Textbook, Syllabus, Requirements, Grades - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

Textbook, Syllabus, Requirements, Grades

Description:

Evolutions and researches on group key agreement (GKA) protocols Yuh-Min Tseng Information Security Lab. (ISL) Department of Mathematics NCUE E-mail: ymtseng_at_cc.ncue ... – PowerPoint PPT presentation

Number of Views:118
Avg rating:3.0/5.0
Slides: 49
Provided by: WenG47
Category:

less

Transcript and Presenter's Notes

Title: Textbook, Syllabus, Requirements, Grades


1
Evolutions and researches on group key agreement
(GKA) protocols
Yuh-Min TsengInformation Security Lab.
(ISL) Department of Mathematics NCUEE-mail
ymtseng_at_cc.ncue.edu.tw http//ymtseng.math.ncue.e
du.tw
2
Outline
  • 1. Finding Problems
  • 2. Definitions and evolutions of problems
  • 3. Research approaches and related works
  • 4. Problem 1 GKA protocol resistant to insider
    attacks
  • 5. Problem 2 GKA protocol for imbalanced
    networks
  • 6. Problem 3 Pairing-based (ID-based) GKA
    protocol
  • 7. Conclusions

3
1. Finding problems
  • Assigned by your advisor
  • Research trend for some problems or applications
  • Referee of manuscripts submitted to Conferences
    or Journals
  • Open / Un-solving problems (Famous problems)
  • Self-finding problems (Important !)
  • Seminars
  • Conferences New
  • Journals Complete
  • Some experts web-sites
  • Livelihood problems (To solve some practical
    problems)

Periodical downloading papers of related
Conferences and Journals
4
1. Finding problems gt Famous problems
Pythagoras(-572 -492) x2y2z2 , right triangle
Fermats Little Theorem
?
for all primes p and 1?a?p-1, ap-1 1 (mod p)
Fermat(1601-1665) Fermat's conjectures ?
Fermats Last Theorem ?
I have obtained a perfect proof, but no space to
write it ?
xnynzn , ngt2 No positive integer solutions
5
1. Finding problems gt Famous problems
Fermats Little Theorem
Euler Theorem
Proof a corollary of Eulers theorem
for all primes p and 1?a?p-1, ap-1 1 (mod p)
Euler(1707-1783)
Wiles Proof
Fermats Last Theorem
370 years
Based on many previous theorems and conjectures
xnynzn , ngt2 No positive integer solutions
Wiles (1993) Taylor (1995, complete)
6
1. Finding problems gt Fermat Little Theorem
  • Public key primitiveness in Cryptography
  • Euler Theorem for all a?Zn, a?(n)1 (mod n)
  • Eulers Totient Function ?(n) Zn the number
    of positive integers less than n and relatively
    prime to n
  • Fermats Little Theorem for all primes p,
    1?a?p-1, ap-1 1 (mod p)
  • Proof a corollary of Eulers theorem since
    ?(p)p-1 and gcd(a,p)1 for 1?a?p-1.
  • Both theorems are useful in public key systems
    (RSA, DSA, and ElGamal) and Primality testing.

7
1. Finding problems gt Fermat Last Theorem
  • One conjecture gt Fermat Last Theorem
  • History
  • Fermat (n4), Euler (n3), Gauss (n3, complete)
  • Legendre (n5) gt Legendre Symbol (Primality
    test)
  • Dirichlet (n14), Lame (n7), Kummer (1810 -
    1893) (nlt100)
  • ..
  • Wolfskehl (1908, Offering 100000 Marks bonus)
  • Taniyama-Shimura theorem/conjecture (1960)
    Relationships
  • gt Fermat last theorem, Elliptic Curve and
    modular forms
  • Wiles (1993, 1995) A proof of Fermat last
    theorem
  • Based on Taniyama-Shimura theorem/conjecture
  • Elliptic Curve Cryptography (ECC, Secure and
    Efficient)

