Skip to main content
Disciplines
Automotive Business IT + Informatics Construction + Real Estate Electrical Engineering + Electronics Energy + Sustainability Insurance + Risk Finance + Banking Management + Leadership Marketing + Sales Mechanical Engineering + Materials
Events
DE
EN
Books
Journals
Topic Page
Marketing
Start single access now
Access for companies
EXTENDED SEARCH
Log in
Top
Published in:
Introduction Read chapter Read first chapter

2010 | OriginalPaper | Chapter

11. Key Establishment Using Signcryption Techniques

Author : Alexander W. Dent

Published in: Practical Signcryption

Publisher: Springer Berlin Heidelberg

Log in

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

Possibly the most useful branch of public key cryptography is key establishment. After all, it is the problem of symmetric key distribution that prompted Diffie and Hellman to propose the notion of public key cryptography in the first place [74]. The basic idea behind a key establishment protocol is that two (or more) parties should exchange cryptographic messages in such a way that, at the end of the protocol, they both know a shared key—typically a bitstring of a fixed length that can be used with a symmetric cryptosystem. It is imperative that no party other than those actively participating in the key establishment protocol (and perhaps one or more trusted third parties) can obtain any information about this shared secret key. We also usually require that, at the end of a successful protocol execution, each party is convinced of the identity of the other party. Hence, the basic security notions we require from a key establishment protocol are those of confidentiality and entity authentication.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

inform now
previous chapter Identity-Based Signcryption
next chapter Applications of Signcryption
Footnotes
1
We note that if an attacker can arrange for two sessions to have the same nonce, then this attacker can break the scheme. The attacker starts a series of new sessions between A and B using a single session identity sid. If the nonce that B outputs is fresh (i.e., different from all previous nonces) then the attacker passes this nonce to B, who outputs an encapsulation. The attacker then reveals the session key for this session; records the nonce, encapsulation, and key; expires both A and Bs sessions; and repeats the process. If the nonce that is output is not fresh, then the attacker finds the corresponding encapsulation with the same nonce from his records and submits this to B as A’s response. The attacker makes this the test session; however, the attacker already knows this session key from the earlier reveal query.
 
2
In this attack, \(\mathcal{A}\) generates \(q_{\mathit{send}}/2\) distinct nonces, queries an entity A with each nonce using the Send oracle, stores the associated encapsulation C, obtains the session key for each session using the Reveal oracle, and then expires the session. Each key is stored with the appropriate encapsulation and nonce. \(\mathcal{A}\) then starts \(q_{\mathit{send}}/2\) distinct sessions with an entity B. If the entity outputs a nonce different to any of those generated in the first phase, then the attacker expires the session. If B outputs a nonce which is the same as one that the attacker generated in the first phase, then the attacker responds using the appropriate encapsulation and declares this to be the Test session. Since the attacker already knows the key associated with the encapsulation, the attacker can trivially win the game.
 
Literature
23.
M. Bellare, R. Canetti, and H. Kraczyk. A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the 30th Symposium on the Theory of Computing – STOC 1998, pages 419–428. ACM Press, 1998.
27.
M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In B. Preneel, editor, Advances in Cryptology – Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 139–155. Springer, 2000.
28.
M. Bellare and P. Rogaway. Entity authentication and key distribution. In D. R. Stinson, editor, Advances in Cryptology – Crypto ’93, volume 773 of Lecture Notes in Computer Science, pages 232–249. Springer, 1993.
34.
M. Bellare and P. Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. In S. Vaudenay, editor, Advances in Cryptology – Eurocrypt 2006, volume 4004 of Lecture Notes in Computer Science, pages 409–426. Springer, 2006.
37.
T. E. Bjørstad and A. W. Dent. Building better signcryption schemes with tag-KEMs. In M. Yung, Y. Dodis, A. Kiayas, and T. Malkin, editors, Public Key Cryptography – PKC 2006, volume 3958 of Lecture Notes in Computer Science, pages 491–507. Springer, 2006.
49.
C. Boyd. Design of secure key establishment protocols: Successes, failures and prospects. In A. Canteaut and K. Viswanathan, editors, Progress in Cryptology – Indocrypt 2004, volume 3348 of Lecture Notes in Computer Science, pages 1–13. Springer, 2004.
50.
C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment. Springer, 2003.
54.
R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Symposium on Foundations of Computer Science – FOCS 2001, pages 136–145. IEEE Computer Society, 2001.
55.
R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their uses for building secure channels. In B. Pfitzmann, editor, Advances in Cryptology – Eurocrypt 2001, volume 2045 of Lecture Notes in Computer Science, pages 453–474. Springer, 2001.
56.
R. Canetti and H. Krawcyzk. Universally composable notions of key exchange and secure channels. In L. Knudsen, editor, Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 337–351. Springer, 2002.
63.
K.-K. R. Choo, C. Boyd, and Y. Hitchcock. Examining indistinguishability-based proof models for key establishment protocols. In B. Roy, editor, Advances in Cryptology – Asiacrypt 2005, volume 3788 of Lecture Notes in Computer Science, pages 585–604. Springer, 2005.
68.
R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing, 33(1): 167–226, 2004.CrossRefMathSciNet
73.
A. W. Dent. Hybrid signcryption schemes with outsider security (extended abstract). In J. Zhou and J. Lopez, editors, Proceedings of the 8th International Conference on Information Security – ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages 203–217. Springer, 2005.
74.
79.
92.
M. C. Gorantla, C. Boyd, and J. M. González Nieto. On the connection between signcryption and one-pass key establishment. In S. D. Galbraith, editor, Cryptography and Coding – Proceedings of the 11th IMA International Conference, volume 4887 of Lecture Notes in Computer Science, pages 277–301. Springer, 2007.
100.
International Organization for Standardization. ISO/IEC 11770–3, Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques, 1999.
116.
R.-H. Kim and H.-Y. Youm. Secure authenticated key exchange protocol based on EC using signcryption scheme. In IEEE International Conference on Hybrid Information Technology – ICHIT ’06, volume 2, pages 74–79. IEEE Computer Society, 2006.
118.
H. Krawczyk. HMQV: A high-performance secure Diffie-Hellman protocol. In V. Shoup, editor, Advances in Cryptology – Crypto 2005, volume 3621 of Lecture Notes in Computer Science, pages 546–566. Springer, 2005.
142.
C. J. Mitchell, M. Ward, and P. Wilson. Key control in key agreement protocols. Electronics Letters, 34:980–981, 1998.CrossRef
180.
205.
Y. Zheng. Shortened digital signature, signcryption, and compact and unforgeable key agreement schemes. Submission to the IEEE P1363a Standardisation Body, 1998.
208.
Y. Zheng and H. Imai. Compact and unforgeable key establishment over an ATM network. In Proceedings of the 17th Joint Conference of the IEEE Computer and Communications Societies – INFOCOM ’98, volume 2, pages 411–418. IEEE Communications Society, 1998.
Metadata
Title
Key Establishment Using Signcryption Techniques
Author
Alexander W. Dent
Copyright Year
2010
Publisher
Springer Berlin Heidelberg
Book
Practical Signcryption

Print ISBN: 978-3-540-89409-4

Electronic ISBN: 978-3-540-89411-7

Copyright Year: 2010

DOI
https://doi.org/10.1007/978-3-540-89411-7_11

Premium Partner

    Image Credits