DOCSLIB.ORG

A Standards for Authentication and Key Establishment

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Standards for Authentication and Key Establishment A Standards for Authentication and Key Establishment Practitioners often look to standards bodies to recommend techniques that can be used with the assurance of independent verification of correctness and suitability. Several standards exist covering protocols of the type we have examined in this book. This appendix lists the main relevant standards and briefly summarises their contents. In many cases specific protocols have been examined in the body of the book and we refer to these where appropriate. Standards are issued by many different bodies, both national and international. We have included mainly international standards; many national standards bodies issue their own versions of international standards with little or no alteration. Because of their international influence we also mention some US national standards. We additionally include some protocols which are not standardised by any organisation but which are widely deployed in certain settings. A.1 ISO Standards The International Organization for Standardization (http://www.iso.ch), also known as the ISO, has published numerous standards on cryptographic mechanisms and protocols. A.1.1 ISO/IEC 9798 ISO issued the six-part standard ISO/IEC 9798 on the topic of entity authentication. • Part 1: General (3rd edition, 2010). • Part 2: Mechanisms using symmetric encipherment algorithms (3rd edition, 2008). • Part 3: Mechanisms using digital. signature techniques (2nd edition, 1998; with amendment, 2010). • Part 4: Mechanisms using a cryptographic check function (2nd edition, 1999). • Part 5: Mechanisms using zero knowledge techniques (3rd edition, 2009). © Springer-Verlag GmbH Germany, part of Springer Nature 2020 441 C. Boyd et al., Protocols for Authentication and Key Establishment, Information Security and Cryptography, https://doi.org/10.1007/978-3-662-58146-9 442 A Standards for Authentication and Key Establishment • Part 6: Mechanisms using manual data transfer (2nd edition, 2010). The protocols in Part 2 of the standard were examined in Sect. 3.2.3. Some of the protocols in Part 3 of the standard were examined in Sect. 4.2.1. The protocols in Part 4 of the standard were examined in Sect. 3.2.4. A.1.2 ISO/IEC 11770 ISO issued the six-part standard ISO/IEC 11770 on the topic of key management. Some of the protocols in Parts 2 and 3 of the standard are strongly related to protocols in Parts 2 and 3 of ISO/IEC 9798. Part 1: Framework (2nd edition, 2010). Part 2: Mechanisms using symmetric techniques (2nd edition, 2008). The proto- cols in this part of the standard were examined in Sects. 3.3.4 (the server-less protocols) and 3.4.4 (the server-based protocols). Part 3: Mechanisms using asymmetric techniques (3rd edition, 2015). Protocols in this part of the standard include both key transport protocols which have been examined in Sect. 4.3.1 and key agreement protocols which were summarised in Sect. 5.6. Part 4: Mechanisms based on weak secrets (2nd edition, 2017). This part of the standard is concerned with password-based protocols. It includes five of the password-based key agreement protocols described in Chap. 8. Two are ‘bal- anced’ protocols where both parties hold the shared password: SPEKE (Pro- tocol 8.5) and J-PAKE (Protocol 8.8). Three are augmented protocols where a server holds only the image of the client password: SRP (Protocol 8.18), AMP (Protocol 8.19) and AugPAKE (Protocol 8.20). There is also one password- authenticated key retrieval mechanism which allows a server to furnish a user with a strong secret while the user only stores a password. This is based on a scheme of Ford and Kaliski [281]. Part 5: Group key management (2011). This part of the standard is devoted to group key establishment using a key distribution centre. (This means that it excludes group key agreement which was covered extensively in Chapter 9.) Much of the document is taken up with describing key management structures for groups, particularly various types of trees including the octopus structure shown in Protocol 9.8. There are two specific mechanisms included in the stan- dard, but both are given abstract descriptions. Protocols based on key chains are also described. With regard to security properties the standard only considers what are termed forward secrecy and backward secrecy for dynamic groups: the former states that leaving group members should not learn future keys1 while the latter states that new group members should not learn past keys. 1 Note that this definition of forward secrecy is different from what we use in most of this book. A.2 IETF Standards 443 Part 6: Key derivation (2016). Part 6 of ISO/IEC 11770 standardises key deriva- tion functions in two classes called one-step and two-step functions. The one- steps functions compute one or more keys as the output of a hash function or, in one case, a