8
1. Finding problems gt Fermat Last Theorem
A. Wiles Modular elliptic curves and Fermat's
Last Theorem, Annals of Mathematics 141
(1995), pp. 443-551, gt 1998 Fields Medal
(Specific Award, 44 years old) R.Taylor and
A.Wiles Ring theoretic properties of certain
Hecke algebras, Annals of Mathematics 141
(1995), pp. 553-572
9
1. Finding problems gt Famous problems
  • Fermats another conjecture Fn22n1 is prime
  • F15, F217, F3257, F465537
  • Error gt F56416700417
  • Mersenne prime (1588-1648) 2p-1 is prime gt p
    is prime
  • 22-13, 23-17, 25-131, 27-1127
  • Error gt 211-12389
  • GIMPS The Great Internet Mersenne Prime Search  
  • 44 th Mersenne prime (2006, September 4)
  • 232582757 -1 Known large prime (9,808,358
    decimal digits)
  • 10,000,000 decimal digits gt US100,000

10
1.Finding problems gt Personal experiences
  • Group key agreement protocols
  • Deep Focusing on one issue deeply
  • Broad Understanding related issues
  • Two-party key agreement protocols
  • Group (Conference, multi-party) key establishment
  • Conference key distribution protocols
  • Group key agreement (GKA) protocols
  • Resource-limited devices Elliptic Curve
  • Imbalanced network (WLAN, Cellular network)
  • Mobile Ad Hoc networks
  • Sensor networks
  • Based on various cryptographic systems (ID-based,
    Pairing)

Co-assistive
11
2. Definitions and evolutions of problems gt
Diffie-Hellman key exchange (1976)
  • DH-scheme provides two-party key agreement
  • Global parameters (g, p)
  • p a large prime, say, 1024-bit long
  • g a generator for group Zp

Discrete logarithm problem
KYabYbagab mod p
12
2. Definitions and evolutions of problems
  • Group key establishment protocol
  • allows users to construct a group key that is
    used to encrypt/decrypt transmitted messages
    among the users over an open communication
    channel.
  • Categories
  • Group key distribution
  • there is a chairman who is responsible for
    generating a common key and then securely
    distributing this group key to the other users.
  • Group key agreement
  • involves all users cooperatively constructing a
    group key.

13
2. Definitions and evolutions of problemsgt
Categories
Group key distribution
Group key agreement
U2
U3
U2
U3
Chair/key
U1
U4
key
U1
U4


Un
U5
Un
U5
Easy issue
Challenging issue
14
2. Definitions and evolutions of problems gt
Group key agreement
  • Four research approaches
  • Concurrent Ring (1982, Ingemarsson et al.)
  • First group key agreement
  • Linear Ring 1 Broadcast (many protocols)
  • Binary Tree (many protocols)
  • Broadcast (many protocols)

Parallel processors
15
2. Definitions and evolutions of problems gt
(1) Concurrent Ring (1982, Ingemarsson et al.)
  • First group key agreement

Note n participants 1. It requires (n-1)
rounds 2. Concurrent Easy ? How to devise ?
16
2. Definitions and evolutions of problems gt
(2) Linear Ring 1 Broadcast
  • Concept (many protocols, 2002)

Note n participants 1. It requires (n-1)
rounds 2. Ui must sends i messages
17
2. Definitions and evolutions of problems gt
(3)Binary Tree
  • Concept Button-up (many protocols, 2005)

Note n participants 1. It requires log n
rounds 2. Semi-concurrent
18
2. Definitions and evolutions of problems gt
(4)Broadcast
  • Burmester and Demedt (1994, 2005)
  • Step 1 (Round 1)
  • Ui (1 i n) Keeps xi secret
  • broadcasts yigxi mod p
  • Step 2 (Round 2)
  • Ui (1 i n) broadcasts zi(yi1/ yi-1)xi
    mod p
  • Step 3 Each Ui computes common key K


U1
U1
Un
Broadcast channel
19
3. Research approaches and related works gt
Burmester and Demedt scheme
  • Burmester and Demedt (1994)
  • Non-authenticated requires a secure
    authenticated broadcast channel
  • (2005, IPL) They provide a complete proof.
  • Research approaches based on BD scheme
  • Authenticated
  • Performance
  • Security properties

20
3. Research approaches and related works gt
Three approaches
  • Authenticated based on different cryptographic
    systems
  • General Public-key system (RSA, DSA, or ElGamal)
  • Password-based
  • ID-based (Weil pairing and Elliptic curve)
  • Performance
  • Number of Rounds
  • Message size sent by each participant
  • Computational cost required for each participant
  • Security properties
  • Withstanding impersonator attacks
  • Providing forward secrecy
  • Resisting malicious participant (Insider) attacks
    (New)

21
3. Research approaches and related works gt
History and remarks
1Diffie-Hellman 1976 (Two- party) First key
agreement
2 Ingemaresson - 1982 First group key
agreement
3,4 BD 1994 and 2005 Efficient and Proof
Performance 5, 15
Authenticated 6,8,9,10,16-19
Transformation to authenticated 7,11
Malicious participant 12, 13, 14
22
3. Research approaches and related works gt
History and remarks
Performance 5, 15
Transformation to authenticated 7,11
Malicious participant 12, 13, 14
Authenticated 6,8,9,10,16-19
5 Horng 2001 Comp. Efficient
6,8 2002, 2003 Round Efficient
7 Katz 2003 First Transformation
12Tang 2005 Attack it. Insider attack
15 Jung 2006 Dynamic case (Join/leave)
16 Abdalla 2006 Password-based
11 Tang 2005 Round Efficient
9, 17,18 2004, 2005. ?????? ID-based (Pairing)
14 Tseng 2005 Insider attack
13 Katz 2005 Insider attack
10 Tan 2005 Batch-verification
19 Tseng 2007 Insider attack
23
3. Research approaches and related works gt
Related papers
  • 1 Diffie, W. and Hellman, M.E. (1976) New
    directions in cryptography. IEEE Trans. on Infom.
    Theory, 22, 644-654.
  • 2 Ingemaresson, I., Tang, T.D. and Wong, C.K.
    (1982) A conference key distribution system. IEEE
    Trans. Infom. Theory, 28, 714-720.
  • 3 Burmester, M. and Desmedt, Y. (1994) A secure
    and efficient conference key distribution system.
    Advances in Cryptology - Proceedings of
    Eurocrypt94, Perugia, Italy, 9-12 May, LNCS 950,
    pp. 275-286, Springer-Verlag, Berlin.
  • 4 M. Burmester and Y. Desmedt (2005) A secure
    and scalable group key exchange system,
    Information Processing Letters, vol. 94, pp.
    137-143, 2005.
  • 5 G. Horng (2001) An efficient and secure
    protocol for multi-party key establishment, The
    Computer Journal 44 (5) (2001) 463-470.
  • 6 W. G. Tzeng (2002) A secure fault-tolerant
    conference-key agreement protocol, IEEE Trans. on
    Computers 51 (4) (2002) 373-379.
  • 7 Katz, J. and Yung, M. (2003) Scalable
    Protocols for Authenticated Group Key Exchange.
    Advances in Cryptology - Proceedings of
    Crypto03, Santa Barbara, CA, 17-21 August, LNCS
    2729, pp. 110-125, Springer-Verlag, Berlin.
  • 8 Boyd, C. and Nieto, G. (2003) Round-Optimal
    Contributory Conference Key Agreement. Proc.
    Public-Key Cryptography03, Miami, USA, 6-8
    January, LNCS 2567, pp. 161-174, Springer-Verlag,
    Berlin.

