Key Establishment Using Signcryption Techniques

Dent, Alexander W.

doi:10.1007/978-3-540-89411-7_11

Alexander W. Dent³

Part of the book series: Information Security and Cryptography ((ISC))

1082 Accesses

Abstract

Possibly the most useful branch of public key cryptography is key establishment. After all, it is the problem of symmetric key distribution that prompted Diffie and Hellman to propose the notion of public key cryptography in the first place [74]. The basic idea behind a key establishment protocol is that two (or more) parties should exchange cryptographic messages in such a way that, at the end of the protocol, they both know a shared key—typically a bitstring of a fixed length that can be used with a symmetric cryptosystem. It is imperative that no party other than those actively participating in the key establishment protocol (and perhaps one or more trusted third parties) can obtain any information about this shared secret key. We also usually require that, at the end of a successful protocol execution, each party is convinced of the identity of the other party. Hence, the basic security notions we require from a key establishment protocol are those of confidentiality and entity authentication .

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
We note that if an attacker can arrange for two sessions to have the same nonce, then this attacker can break the scheme. The attacker starts a series of new sessions between A and B using a single session identity sid. If the nonce that B outputs is fresh (i.e., different from all previous nonces) then the attacker passes this nonce to B, who outputs an encapsulation . The attacker then reveals the session key for this session; records the nonce, encapsulation, and key; expires both A and Bs sessions; and repeats the process. If the nonce that is output is not fresh, then the attacker finds the corresponding encapsulation with the same nonce from his records and submits this to B as A’s response. The attacker makes this the test session; however, the attacker already knows this session key from the earlier reveal query.
2.
In this attack, \(\mathcal{A}\) generates \(q_{\mathit{send}}/2\) distinct nonces, queries an entity A with each nonce using the Send oracle, stores the associated encapsulation C, obtains the session key for each session using the Reveal oracle, and then expires the session. Each key is stored with the appropriate encapsulation and nonce. \(\mathcal{A}\) then starts \(q_{\mathit{send}}/2\) distinct sessions with an entity B. If the entity outputs a nonce different to any of those generated in the first phase, then the attacker expires the session. If B outputs a nonce which is the same as one that the attacker generated in the first phase, then the attacker responds using the appropriate encapsulation and declares this to be the Test session. Since the attacker already knows the key associated with the encapsulation , the attacker can trivially win the game.