MAC algorithm. The two-step functions apply a key extraction func- tion followed by a key expansion function, the latter of which can be repeated to obtain further keys. A related standard is ISO/IEC 15946 (Part 1, 3rd edition, 2016; Part 5, 2nd edition, 2017) which covers cryptography based on elliptic curves. This standard includes details for implementing elliptic curve mechanisms defined in Part 3 of ISO/IEC 11770. A.1.3 ISO 9594-8/ITU X.509 A series of standards for directory systems was first issued in 1988 jointly by ISO and CCITT (which was later re-formed as ITU). The section of the standard num- bered 9594-8 (ISO version) or X.509 (ITU version) was known as the Authentication Framework. This section of the standard provides information on how to use a di- rectory to store public key certificates, including the format of certificates. It also includes examples of how to use the certificates to provide authentication and key establishment. In the most recent version of the standard (8th edition, 2017) the Authentication Framework has been renamed Public-Key and Attribute Certificate Frameworks. Portions of the X.509 specification have also been published by the Internet Engineering Task Force, which we note below. Under the heading ‘Strong authentication’ three key establishment protocols were presented. Unfortunately there were some problems with the protocols in the first version of the standard and they were subsequently updated. The protocols have been examined in Sect. 4.3.5. A.2 IETF Standards The Internet Engineering Task Force (IETF) (http://www.ietf.org) produces standards concerned with development of Internet technology. In contrast to many other standards bodies, the IETF works in an open way and all its documents are freely available on the Internet. Documents are first proposed as ‘Internet-Drafts’; after a series of revisions and discussion, some become standardized in documents that are known (for historical reasons) as ‘Requests for Comments’ (RFCs). There are different types of RFCs, including informational, historical, proposed standards, and Internet standards. Some RFCs are also developed by the Crypto Forum Research Group (CFRG), a working group of the IETF’s sister organisation Internet Research Task Force (IRTF), which aims to bridge theory and practice by bringing new cryptographic techniques to the Internet community and serving as an ‘expert crypto consultant’ to IETF work- ing groups. 444 A Standards for Authentication and Key Establishment Table A.1 summarises some prominent RFCs that specify or use prominent au- thenticated key exchange protocols. Some of these were examined earlier and we provide pointers to where they are described in this book. For many of these proto- cols there are additional RFCs available which cover related information or exten- sions of these protocols for different applications. We also include Internet-Drafts in a few areas which are under development but as of writing have not yet progressed to RFCs. A.3 IEEE P1363 Standards The Institute of Electrical and Electronics Engineers (IEEE) is a US-based insti- tution with a worldwide membership. The IEEE Standards Association (http: //standards.ieee.org) issues standards in a wide range of electronics and communications areas. The IEEE P1363 Working Group has developed a number of standards under the heading Standard Specifications for Public-Key Cryptography. At the time of writing there are five active standards in force from the P1363 group. 1363-2000: Public-Key Cryptography. The original P1363 standard includes spec- ifications for public key algorithms and key agreement protocols based on dis- crete logarithms. The only key establishment protocols included in P1363-2000 are basic Diffie–Hellman key agreement and authenticated versions using the Unified Model and MQV. These were examined in Sects. 5.4.4 and 5.4.5. 1363a-2004: Amendment 1: Additional Techniques. This update to the original standard incorporates implementation details for elliptic curves. 1363.1-2008: Public Key Cryptographic Techniques Based on Hard Problems over Lattices. This includes encryption and signature algorithms but no authen- tication or key establishment protocols. 1363.2-2008: Password-Based Public-Key Cryptographic Techniques. There is much overlap with the ISO/IEC 11770-4 standard (see Sect. A.1.2). The 1363.2- 2008 standard includes versions of PAK (Protocol 8.3), PPK (Protocol 8.4), SPEKE (Protocol 8.5), AMP (Protocol 8.19), B-SPEKE (Protocol 8.16) and a variant known as W-SPEKE, PAK-Z (Protocol 8.15) and SRP (Protocol 8.17). Most of the protocol specifications include versions for both the elliptic curve setting and for discrete logarithms in finite fields. 1363.3-2013: Identity-Based Cryptographic Techniques Using Pairings. There are many different identity-based cryptographic primitives included in this stan- dard but only two key agreement protocols, namely Protocol 7.12 of Wang and the variant of Smart’s protocol discussed in Sect.