24
3. Research approaches and related works gt
Related papers
  • 9 X. Yi (2004) Identity-Based Fault-Tolerant
    Conference Key Agreement, IEEE TRANS. ON
    DEPENDABLE AND SECURE COMPUTING, VOL. 1, NO. 3,
    pp.170-178, JULY-SEPTEMBER 2004.
  • 10 C. Tan and J. Teo, (2005) An Authenticated
    Group Key Agreement for Wireless Networks, IEEE
    Communications Society, WCNC 2005, pp.2100-2105.
  • 11 Q. Tang and C. J. Mitchell, (2005) Efficient
    Compilers for Authenticated Group Key Exchange,
    Computational Intelligence and Security
    International Conference, CIS 2005, Xi'an, China,
    December 15-19 2005, Proceedings, Part II,
    Springer-Verlag LNCS 3802, Berlin (2005),
    pp.192-197.
  • 12 Q. Tang and C. J. Mitchell (2005) Security
    properties of two authenticated conference key
    agreement protocols' (pdf), in S. Qing, W, Mao,
    J. Lopez, and G. Wang (eds.), Information and
    Communications Security 7th International
    Conference, ICICS 2005, Beijing, China, December
    10-13, 2005. Proceedings, Springer-Verlag LNCS
    3783, Berlin (2005), pp.304-314.
  • 13 J. Katz, J. S. Shin (2005) Modeling Insider
    Attacks on Group Key Exchange Protocols. ACM
    Conference on Computer and Communications
    Security 2005, pp. 180-189 .
  • 14 Tseng, Y.M. (2005) A robust multi-party key
    agreement protocol resistant to malicious
    participants. The Computer Journal, 48, 480-487.

25
3. Research approaches and related works gt
Related papers
  • 15 B. E. Jung (2006) An Efficient Group Key
    Agreement Protocol, IEEE communications letters,
    vol.10, no. 2, pp. 106-107, Feb. 2006
  • 16 M. Abdalla, E. Bresson, O. Chevassut, D.
    Pointcheval (2006) Password-based Group Key
    Exchange in a Constant Number of Rounds, PKC2006,
    LNCS 3958, pp.427-442.
  • 17 K. Y. Choi, J. Y. Hwang and D. H. Lee,
    Efficient ID-based Group Key Agreement with
    Bilinear Maps, 2004 International Workshop on
    Practice and Theory in Public Key Cryptography
    (PKC2004).
  • 18Y. Shi, G. Chen, and J. Li, ID-Based One
    Round authenticated Group Key Agreement Protocol
    with Bilinear Pairings, Proceedings of the
    International Conference on Information
    Technology Coding and Computing (ITCC05), 2005.
  • 19 Y.M. Tseng, A communication-efficient and
    fault-tolerant conference-key agreement protocol
    with forward secrecy, Journal of Systems and
    Software, , 2006, Accepted and to appear.
  • 20Y.M. Tseng, A secure authenticated group key
    agreement protocol for resource-limited mobile
    devices, The Computer Journal, Vol.50, No.1, pp.
    41-52, 2007.

26
3. Research approaches and related works gt
Finding worth-to-work problems
  • Keep cranky and thinking continuously !!!
  • Finding solutions
  • Writing a research paper or patent
  • Developing application systems
  • Keeping a research record (Important !!)
  • Finding new problems gt solutions
  • It could be a good approach/technique.
  • In the future, it is possible to adopt it for
    other applications or problems.

27
3. Research approaches and related works gt
Finding worth-to-work problems
  • Problem 1 Malicious participant (Insider) attack
  • The malicious legal participant broadcasts a
    wrong message to disrupt the conference key
    establishment
  • The proposed protocol must find who are the
    malicious participants
  • Problem 2 Imbalanced wireless networks
  • Resource-limited PDA, Smart phone, or UMD (Ultra
    mobile device)
  • It is a flexible approach to shift the
    computational burden to the powerful node and
    reduce the computational cost of mobile nodes
  • Problem 3 Pairing-based (ID-based) public-key
    system
  • Practical ID-based public-key system (Elliptic
    Curve)
  • 2001, New

28
4. Problem 1 GKA protocol resistant to insider
attacks
  • Motivation and finding a solution
  • All related GKA protocols based on the BD scheme
    suffer from insider attacks.
  • Some secure conferences must be held prior to a
    special time, such as military applications,
    rescue missions and emergency negotiations.
  • Related papers (2005)
  • 14 Y.M. Tseng (2005) A robust multi-party key
    agreement protocol resistant to malicious
    participants. The Computer Journal, 48, 480-487.
    (2006, Wilkes Award)
  • 12 Q. Tang and C. J. Mitchell (2005) Security
    properties of two authenticated conference key
    agreement protocols', in S. Qing, W, Mao, J.
    Lopez, and G. Wang (eds.), Information and
    Communications Security 7th International
    Conference, ICICS 2005, Beijing, China, December
    10-13, 2005. Proceedings, Springer-Verlag LNCS
    3783, Berlin (2005), pp.304-314.
  • 13 J. Katz, J. S. Shin (2005) Modeling Insider
    Attacks on Group Key Exchange Protocols. ACM
    Conference on Computer and Communications
    Security 2005, pp. 180-189.