References

M. Bellare, R. Canetti, and H. Kraczyk. A modular approach to the design and analysis of authentication and key exchange protocols. In Proceedings of the 30th Symposium on the Theory of Computing – STOC 1998, pages 419–428. ACM Press, 1998.
Google Scholar
M. Bellare, D. Pointcheval, and P. Rogaway. Authenticated key exchange secure against dictionary attacks. In B. Preneel, editor, Advances in Cryptology – Eurocrypt 2000, volume 1807 of Lecture Notes in Computer Science, pages 139–155. Springer, 2000.
Google Scholar
M. Bellare and P. Rogaway. Entity authentication and key distribution. In D. R. Stinson, editor, Advances in Cryptology – Crypto ’93, volume 773 of Lecture Notes in Computer Science, pages 232–249. Springer, 1993.
Google Scholar
M. Bellare and P. Rogaway. The security of triple encryption and a framework for code-based game-playing proofs. In S. Vaudenay, editor, Advances in Cryptology – Eurocrypt 2006, volume 4004 of Lecture Notes in Computer Science, pages 409–426. Springer, 2006.
Google Scholar
T. E. Bjørstad and A. W. Dent. Building better signcryption schemes with tag-KEMs. In M. Yung, Y. Dodis, A. Kiayas, and T. Malkin, editors, Public Key Cryptography – PKC 2006, volume 3958 of Lecture Notes in Computer Science, pages 491–507. Springer, 2006.
Google Scholar
C. Boyd. Design of secure key establishment protocols: Successes, failures and prospects. In A. Canteaut and K. Viswanathan, editors, Progress in Cryptology – Indocrypt 2004, volume 3348 of Lecture Notes in Computer Science, pages 1–13. Springer, 2004.
Google Scholar
C. Boyd and A. Mathuria. Protocols for Authentication and Key Establishment. Springer, 2003.
Google Scholar
R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Proceedings of the 42nd Symposium on Foundations of Computer Science – FOCS 2001, pages 136–145. IEEE Computer Society, 2001.
Google Scholar
R. Canetti and H. Krawczyk. Analysis of key-exchange protocols and their uses for building secure channels. In B. Pfitzmann, editor, Advances in Cryptology – Eurocrypt 2001, volume 2045 of Lecture Notes in Computer Science, pages 453–474. Springer, 2001.
Google Scholar
R. Canetti and H. Krawcyzk. Universally composable notions of key exchange and secure channels. In L. Knudsen, editor, Advances in Cryptology – Eurocrypt 2002, volume 2332 of Lecture Notes in Computer Science, pages 337–351. Springer, 2002.
Google Scholar
K.-K. R. Choo, C. Boyd, and Y. Hitchcock. Examining indistinguishability-based proof models for key establishment protocols. In B. Roy, editor, Advances in Cryptology – Asiacrypt 2005, volume 3788 of Lecture Notes in Computer Science, pages 585–604. Springer, 2005.
Google Scholar
R. Cramer and V. Shoup. Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM Journal on Computing, 33(1): 167–226, 2004.
Article MathSciNet Google Scholar
A. W. Dent. Hybrid signcryption schemes with outsider security (extended abstract). In J. Zhou and J. Lopez, editors, Proceedings of the 8th International Conference on Information Security – ISC 2005, volume 3650 of Lecture Notes in Computer Science, pages 203–217. Springer, 2005.
Google Scholar
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976.
Article MATH MathSciNet Google Scholar
D. Dolev and A. Yao. On the security of public-key protocols. IEEE Transactions on Information Theory, 29(2):198–208, 1983.
Article MATH MathSciNet Google Scholar
M. C. Gorantla, C. Boyd, and J. M. González Nieto. On the connection between signcryption and one-pass key establishment. In S. D. Galbraith, editor, Cryptography and Coding – Proceedings of the 11th IMA International Conference, volume 4887 of Lecture Notes in Computer Science, pages 277–301. Springer, 2007.
Google Scholar
International Organization for Standardization. ISO/IEC 11770–3, Information technology — Security techniques — Key management — Part 3: Mechanisms using asymmetric techniques, 1999.
Google Scholar
R.-H. Kim and H.-Y. Youm. Secure authenticated key exchange protocol based on EC using signcryption scheme. In IEEE International Conference on Hybrid Information Technology – ICHIT ’06, volume 2, pages 74–79. IEEE Computer Society, 2006.
Google Scholar
H. Krawczyk. HMQV: A high-performance secure Diffie-Hellman protocol. In V. Shoup, editor, Advances in Cryptology – Crypto 2005, volume 3621 of Lecture Notes in Computer Science, pages 546–566. Springer, 2005.
Google Scholar
C. J. Mitchell, M. Ward, and P. Wilson. Key control in key agreement protocols. Electronics Letters, 34:980–981, 1998.
Article Google Scholar
V. Shoup. Sequences of games: A tool for taming complexity in security proofs. Available from http://eprint.iacr.org/2004/332/, 2004.
Y. Zheng. Shortened digital signature, signcryption, and compact and unforgeable key agreement schemes. Submission to the IEEE P1363a Standardisation Body, 1998.
Google Scholar
Y. Zheng and H. Imai. Compact and unforgeable key establishment over an ATM network. In Proceedings of the 17th Joint Conference of the IEEE Computer and Communications Societies – INFOCOM ’98, volume 2, pages 411–418. IEEE Communications Society, 1998.
Google Scholar

Download references

Author information

Authors and Affiliations

Information Security Group, Royal Holloway, University of London, Egham, TW20 OEX, Surrey, UK
Alexander W. Dent

Authors

Alexander W. Dent
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alexander W. Dent .

Editor information

Editors and Affiliations

University of London, Information Security Group, Royal Holloway, Egham, Surrey, TW20 0EX, United Kingdom
Alexander W. Dent
Dept. Software & Information Systems, University of North Carolina, Charlotte, University City Blvd. 9201, Charlotte, 28223, North Carolina, USA
Yuliang Zheng

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Dent, A.W. (2010). Key Establishment Using Signcryption Techniques. In: Dent, A., Zheng, Y. (eds) Practical Signcryption. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89411-7_11

Download citation

DOI: https://doi.org/10.1007/978-3-540-89411-7_11
Published: 04 October 2010
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89409-4
Online ISBN: 978-3-540-89411-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics