Authenticated Trusted Server Controlled Key Establishment Astha Keshariya A thesis submitted for degree of Doctor of Philosophy At the University of Otago, Dunedin New Zealand Date: 31st Dec 2010 This page is left blank. ii Keywords Three Party Authenticated Key Establishment, Trusted-server based Key Establishment Protocols, Authentication, Computer Security, Communications Security, Cryptography, Distributed Denial of Service resilience, Key Agreement Protocols, Key Establishment Protocols, Key Transport Protocols, Asymmetric Key Encryption, RSA based Authentication, Certificate based Authentication, Non-repudiation, Key escrow, Secure Mobile environment, Mobile Payments Systems, Provably Secure Protocols, 3-D Secure Protocol, Securing Mobile Communications, Secure Electronic Transactions, Properties of Key Establishment, Securing Real-time Wireless communications. iii Abstract The trusted server based key establishment protocols are well received by the research community. In this thesis we have discussed the benefits of asymmetric key based authentication scheme mediated by a trusted server which is known to all the users in a system. We have proposed a new trusted server based key establishment protocol (and named it AK-protocol) that makes use of well known certificate based authentication scheme (or ID based scheme when medium level of security is required), and the session key generation requires equal contribution of the trusted server and the participating clients. That is, the generation of ephemeral keys exclusively lies with the trusted server and the generation of a session key is completed only after clients have exchanged their ephemeral keys. We have analysed the AK-protocol for various properties, e.g., Perfect Forward Secrecy, Known Session-Key Security, Unknown Key Share Resilience, Key Control, Key Freshness, Key Compromise, Bandwidth Required, Scalability, Key Distribution, Central Directory Service, Non- Repudiation, Key Escrow, Desired properties from Three Party Authenticated Key Establishment (3PAKE) protocols and the Message Flow of the AK-protocol. We have also scrutinized the resilience of the AK- protocol when under different attack situations like Replay, Impersonation, DDoS attacks, including a specific situation where an attacker can craft protocol messages to mislead the clients. We have computed its Bit Complexity and evaluated the efforts required to carry out its Cryptanalysis. We have illustrated its practicability in different arenas. We executed a proof-of-concept implementation of the AK-protocol using Java on TCP, which showed us comparable results with SSL when the trusted server and iv the participating clients were in the same network. We substantiated that it can be integrated with the existing 3-D Secure Protocol of Visa and MasterCard for online payment systems which when applied offers more reliable communication, cryptographically. We have also corroborated that the AK-protocol can be implemented with mobile payment systems with worked out examples of cryptographic mathematics involved in the protocol. Additionally, we have also suggested the use of AK-protocol in securing real-time mobile communications where the session key is generated using our protocol and a stream cipher algorithm, RC4 is used for encryption/decryption. We present three examples that illustrate the data flow, cryptographic mathematics involved in the AK-protocol. v Acknowledgments A special thanks to the University of Otago, for giving me the opportunity to pursue my PhD from their prestigious faculty of learning organization. I am privileged to have worked under the very knowledgeable supervisor Dr. Hank Wolfe. I want to take this opportunity to express my sincere gratitude to him for his supervision and interest in my thesis. Not only he showed me apt direction but also encouraged me to nourish my thoughts. I am grateful to my co-supervisors Dr. Noria Foukia and Dr. Mariusz Nowostawski for their valuable suggestions and recommendations. A Special thanks to the Department of Information Science for providing me the resources to accomplish my work. I am grateful to Stephen Hall- Jones, Graham Copson and his entire team from the department, for their endless support. From the financial perspective, I am indebted to Technology for Industry Fellowships (TIF) and Telecom New Zealand, for funding my research, without which I could not have been able to undertake the research. My husband Sandip Bose has been a source of inspiration and constant support at every instant, especially when I thought of giving up. This thesis would have not been possible if he was not with me. Special thanks to my entire family who have encouraged me and blessed me in all my endeavours. I sincerely thank God for showing me the light in his own surreptitious ways. vi Table of Contents Keywords .................................................................................. (iii) Abstract .................................................................................. (iv) Acknowledgements .................................................................................. (vi) List of Figures .................................................................................. (xii) List of Tables .................................................................................. (xiii) Notations .................................................................................. (xiv) Abbreviations .................................................................................. (xvi) Chapter 1 Introduction .................................................................................... 1 1.1 Chapter Introduction ...................................................................................... 1 1.2 Key Establishment ........................................................................................... 1 1.3 Key Distribution Problem ................................................................................ 2 1.4 Trusted Server based Key Establishment ........................................................ 2 1.5 Need for Certificates based PKI ...................................................................... 5 1.6 Research Objectives and Deliverables ............................................................ 6 1.7 Structure of the Thesis .................................................................................... 8 Chapter 2 Cryptographic Components ......................................................... 11 2.1 Chapter Introduction .................................................................................... 11 2.2 Cryptography ................................................................................................ 11 2.3 Cryptographic Components .......................................................................... 12 2.3.1 Encryption and Decryption .................................................................... 12 2.3.2 Symmetric and Asymmetric Key Cryptography ..................................... 12 2.3.3 Hash Functions ....................................................................................... 13 2.3.4 Digital Signatures ................................................................................... 14 2.4 Establishing Secure Communication ............................................................. 14 2.5 RSA Algorithm ............................................................................................... 15 vii 2.5.1 RSA Key Generation ............................................................................... 15 2.5.2 RSA Encryption and Decryption ............................................................. 16 2.5.3 RSA Sign and Verify ................................................................................ 16 2.6 The integer factorization problem ................................................................ 18 Chapter 3 Key Establishment ....................................................................... 19 3.1 Chapter Introduction .................................................................................... 19 3.2 Key Establishment ......................................................................................... 19 3.3 Key Pre-distribution ...................................................................................... 20 3.4 Two-Party Key Establishment ....................................................................... 22 3.5 Trusted Third Party Key Establishment ......................................................... 23 3.5.1 Kerberos ................................................................................................. 25 3.6 Key Agreement Protocols based on Symmetric-Key Techniques ................. 28 3.6.1 ISO/IEC 11770-2 ..................................................................................... 28 3.6.2 Gong’s Alternative Protocol ................................................................... 30 3.7 Key Transport Protocols based on Public Key Encryption ............................ 30 3.7.1 Needham-Schroeder Public-key protocol .............................................. 31 3.7.2 X.509 Strong Authentication Protocol ................................................... 31 3.7.3 SSL/TLS protocol .................................................................................... 32 3.8 Key Transport Protocols ................................................................................ 34 3.8.1 Beller-Yacobi Protocol ...........................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages180 Page
-
File Size-