29
4. Problem 1 GKA protocol resistant to insider
attacks
  • Insider attacks (Malicious participants) on BD
    scheme
  • Step 1 (Round 1)
  • Ui (1 i n) Keeps xi secret
  • broadcasts yigxi mod p
  • Step 2 (Round 2)
  • Ui (1 i n, i?j) broadcasts zi(yi1/
    yi-1)xi mod p
  • Uj broadcasts a random value zj
  • Step 3 Each Ui compute different key K


U1
U1
Un
Broadcast channel
Who is the malicious participant ?
30
4. Problem 1 Solution GKA protocol
resistant to insider attacks
  • Step 1 (Round 1) Ui (1 i n) Keep xi secret
  • broadcasts yigxi
    mod p
  • Step 2 (Round 2)
  • Step 3 Ui (1 i n) checks and computes K

Zi is computed correctly
31
4. Problem 1 GKA protocol resistant to insider
attacks
  • Security Proofs
  • Assumption 1 Decision Diffie-Hellman Problem
  • Theorem 1 The proposed GKA protocol is secure
    against
  • passive attacks
  • Theorem 2 The proposed GKA protocol is secure
    against
  • insider attacks
  • Discussions
  • Based on BD scheme, first protocol with resisting
    to insider attacks
  • In fact, the proposed GKA protocol can be applied
    to other group key agreement protocols with
    t-round (tgt1) to withstand insider attacks.
    (Reviewer comments)
  • Expanding to authenticated (Tseng, 2007, JSS)

32
5. Problem 2 GKA protocol for imbalanced
wireless networks
  • Motivation and finding a solution
  • Resource-limited devices PDA, Cellular phone, or
    UMD (Ultra mobile device)
  • It is a flexible approach to shift the
    computational burden to the powerful node and
    reduce the computational cost of mobile nodes
  • Related papers
  • Bresson, E. Chevassut, O., Essiari, A. and
    Pointcheval, D. (2004) Multual authentication and
    group key agreement for low-power mobile devices.
    Computer Communications, 27, 1730-1737.
  • Nam, J., Kim, S., and Won, D. (2005) A weakness
    in the Bresson-Chevassut-Essiari-Pointcheval's
    group key agreement scheme for low-power mobile
    devices. IEEE Communications Letters, 9, 429-431.
  • Nam, J., Kim, S., and Won, D. (2005) DDH-based
    group key agreement in a mobile environment. The
    Journal of Systems and Software, 78, 73-83.
  • Y.M. Tseng (2007) A secure authenticated group
    key agreement protocol for resource-limited
    mobile devices, The Computer Journal, Vol.50,
    No.1, pp. 41-52.

33
5. Problem 2 GKA protocol for imbalanced
wireless networks
  • Weaknesses of Bresson et al.s Protocol (2004)
  • Without forward secrecy
  • Without key authentication
  • Not a contributory key agreement
  • Weaknesses of Nam et al. s Protocol (2005)
  • It provides a authenticated protocol based on the
    Katz-Yung transformation 7 (2003).
    (Time-consuming)
  • In this case, computational cost is expensive for
    mobile device
  • Not a contributory key agreement

34
5. Problem 2 GKA protocol for imbalanced
wireless networks
  • Goal
  • A real contributory key agreement protocol
    (Proof)
  • Authenticated GKA protocol
  • The proposed protocol must be well suited for
    mobile devices with limited computing capability.
  • Some related issues and knowledge
  • Give an example to prove that both Bresson et
    al.s and Nam et al. s protocols are not
    contributory key agreement.
  • Given a complete proof to show our proposed
    protocol is a real contributory key agreement.
  • Understanding the computing capability of mobile
    devices such as PDA.