Load more

Recommended publications
  • Privacy Resources 2018
    Privacy Resources 2018 By Marcus P. Zillman, M.S., A.M.H.A. Executive Director – Virtual Private Library [email protected] Privacy Resources 2018 is a comprehensive listing of privacy resources currently available on the Internet. These include associations, indexes, search engines as well as individual websites and sources that supply the latest technology and information about privacy and how it relates to you and the Internet. The below list of sources is taken from my Subject Tracer™ Information Blog titled Privacy Resources and is constantly updated with Subject Tracer™ bots from the following URL: http://www.PrivacyResources.info/ These resources and sources will help you to discover the many pathways available to you through the Internet to find the latest privacy sources and sites. Figure 1: Privacy Resources 2018 Subject Tracer™ Information Blog 1 [Updated: April 1, 2018] Privacy Resources 2018 White Paper Link Compilation http://www.PrivacyResources.info/ [email protected] Voice: 800-858-1462 © 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018 Marcus P. Zillman, M.S., A.M.H.A. Privacy Resources 2018: 10 Best Security and Privacy Apps for Smartphones and Tablets http://drippler.com/drip/10-best-security-privacy-apps-smartphones-tablets 10 Minute Mail http://10minutemail.com/10MinuteMail/index.html 10 Privacy Gadgets To Help You Keep a Secret http://www.popsci.com/keep-your-secrets-a-secret 10 Reasons to Use a VPN for Private Web Browsing http://netforbeginners.about.com/od/readerpicks/tp/Reasons-to-Use-a-VPN-Service.htm
    [Show full text]
  • Using Frankencerts for Automated Adversarial Testing of Certificate
    Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations Chad Brubaker ∗ y Suman Janay Baishakhi Rayz Sarfraz Khurshidy Vitaly Shmatikovy ∗Google yThe University of Texas at Austin zUniversity of California, Davis Abstract—Modern network security rests on the Secure Sock- many open-source implementations of SSL/TLS are available ets Layer (SSL) and Transport Layer Security (TLS) protocols. for developers who need to incorporate SSL/TLS into their Distributed systems, mobile and desktop applications, embedded software: OpenSSL, NSS, GnuTLS, CyaSSL, PolarSSL, Ma- devices, and all of secure Web rely on SSL/TLS for protection trixSSL, cryptlib, and several others. Several Web browsers against network attacks. This protection critically depends on include their own, proprietary implementations. whether SSL/TLS clients correctly validate X.509 certificates presented by servers during the SSL/TLS handshake protocol. In this paper, we focus on server authentication, which We design, implement, and apply the first methodology for is the only protection against man-in-the-middle and other large-scale testing of certificate validation logic in SSL/TLS server impersonation attacks, and thus essential for HTTPS implementations. Our first ingredient is “frankencerts,” synthetic and virtually any other application of SSL/TLS. Server authen- certificates that are randomly mutated from parts of real cer- tication in SSL/TLS depends entirely on a single step in the tificates and thus include unusual combinations of extensions handshake protocol. As part of its “Server Hello” message, and constraints. Our second ingredient is differential testing: if the server presents an X.509 certificate with its public key.
