Study On Authenticated Key Exchange

Nowadays information technologies and communication industries play important roles in human community. With the rapid development of various attacks through network, providing confidentiality, integrity, authentication, authorization and non-reputation of data becomes a very critical topic in computer science and information security. As a key technology, an Authenticated Key Exchange (AKE) protocol provides two kinds of services for two communication parties. First, it allows the two parties to establish a session key which is pure symmetric known by each other only. The established key is used for realizing the data confidentiality and data integrity in the coming data transmission. Second, it provides a mechanism for two parties to be convinced that it is communicating with the intended party. According to the different authentication factors, there are several kinds of AKE, such as Password-only AKE (PAKE), symmetric key based AKE, public key based AKE and hybrid AKE. This dissertation focuses on the security and complexity issues of PAKE and AKE for wireless network. The main work and contribution are shown as follows:(1) Password-only Two-server Authenticated Key Exchange (PTAKE)In this dissertation, we propose a novel PTAKE. It overcomes the disadvantage of the conventional single-server scheme that the single point of failure as well as the disadvantage of the multi-server scheme that the expensive system costs. It not only satisfies the strongest security requirement for PTAKE that the system is secure against offline dictionary attacks even if any one of the two servers is corrupted by an active adversary, but also it requires six communication rounds only. Namely, our scheme reduces the number of communication rounds by 40% when compared with other most efficient scheme while maintaining about the same degree of computational complexity. Furthermore, we propose a generic PTAKE with satisfying the lower security level for PTAKE that the system is secure against offline dictionary attacks even if the front one of the two servers is corrupted by an active adversary or the backend server is corrupted by a passive adversary.(2) Complexity Analysis of An Fast Modular Duplex-exponentiation Algorithm The PTAKE schemes mentioned above and many other existing crypto systems require efficient modular duplex-exponentiation operations in order to make the systems fast in practice as it is the most expensive operations for them. In this dissertation, we target to examine the computational complexity of the famous fast algorithms. Particularly, we provide a formal complexity analysis for WLLC algorithm under Markov probabilistic model, which was claimed to be the fastest algorithm. The complexity analysis and the experimental results show that the actual computational complexity of WLLC algorithm should be 1.556k:rather than 1.306k, where k is the larger bit length of the two exponents. It implies that the best modular duplex-exponentiations algorithm based on canonical-sighed-digit technique is still not able to overcome the 1.5k barrier.(3) Anonymous Secure Wireless Roaming(Anonymous SWR)In order to build a secure channel between the roaming user and the service provider with providing user privacy (i.e., user anonymity and user untraceability), the Anonymous Secure Wireless Roaming protocol has been proposed, the core function of which is to provide AKE between the two parties. In this dissertation, we focus on the proposal of the all-round security requirements for Anonymous SWR which captures the following security properties including mutual authentication between roaming user and foreign server, key establishment and key privacy against backend server, forward secrecy, user anonymity and user untraceability. And we propose a pure symmetric key based Anonymous SWR protocol using the CK modular approach. To best of our knowledge, it seems to be the first pure symmetric key based anonymous SWR. Compared with other existing Anonymous SWR protocols, both of the computation complexity and communication complexity of our protocol are lowest, since it involves only 4 message flows and no PKI (Public Key Infrastructure) but only highly efficient cryptographic operations are needed which include Message Authentication Code (MAC) and symmetric key encryption.(4) Group Signature with Forward Secure Revocation.As an important cryptographic tool, group signature has been widely employed by various crypto systems, especially it is employed to construct a localized anonymous roaming protocol as a core building block. Although for this roaming protocol, the communication burden of the servers will be alleviated much, the computational complexity and user revocation complexity will increase quickly due to the usage of group signature. In order to overcome this disadvantage, we propose an efficient group signature with forward secure revocation with satisfying constant signing and verifying complexity as well as constant size in signature public key and signing key.