35
(No Transcript)
36
5. Problem 2 GKA protocol for imbalanced
wireless networks
  • Security Proofs
  • Theorem 1 It is a contributory group key
    agreement protocol
  • Theorem 2 Against passive adversary
  • Lemma 1, Lemma 2, and Theorem 3 Against
    impersonators attack
  • Theorem 4 Implicit key authentication
  • Theorem 5 Forward secrecy
  • Discussions
  • Comparisons Computational cost and security
    properties
  • This is first protocol which provides the proof
    of contributory group key agreement
  • A simulation result shows that the proposed
    protocol is well suited for mobile devices with
    limited computing capability.

37
5. Problem 2 GKA protocol for imbalanced
wireless networks
  • Some other possible problems and future works
  • Possible inherent problems of a powerful node
  • Communication Bottleneck
  • Single point fail
  • Trust
  • Lower bound of the communication cost in a
    contributory group key agreement for imbalanced
    networks.gt Optimal solution
  • .

38
6. Problem 3 Pairing-based (ID-based) GKA
protocol
  • Motivation and finding a problem
  • Based on Factoring problem
  • Shamir (1984)
  • IDgt Name, ymtseng_at_cc.ncue.edu.tw and some other
    information.
  • The motivation is to simplify certificate
    management
  • However, it is not practical.
  • Based on Bilinear Diffie-Hellman assumption
  • In 2001, D. Boneh and M. Franklin presented first
    ID-based encryption scheme.
  • Afterwards, it is a important issue for
    cryptography research.
  • Question
  • If you focus on this topic,
  • what knowledge should you prepare and own ?

39
6. Problem 3 Pairing-based (ID-based) GKA
protocol
  • Related knowledge
  • Elliptic curve
  • Bilinear Pairing (Weil pairing and Tate pairing)
  • Less books focus on this cryptographic systems
  • ID-based cryptographic protocols
  • ID-based signature (batch, threshold, blind, )
  • ID-based encryption (Broadcast, authenticated)
  • ID-based two-party key agreement/authentication
  • Fast pairing computation
  • ID-based authenticated Group key agreement

40
6. Problem 3 Pairing-based (ID-based) GKA
protocol
  • Related papers of ID-based signature/encryption
  • D. Boneh and M. Franklin, "Identity based
    encryption from the Weil pairing," Crypto 2001,
    LNCS 2139, pp.213--229, Springer-Verlag, 2001.
  • D. Boneh and M. Franklin, "Identity based
    encryption from the Weil pairing," SIAM J. of
    Computing, Vol. 32, No. 3, pp. 586-615, 2003.
  • D. Boneh, B. Lynn and H. Shacham, "Short
    signature from Weil pairing," Asiacrypt 2001,
    LNCS 2248, pp. 514--532, Springer-Verlag, 2001.
  • K. Paterson. ID-based Signatures from Pairings on
    Elliptic Curves. Electronics Letters, Vol. 38,
    No. 18, pp. 10251026, 2002.
  • F. Hess, "Efficient identity based signature
    schemes based on pairings," SAC 2002, LNCS 2595,
    pp. 310--324, Springer-Verlag, 2003.
  • J. C. Cha and J. H. Cheon, "An identity-based
    signature from gap Diffie-Hellman groups," PKC
    2003, LNCS 2567, pp. 18--30, Springer-Verlag,
    2003.
  • Yoon H. J., Cheon J. H., Kim Y. Batch
    verifications with ID-based signatures. Proc.
    ICISC2004, December 23, Seoul, Korea Berlin
    Springer-Verlag pp. 233248, LNCS 3506, 2005.
  • N. Koblitz and A. Meneze, "Pairing-based
    cryptography at high security levels,"
    Cryptography and Coding 10th IMA International
    Conference, LNCS 3796, pp. 13--36,
    Springer-Verlag, 2005.
  • S. Cui, P. Duan, C. W. Chan,   An efficient
    identity-based signature scheme with batch
    verifications, Proceedings of the 1st
    international conference on Scalable information
    systems , Article No. 22  , May 30 - June 01,
    2006