    [Show full text]
  • Mobiceal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices
    2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices Bing Chang∗, Fengwei Zhang†, Bo Chen‡, Yingjiu Li∗, Wen-Tao Zhu§, Yangguang Tian∗, Zhan Wang¶ and Albert Ching ∗School of Information Systems, Singapore Management University, {bingchang, yjli, ygtian}@smu.edu.sg †Department of Computer Science, Wayne State University, [email protected] ‡Department of Computer Science, Michigan Technological University, [email protected] §Data Assurance and Communications Security Research Center, Chinese Academy of Sciences, [email protected] ¶RealTime Invent, Inc. i-Sprint Innovations Abstract—We introduce MobiCeal, the first practical Plausibly searched and copied when he was crossing a border, and he Deniable Encryption (PDE) system for mobile devices that can was inspected for seven times during five years [26]. defend against strong coercive multi-snapshot adversaries, who The existing PDE systems on mobile devices [21], [34], may examine the storage medium of a user’s mobile device at different points of time and force the user to decrypt data. [35], [43], [27], [20] are not resilient against such multi- MobiCeal relies on “dummy write” to obfuscate the differences snapshot attacks since they hide sensitive data in the ran- between multiple snapshots of storage medium due to existence domness initially filled across the entire disk. By comparing of hidden data. By incorporating PDE in block layer, MobiCeal storage snapshots at different points of time, a multi-snapshot supports a broad deployment of any block-based file systems on adversary may detect any unaccountable changes to the ran- mobile devices.
    [Show full text]
  • NSA Vs. Encryption Article Written by Datto Developer Dan Fuhry First Appeared on Mspmentor.Com in November 2013
    SuccessArticle: EncryptionStory NSA vs. Encryption Article written by Datto developer Dan Fuhry first appeared on MSPmentor.com in November 2013. If you’ve been watching the news lately, there is no doubt you have heard about the National Security Agency’s (NSA) surveillance scandal. “We will stand in our firm Recent months have seen a revelation of programs commitment to protect you and that capture domestic and international traffic indiscriminately. Encrypted data gets saved for a your customers.” certain number of years, in case they ever decide to decrypt it. If this alarms you, that’s good. You should be alarmed. I was too, on a very personal level, and have actively been working on changing some long-established habits in order to protect the information that is private and personal to me. For MSPs not in the United States you should be even more alarmed. It’s not even your own government that has the encrypted data, and since you don’t have constitutional protection in the U.S., there is nothing legally standing in the NSA’s way to prevent them from using their dark magical cryptographic powers to obtain your confidential business or personal data. This is a frightening proposition indeed, which is why I want to talk about the position Datto has taken regarding the recent revelations. Before we go any further, allow me to briefly describe my role here. I’m a developer with Datto, and I designed the encryption feature for Datto SIRIS. I picked the ciphers, hash algorithm parameters, and random number generator algorithm, had them peer-reviewed, and then wrote the code.
    [Show full text]
  • Cisco SCA BB Protocol Reference Guide
    Cisco Service Control Application for Broadband Protocol Reference Guide Protocol Pack #60 August 02, 2018 Cisco Systems, Inc. www.cisco.com Cisco has more than 200 offices worldwide. Addresses, phone numbers, and fax numbers are listed on the Cisco website at www.cisco.com/go/offices. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS. THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY. The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB’s public domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California. NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS” WITH ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE. IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
    [Show full text]
  • Analysis of Password Cracking Methods & Applications
    The University of Akron IdeaExchange@UAkron The Dr. Gary B. and Pamela S. Williams Honors Honors Research Projects College Spring 2015 Analysis of Password Cracking Methods & Applications John A. Chester The University Of Akron, [email protected] Please take a moment to share how this work helps you through this survey. Your feedback will be important as we plan further development of our repository. Follow this and additional works at: http://ideaexchange.uakron.edu/honors_research_projects Part of the Information Security Commons Recommended Citation Chester, John A., "Analysis of Password Cracking Methods & Applications" (2015). Honors Research Projects. 7. http://ideaexchange.uakron.edu/honors_research_projects/7 This Honors Research Project is brought to you for free and open access by The Dr. Gary B. and Pamela S. Williams Honors College at IdeaExchange@UAkron, the institutional repository of The nivU ersity of Akron in Akron, Ohio, USA. It has been accepted for inclusion in Honors Research Projects by an authorized administrator of IdeaExchange@UAkron. For more information, please contact [email protected], [email protected]. Analysis of Password Cracking Methods & Applications John A. Chester The University of Akron Abstract -- This project examines the nature of password cracking and modern applications. Several applications for different platforms are studied. Different methods of cracking are explained, including dictionary attack, brute force, and rainbow tables. Password cracking across different mediums is examined. Hashing and how it affects password cracking is discussed. An implementation of two hash-based password cracking algorithms is developed, along with experimental results of their efficiency. I. Introduction Password cracking is the process of either guessing or recovering a password from stored locations or from a data transmission system [1].
