristope, ki vplivajo na varnost in učinkovitost. Varnost overjenih protokolov za izmenjavo ključev je definirana s pomočjo varnostnih kriterijev. Končni cilj je razvoj protokola, ki je varen in učinkovit hkrati. V disertaciji obravnavamo dvostranske in tristranske overjene protokole za izmenjavo ključev na temelju identitete, njihovo varnost in učinkovitost. V okviru disertacije so podani številni izvirni znanstveni prispevki. Predlagana sta dva nova dvostranska overjena protokola za izmenjavo ključev na temelju identitete z uporabo modularne aritmetike - IDAK2-1 in IDAK2-2. Nadalje je opisan napad s kompromitiranjem ključa na Scottov dvostranski overjeni protokol za izmenjavo ključev na temelju identitete z uporabo operacij parjenja in dva nova protokola omenjenega tipa; t.j. IDAK2P-1 in IDAK2P-2. Zadnji prispevek vključuje dva nova tristranska overjena protokola za izmenjavo ključev na temelju identitete z uporabo operacij parjenja, poimenovana IDAK3P-1 in IDAK3P-2. Vsi predlagani protokoli so evalvirani z vidika varnosti in učinkovitosti. Kriterij za ocenjevanje varnosti temelji na izpolnjevanju varnostnih kriterijev (lastnosti), medtem ko je kriterij za ocenjevanje učinkovitosti povzet po literaturi, kakor tudi definiran v okviru doktorske disertacije ter vključuje računsko in komunikacijsko učinkovitost. Predlagane in obstoječe protokole smo primerjali glede na učinkovitost in varnost. Kriterij za primerjavo učinkovitosti je definiran kot izpolnjevanje varnostnih kriterijev (lastnosti) in obstoj morebitnih napadov na določen protokol. Primerjavo učinkovitosti predlaganih in obstoječih protokolov smo izvedli s pomočjo komunikacijske in računske zahtevnosti. Izvirni znanstveni prispevki vključujejo tudi podrobno analizo obstoječih dvostranskih in tristranskih overjenih protokolov za izmenjavo ključev na temelju identitete, njihovih lastnosti in morebitnih napadov. Rezultati disertacije kažejo, da protokola IDAK2-1 in IDAK2-2 izpolnjujeta vse varnostne kriterije. Protokol IDAK2-2 je najbolj učinkovit protokol med dvostranskimi overjenimi protokoli za izmenjavo ključev na temelju identitete z uporabo modularne aritmetike in je enako učinkovit kot Saeednijev protokol, medtem ko se protokol IDAK2-1 uvršča na drugo mesto. Med dvostranskimi overjenimi protokoli za izmenjavo ključev na temelju identitete z uporabo operacij parjenja tako protokol IDAK2P-1 kakor IDAK2P-2 izpolnjujeta vse varnostne kriterije. Protokol IDAK2P-2 je med najbolj učinkovitimi protokoli ob upoštevanju pred-računanja. Protokol IDAK2P-1 pa je bolj učinkovit kot Choie-Jeong-Leejev protokol I. V skupini tristranskih overjenih protokolov za izmenjavo ključev na temelju identitete z uporabo operacij parjenja protokol IDAK3P-1 izpolnjuje vse varnostne kriterije, medtem ko protokol IDAK3P-2 ne izpolnjuje popolnega vnaprejšnjega skrivanja. Vendar tudi določeni obstoječi protokoli ne izpolnjujejo tega kriterija. Glede na učinkovitost je protokol IDAK3P-1 računsko najbolj učinkovit, protokol IDAK3P-2 pa je drugi najbolj učinkovit protokol in je izenačen s Shiminim protokolom.
Keywords:overjanje, protokol za izmenjavo ključev, sistem na temelju identitete, bilinearna parjenja, kriptografija, varnost
Year of publishing:2009
Publisher:M. Hölbl]
Source:Maribor
UDC:004.62.056(043.3)
COBISS_ID:245243648 Link is opened in a new window
NUK URN:URN:SI:UM:DK:T098NJMT
Views:2672
Downloads:304
Metadata:XML RDF-CHPDL DC-XML DC-RDF
Categories:KTFMB - FERI
:
  
Average score:(0 votes)
Your score:Voting is allowed only for logged in users.
Share:AddThis
AddThis uses cookies that require your consent. Edit consent...

Hover the mouse pointer over a document title to show the abstract or click on the title to get all document metadata.

Secondary language

Language:English
Title:DEVELOPMENT OF IDENTITY-BASED AUTHENTICATED KEY AGREEMENT PROTOCOLS
Abstract:Key agreement protocols enable two or more entities to establish a shared session key which can be later used to achieve a cryptographic goal such as encryption of data sent over an insecure network. In addition, authenticated key agreement protocols assure authenticity of the participating entities. Different approaches can be used when developing authenticated key agreement protocols which affect their security and efficiency. Security of an authenticated key agreement protocol is defined using security attributes. The main goal is to develop a protocol which is secure and efficient at the same time. This thesis discusses two-party and three-party identity-based authenticated key agreement protocols, their security and efficiency attributes and presents several contributions to the field. Firstly, two new two-party identity-based authenticated key agreement protocol using modular arithmetics are proposed, namely IDAK2-1 and IDAK2-2. Secondly, a key compromise impersonation attack on Scott's two-party identity-based authenticated key agreement protocol using pairings is described and two new two-party identity-based authenticated key agreement protocols which employ pairings are proposed - IDAK2P-1 and IDAK2P-2. Finally, two new three-party identity-based authenticated key agreement protocols which employ pairings are proposed, named IDAK3P-1 and IDAK3P-2. All proposed protocols are evaluated regarding security and efficiency. The security comparison criterion is based upon the fulfillment of security attributes while the efficiency criterion is defined partly in scope of the thesis and partly from literature. It includes computational as well as communicational efficiency. Moreover, the proposed protocols are compared to existing ones with regard to efficiency and security. The security criterion is defined as the fulfillment of security attributes and the existence of attacks for a specific protocol. The efficiency comparison criterion is defined by the communicational and computation effort of each protocol. Additionally, a comprehensive in-depth review of existing two-party and three-party identity-based authenticated key agreement protocols, their properties and known attacks is given. The results of the thesis regarding two-party identity-based key agreement protocols using modular arithmetics indicate that IDAK2-1 and IDAK2-2 conform to all security attributes. IDAK2-2 is the most efficient protocol of the group equal to Saeednia et al's protocol, whereas IDAK2-1 is the second most efficient protocol of the group. Regarding two-party identity-based authenticated key agreement protocol employing pairing operations, both IDAK2P-1 and IDAK2P-2 offer all the security attributes, whereas several competitive protocols do not. IDAK2P-2 is among the most efficient protocols if pre-computations are taken into consideration, while IDAK2P-1 is more efficient than Choie-Jeong-Lee's protocol I. In the group of three-party identity-based authenticated key agreement protocols, the proposed IDAK3P-1 protocol conforms to all security attributes, whereas IDAK3P-2 lacks in perfect forward secrecy. However, specific competitive protocols share this deficiency. Regarding efficiency, IDAK3P-1 is the most efficient protocol, while IDAK3P-2 is the second most efficient and at the same level as Shim's protocol.
Keywords:authentication, key agreement protocol, identity-based, bilinear pairing, cryptography, security


Comments

Leave comment

You have to log in to leave a comment.

Comments (0)
0 - 0 / 0
 
There are no comments!

Back
Logos of partners University of Maribor University of Ljubljana University of Primorska University of Nova Gorica