41
6. Problem 3 Pairing-based (ID-based) GKA
protocol
  • Related papers of ID-based key agreement/authentic
    ation
  • NP Smart. An identity based authenticated key
    agreement protocol based on the Weil pairing.
    Electronics Letters, volume 38 (13) 630--632,
    June 2002 .
  • L. Chen and C. Kudla , Identity Based
    Authenticated Key Agreement Protocols from
    Pairings, 16th IEEE Computer Security Foundations
    Workshop (CSFW'03), 2003, p. 219
  • Y. Wang. Efficient identity-based and
    authenticated key agreement protocol. Cryptology
    ePrint Archive, Report 2005/108.
  • G. Xie. An ID-based key agreement scheme from
    pairing. Cryptology ePrint Archive, Report
    2005/093.
  • Q. Yuan and S. Li. A new efficient ID-based
    authenticated key agreement protocol. Cryptology
    ePrint Archive, Report 2005/309.
  • L. Chen, Z. Cheng, and N.P. Smart, Identity-based
    Key Agreement Protocols From Pairings,
    http//grouper.ieee.org/groups/1363/IBC/submission
    s/Chen-IBE.pdf (Good-survey) 2006.
  • X. Yi, Identity-Based Fault-Tolerant Conference
    Key Agreement, IEEE TRANS. ON DEPENDABLE AND
    SECURE COMPUTING, VOL. 1, NO. 3, pp.170-178,
    JULY-SEPTEMBER 2004.
  • M. Das, A. Saxena, A. Gulati, and D. Phatak A
    novel remote user authentication scheme using
    bilinear pairings, Computers Security, Volume
    25, Issue 3, May, 2006, pp. 184-189

42
6. Problem 3 Pairing-based (ID-based) GKA
protocol
  • Goal Pairing-based (ID-based) GKA protocol
  • Finding some possible solutions gt No concrete
    publication
  • Extra results by surveying pairing-based systems
  • Reviewer of a ID-based partially blind signature
    (2006)
  • Improving performance of the Sherman et al.s
    scheme (2005)
  • I presented that their scheme suffers from a
    forgery attack, reject it!
  • Try to propose an efficient scheme.
  • Until now, no concrete result.
  • Seminar gt a two-party key agreement protocol
    (2006, CS)
  • Finding some drawbacks
  • We have obtained concrete results? Conferences

43
7. Conclusions
Based on the previous knowledge and new
applications/environments Thinking other
problems
44
7. Conclusions gt Thinking other problems
  • Wireless environments (Resource-limited devices)
  • Imbalanced networks (WLAN, Cellular network)
  • Mobile Ad Hoc networks
  • Distributed architectures
  • No on-line certificate authority
  • Sensor networks
  • Specific Architectures (Pre-distributed secret
    keys, or passwords)
  • Energy-aware (Computation V.S. Communication)

45
7. Conclusions gt Other Problems gt Energy
consuming
  • Sensor networks (2005, Wander et al.)
  • Specific Architecture (Pre-distributed secret
    keys)
  • Energy-aware (Computation V.S. Communication)

Field Value
Effective data rate 12.4kbps
Energy to transmit 59.2µJ/byte
Energy to receive 28.6µJ/byte
ATmega128L active mode 13.8mW
ATmega128L power down mode 0.0075mW
ATmega128L MIPS/Watt 289MIPS/W
Mica2dot sensor platform, 2002, ..
46
7. Conclusions gt Other Problems gt Energy
consuming
Algorithm Energy
SHA-1 5.9µJ/byte
AES-128 Enc/Dec 1.62/2.49µJ/byte
  • Energy cost of digital signature and key exchange
    computations mJ

Algorithm Signature Signature Key Exchange Key Exchange
Algorithm Sign Verify Client Server
RSA-1024 304 11.9 15.4 304
ECDSA-160 22.82 45.09 22.3 22.3
RSA-2048 2302.7 53.7 57.2 2302.7
ECDSA-224 61.54 121.98 60.4 60.4
47
7. Conclusions
  • Research
  • ?????????????,????,?????????????????,?????????????
    ?????????????????(Switch),?????????????????????
  • ------ Wiles

?? ??? ??
48
7. Conclusions
  • Thanks for your participation !
  • Questions and Answers !
Write a Comment
User Comments (0)
About PowerShow.com