Design And Analysis Of Authentication And Key Agreement Ptotocols

A cryptographic protocol is an interactive procedure between two or multi players to carry out a computing task. Cryptographic protocol has a wide range of applications including session key agreement/distribution, identity and message authentication, and secure electronic business/government affairs etc. It's the key technology as well as one of the most effective measures of ensuring information and network security.The real network is completely open, and there are varieties of attackers and attacks. In order to ensure the information security of the protocol participants, and to prevent an attacker from getting additional information, it's necessary to design secure and effective cryptographic protocols. The theory of provable security enables one to reduce the security of a protocol/scheme to some cryptographic assumption (such as the intractability of a class of mathematical problems, or the existence of one-way functions etc.) such that, if the assumption holds then the underlining protocol/scheme is secure under current computing capability. Therefore, it is of great practicability to do a systematic research on provably secure cryptographic protocols.In this thesis, we investigate the design of authentication and key agreement protocols as well as the supporting theory of constructing cryptographic protocols, in which we focus on the security analysis of cryptographic protocols/schemes, the construction of two-party deniable authentication protocol, traitor-tracing in asymmetric key agreement protocol, the realizability of secure function evaluation (SFE for short), and the design and key management problems of identity-based signcryption schemes in the multi-PKG case, and achieve some results.1. Security analysis of cryptographic scheme/protocolsIn early literatures, the design and analysis of cryptographic protocols are shown in a heuristic way. However, the emergence of new cryptanalysis techniques is uncertain and any new technique is likely to make cryptographic protocols to be cracked, hence it is difficult to ensure the security of protocols based on the heuristic method. In this context, formal analysis is introduced and becomes one of the most interesting research areas. For formal analysis, the analyst first establishes the security model, and then applies the methods based on computational complexity or logical reasoning to analyze the security of the protocol. This thesis concludes the main analysis methods and the proof techniques based on computational complexity. Then we investigate a deniable authentication protocol, a two-party authenticated key agreement protocol and an identity-based signcryption scheme in the multi-PKG case respectively, and show that all of them have security flaws.2. Two party deniable authentication protocolsDeniable Authentication protocols allow a sender to authenticate a message for a receiver, in a way that the receiver cannot convince a third party the source of message; meanwhile, the sender cannot convince a third party that she has authenticated a message. Deniability strengthens the privacy of cryptographic protocols, and has wide applications in internet key exchange, electronic election, and electronic business etc. The hash-proof system introduced by Cramer and Shoup in Eurocrypt2002as a basic component in cryptography, has been incorporated in the constructions of deniable authentication protocols. This thesis present a new deniable authentication protocol based on extractable hash proof systems, which satisfies concurrent unforgability and restricted deniability. Furthermore, we show a formal security proof reducing unforgability to the hardness of search problems (e.g. integer factorization, CDH) instead of decision problems (e.g. DDH, DCR).3. Asymmetric group key agreement with traitor traceabilityAnother basic cryptographic task known as group key agreement enables multi participants to agree on a shared secret key in the open network. Considering from the application point of view, the goal of group key agreement is to establish a private communication channel between the participants. In Eurocrypt2009, Wu et al. first introduced the notion of asymmetric group key agreement (ASGKA for short) in which the final key obtained is not a secret session key but a public encryption key. This encryption key is available to the adversary, and is related to many different decryption keys such that every participant is able to compute one valid decryption key corresponding to the same encryption key. As ASGKA is a new research area, a lot of open problems and further research ideas are left, such as traitor-tracing ASGKA protocol. This thesis constructs an asymmetric group key agreement protocol called ASGKAwTT, which is provably secure in the standard model and enjoys the traitor-tracing property. That is, for any malicious player (i.e. the traitor) that leaks her secret key to an external adversary, her identity can be recovered by the group members through verifying the multi-signature on identities.4. The realizability of multi-party secure function evaluation The theory of cryptographic complexity, introduced by Prabhakaran and Rosulek in Crypto2008, studies the realizability of secure multi-party function evaluation and the inherent complexity of secure computing multi-party functionalities in specific security models and their relations. The most important step in this area is to investigate the secure realizability of multi-party tasks. Each concrete security model naturally defines a "cryptographic complexity class" consisting of the tasks which have secure protocols in that model, called the realizable class. However, not all the functionalities in consideration are realizable. Therefore, to abstract the combinatorial characterizations of protocols that can be secure realized under a specific security model, helps us in partitioning various cryptographic tasks into complexity levels and leads us to a better understanding and comparing of cryptographic complexity classes. This thesis analyze the necessary conditions that multi-party secure function evaluation (SEE) can be realized, and prove that these necessary conditions are not sufficient via counter examples. Based on the above result, we further show the sufficient and necessary conditions of realizable SFE functionalities, and exhibit a proof of realizability by introducing a new framework called splitability.5. Multi-PKG id-based signcryption schemeSigncryption is a cryptographic primitive that simultaneously performs the functions of both digital signatures and encryption schemes in a single step, while in a way that is more efficient than "encrypting-then-signing". Hence it is an effective method for private and authenticated message transmission, and has been extensively studied as a supporting theory in protocol designing. Identity-based signcryption scheme in the multi-PKG case provides a good solution to secure authentication and private communication between entities from different domains. This thesis present a new identity-based signcryption scheme in the multi-PKG case, which employs the ideas from Water's identity-based encryption scheme and existing identity-based signcryption schemes, using the⊕operation as well as collision-resilient hash function to eliminate the correspondence between ciphertext and plaintext and ensure semantic security. This scheme achieves provable security in the standard model and existential unforgability. Moreover, when only single PKG is concerned, this scheme has a better efficiency compared with other schemes in the standard model.6. Ad Hoc key management schemeSince secret key is the core information in a cryptosystem, the key management level directly determines the application level of a cryptosystem. In order to strengthen the reliability of key management and get rid of the security risks caused by single-point failures, it is usually preferred to apply secret sharing/threshold cryptography to design effective key management schemes. The main idea behind threshold cryptography is to share the secret information (e.g. the secret key) or the sensitive computation among multi players such that, nothing but a certain number of players coordinating is able to reconstruct the secret information or complete the sensitive computation, while fewer players cannot. This thesis design a new Ad Hoc key management scheme based on threshold secret sharing. The highlight of this scheme lies in that, it employs a non-interactive threshold secret sharing scheme based on symmetric binary polynomial such that, it provides a secure and efficient implementation for dynamic node joining, malicious node tracing, key share updating and session key exchanging, which makes it more applicable to large-scale Ad Hoc network with a dynamically changing topology.