    [Show full text]
  • Implicit and Explicit Certificates-Based Encryption Scheme Tomasz Hyla, Witold Maćków, Jerzy Pejaś
    Implicit and Explicit Certificates-Based Encryption Scheme Tomasz Hyla, Witold Maćków, Jerzy Pejaś To cite this version: Tomasz Hyla, Witold Maćków, Jerzy Pejaś. Implicit and Explicit Certificates-Based Encryption Scheme. 13th IFIP International Conference on Computer Information Systems and Industrial Man- agement (CISIM), Nov 2014, Ho Chi Minh City, Vietnam. pp.651-666, 10.1007/978-3-662-45237- 0_59. hal-01405660 HAL Id: hal-01405660 https://hal.inria.fr/hal-01405660 Submitted on 30 Nov 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Distributed under a Creative Commons Attribution| 4.0 International License Implicit and Explicit Certificates-based Encryption Scheme Tomasz Hyla1, Witold Maćków1, Jerzy Pejaś1, 1 West Pomeranian University of Technology, Szczecin Faculty of Computer Science and Information Technology, Poland {thyla, wmackow, jpejas}@zut.edu.pl Abstract. Certificate-based encryption (CBE) combines traditional public-key encryption and certificateless encryption. However, it does suffer to the Denial of Decryption (DoD) attack called by Liu and Au. To capture this attack, they introduced a new paradigm called self-generated-certificate public key cryptog- raphy. In this paper we show that the problem of DoD attack can be solved with a new implicit and explicit certificates-based public key cryptography paradigm.
    [Show full text]
  • The Twin Diffie-Hellman Problem and Applications
    The Twin Diffie-Hellman Problem and Applications David Cash1 Eike Kiltz2 Victor Shoup3 February 10, 2009 Abstract We propose a new computational problem called the twin Diffie-Hellman problem. This problem is closely related to the usual (computational) Diffie-Hellman problem and can be used in many of the same cryptographic constructions that are based on the Diffie-Hellman problem. Moreover, the twin Diffie-Hellman problem is at least as hard as the ordinary Diffie-Hellman problem. However, we are able to show that the twin Diffie-Hellman problem remains hard, even in the presence of a decision oracle that recognizes solutions to the problem — this is a feature not enjoyed by the Diffie-Hellman problem in general. Specifically, we show how to build a certain “trapdoor test” that allows us to effectively answer decision oracle queries for the twin Diffie-Hellman problem without knowing any of the corresponding discrete logarithms. Our new techniques have many applications. As one such application, we present a new variant of ElGamal encryption with very short ciphertexts, and with a very simple and tight security proof, in the random oracle model, under the assumption that the ordinary Diffie-Hellman problem is hard. We present several other applications as well, including: a new variant of Diffie and Hellman’s non-interactive key exchange protocol; a new variant of Cramer-Shoup encryption, with a very simple proof in the standard model; a new variant of Boneh-Franklin identity-based encryption, with very short ciphertexts; a more robust version of a password-authenticated key exchange protocol of Abdalla and Pointcheval.
