Authenticated Key Agreement Protocol And Its Applications

Authenticated key agreement (AKA) is one of the fundamental cryptographic primitives. It allows two or more users to generate a shared session secret key over an open network with each other, and all the users are assured that only their intended peers can know the shared session secret key. The shared secret session key is then used in subsequent secure communication to ensure data confidentiality and authentication. AKA protocols can be realized in various public key cryptography settings, e.g., the traditional public-key infrastructure (PKI) setting, identity-based cryptography setting, certificateless cryptography setting, and the self-certified public key cryptography setting. A much more convincing line of research on AKA protocols has tried to provide provable security for AKA protocols. In this paper, we focus on provably secure identity-based authenticated key agreement protocols, certificateless authenticated key agreement protocols and AKA protocols using self-certified public keys, and achieve the following results:1. An identity-based two-party authenticated key agreement (ID-2AKA) protocol without pairings with ephemeral secrets leakage resistance is first proposed. Based on the GDH assumption and the random oracle model, its security is proved in the ID-based extended Canetti-Krawczyk (eCK) model, which not only can capture resistance to leakage of ephemeral secret keys, but also can capture another basic security properties including KGC master key forward security, key compromise impersonation resistance and so on. Compared with the existing ID-2AKA protocols from pairings, our protocol has higher efficiency than them due to absence of pairings. Compared with the existing ID-2AKA protocols without pairings, our protocol has stronger security than them since it can satisfy ephemeral secrets leakage resistance and is secure in the ID-based eCK model.2. He et al.(Computers and Mathematics with Applications,2012) proposed an efficient certificateless two-party authenticated key agreement (CL-2AKA) protocol without pairings and claimed their protocol was provably secure in their security model, which was actually an adaptation of Lippold et al.’s security model. By giving concrete attacks, we indicate that their protocol is not secure in their security model. We then propose an improved protocol and show our improvement is truly secure in their security model under the GDH assumption. Furthermore, the proposed protocol is still very efficient since each participant only needs extra one ECC-based point multiplication operation to achieve the shared session key.3. A CL-2AKA protocol without pairings which is provably secure in the Yang et al.’s security model is designed. Yang et al.’s security model can capture all security properties which eCK model provides. To better capture forward security, a single adversary (instead of Type I and Type II adversaries) is considered in their model. Furthermore, the adversary in their model has a power similar to the Super adversary, which is the most powerful adversary considered in the CLC literature. Compared with Yang et al.’s pairing-free CL-2AKA protocol, our protocol does not need signature operations, which not only reduces the computation cost but also coincides with the idea of certificateless cryptography. Compared with the other pairing-free CL-2AKA protocols, our protocol is the most secure one.4. A CL-2AKA protocol without pairings which is provably secure in the seCK model under the CDH assumption is first proposed. With the help of twin Diffle-Hellman trapdoor test theorem, the security of our proposed protocol can be reduced to the CDH assumption. Compared with previous pairing-free CL-2AKA protocols, our protocol is the most secure one, since they are insecure in the seCK model and are based on the GDH assumption, a non-standard and strong assumption. Compared with CL-2AKA protocols form pairings, our protocol has high efficiency.5. An improved security model for certificateless authenticated asymmetric group key agreement (CL-AAGKA) protocols is presented and a CL-AAGKA protocol with constant pairing operations which is provably secure in the improved security model is also proposed. Our protocol can be secure against Super Type I adversaries and Strong Type II adversaries, while all existing CL-AAGKA protocols only consider the security under Normal adversaries, where Super/Strong adversaries are stronger than Normal ones. In our protocol, each participant only needs six pairing operations to achieve shared group keys, while all existing CL-AAGKA protocols needs non-constant expensive pairing operations, regard of the number of participants. Thus, our protocol has the strongest security and the highest efficiency.6. The security weaknesses of the existing identity (ID)-based user authentication and key agreement schemes for mobile client-server environment are pointed out. To make up these security loopholes, a novel remote user authentication and key agreement scheme based on the self-certified public key cryptography is then proposed. Under the elliptic curve discrete logarithm problem and the CDH problem and in the random oracle model, we show that our scheme can satisfy mutual authentication, key agreement, user anonymity, perfect forward secrecy, insider attack resistance, and leakage of session temporary secrets resistance. In addition, the proposed scheme possesses low computation cost and low power consumption. Protocol comparison shows that our scheme is more secure, piratical and suitable for mobile client-server environment.