    [Show full text]
  • 2.4 the Random Oracle Model
    國 立 交 通 大 學 資訊工程學系 博 士 論 文 可證明安全的公開金鑰密碼系統與通行碼驗證金鑰 交換 Provably Secure Public Key Cryptosystems and Password Authenticated Key Exchange Protocols 研 究 生:張庭毅 指導教授:楊維邦 教授 黃明祥 教授 中 華 民 國 九 十 五 年 十 二 月 可證明安全的公開金鑰密碼系統與通行碼驗證金鑰交換 Provably Secure Public Key Cryptosystems and Password Authenticated Key Exchange Protocols 研 究 生:張庭毅 Student:Ting-Yi Chang 指導教授:楊維邦 博士 Advisor:Dr. Wei-Pang Yang 黃明祥 博士 Dr. Min-Shiang Hwang 國 立 交 通 大 學 資 訊 工 程 學 系 博 士 論 文 A Dissertation Submitted to Department of Computer Science College of Computer Science National Chiao Tung University in partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Computer Science December 2006 Hsinchu, Taiwan, Republic of China 中華民國九十五年十二月 ¡¢£¤¥¦§¨© ª« ¬ Æ ¯ « ¡¨ © ¡¢£¤¥ ¦§¨©¢ª«¬ Æ ¯ Æ ­Æ Æ ¡ ElGamal ¦§ °±¥ ²³´ ·§±¥¸¹º»¼½¶­¾¿§­¾¿¸¹³ °µ¶ p ­° p§­¾¿ ElGamal Hwang §°À¡Á²±¥·§ÂÃÄŨ© ElGamal-like È ÆǧȤÉÀÊËÌ¡ÍÎϧElGamal-like IND-CPA ¡¦ÃÅ Á²±¥·ÁÃÄŧ¨©­§Æ ° ½¡ÐÑÒµ§ IND-CPA ElGamal IND- ±È¤±¥ÓÔÕ§ CCA2§ ElGamal-extended ¡Ö×ج­Ù¶ÚÀÛÜ°§¨©ÝÞ­°ÛÜߧ ¡¦§ËÌ IND-CPAPAIR ElGamal-extended Ô°°ÃÄÅ ¬§DZàáâ ãäåæçèé°¡êÛÜ°ëìíîï§åÉ i ïíîÛܰ먩ǰ § ðñòóô ¨©õ­ö÷°§Àäå ­øù×Øú§ûüÀÆý°þÿì° ÛÜµÌ °Ûܱ¡ Bellare-Pointcheval-Rogaway ¯À°úÐÑÒ·§¨© ° Diffie-Hellman õ­°Ý§¡¦§ ò°¥§§±¥§Diffie- Hellman ¯§¥§§È秧 È秧ô§§ç±Ûܧ §ÐÑÒ ii Provably Secure Public Key Cryptosystems and Password Authenticated Key Exchange Protocols Student: Ting-Yi Chang Advisor: Dr. Wei-Pang Yang Dr. Min-Shiang Hwang Institute of Computer Science and Engineering National Chiao Tung University ABSTRACT In this thesis, we focus on two topics: public key cryptosystems and pass- word authenticated key exchange protocols.
    [Show full text]
  • Sizzle: a Standards-Based End-To-End Security Architecture for the Embedded Internet
    Sizzle: A Standards-based end-to-end Security Architecture for the Embedded Internet Vipul Gupta, Matthew Millard,∗ Stephen Fung*, Yu Zhu*, Nils Gura, Hans Eberle, Sheueling Chang Shantz Sun Microsystems Laboratories 16 Network Circle, UMPK16 160 Menlo Park, CA 94025 [email protected], [email protected], [email protected] [email protected], {nils.gura, hans.eberle, sheueling.chang}@sun.com Abstract numbers of even simpler, more constrained devices (sen- sors, home appliances, personal medical devices) get con- This paper introduces Sizzle, the first fully-implemented nected to the Internet. The term “embedded Internet” is end-to-end security architecture for highly constrained em- often used to refer to the phase in the Internet’s evolution bedded devices. According to popular perception, public- when it is invisibly and tightly woven into our daily lives. key cryptography is beyond the capabilities of such devices. Embedded devices with sensing and communication capa- We show that elliptic curve cryptography (ECC) not only bilities will enable the application of computing technolo- makes public-key cryptography feasible on these devices, it gies in settings where they are unusual today: habitat mon- allows one to create a complete secure web server stack itoring [26], medical emergency response [31], battlefield including SSL, HTTP and user application that runs effi- management and home automation. ciently within very tight resource constraints. Our small Many of these applications have security requirements. footprint HTTPS stack needs less than 4KB of RAM and For example, health information must only be made avail- interoperates with an ECC-enabled version of the Mozilla able to authorized personnel (authentication) and be pro- web browser.
    [Show full text]
  • Fb Messenger for Bb
    Fb messenger for bb Reach friends wherever they are with Facebook Messenger. -Message a friend or start a Napa nie FB elor terus gak bisa di Buka. Sao hk nhắn tin đc. By. Facebook Messenger for BlackBerry allows you to keep in touch with your friends on Facebook very Watch out for this virus spreading via FB Messenger. Download Facebook Messenger for BlackBerry now from Softonic: % safe and virus free. More than downloads this month. Download Facebook. Hi all, You feel so bored with native facebook app of Blackberry. of course it may drain more battery than native Fb app of Blackberry but it is Messenger: Native Facebook Messenger for BB If FB and FB Messenger apps are battery hogs on BlackBerry like they are on my Android, I'd have had them a day or two at most and then. The official Facebook Messenger app has been available on both iOS and Android since launch, Lol, FB messenger as a BBM replacement. Messaging apps for Blackberry smartphone are also available. Download Messenger for Blackberry Z10, Q10, 4G LTE PlayBook, Curve , Curve Instantly reach the people in your life—for free. Messenger is just like texting, but you don't have to pay for every message (it works with your data plan).Not just. Download facebook for blackberry curve with chat · Facebook messenger for blackberry · Download Facebook messenger for blackberry. You can pick up the new Facebook Messenger free at Tags: RIM BlackBerry Messenger Barcode Generator Facebook App. send messages to your facebook friends over your mobile phone without dataplan or without extra SMS costs, with Facebook messenger for blackberry 10 in.
    [Show full text]
  • Towards a Hybrid Public Key Infrastructure (PKI): a Review
    Towards a Hybrid Public Key Infrastructure (PKI): A Review Priyadarshi Singh, Abdul Basit, N Chaitanya Kumar, and V. Ch. Venkaiah School of Computer and Information Sciences, University of Hyderabad, Hyderabad-500046, India Abstract. Traditional Certificate- based public key infrastructure (PKI) suffers from the problem of certificate overhead like its storage, verification, revocation etc. To overcome these problems, idea of certificate less identity-based public key cryptography (ID-PKC) was proposed by Shamir. This is suitable for closed trusted group only. Also, this concept has some inherent problems like key escrow problem, secure key channel problem, identity management overhead etc. Later on, there had been several works which tried to combine both the cryptographic techniques such that the resulting hybrid PKI framework is built upon the best features of both the cryptographic techniques. It had been shown that this approach solves many problems associated with an individual cryptosystem. In this paper, we have reviewed and compared such hybrid schemes which tried to combine both the certificate based PKC and ID-based PKC. Also, the summary of the comparison, based on various features, is presented in a table. Keywords: Certificate-based PKI; Identity-based public key cryptography (ID-PKC); Hybrid PKI 1 INTRODUCTION Public key infrastructure (PKI) and public key cryptography (PKC) [12] plays a vital role with four major components of digital security: authentication, integrity, confidentiality and non-repudiation. Infact, PKI enables the use of PKC through key management. The ”efficient and secure management of the key pairs during their whole life cycle" is the purpose of PKI, which involves key generation, key distribution, key renewal, key revocation etc [11].
    [Show full text]