| The major work of this thesis divides three parts. In the first part, we will introduce some security models of key agreement protocol and analyze their strengths. In the second part, we will compare the efficiency of classical ID-based key agreement protocols, introduce the perform steps of each protocol. Finally, a new efficient ID-based protocol which will be proven secure without Random Oracle Model (ROM) will be presented.Key agreement (KA) protocols allow two or more users to communicate over a public and insecure channel. They allow users to establish a shared secure called session key known only to them for subsequent session dataconfidentiality and integrity. The first key agreement protocol based onasymmetric cryptography was proposed by Diffie andHellman in1976. Since then, many researchers have beendone in this area.The concept of identity-based cryptosystem was firstly proposed by Shamirin1984. But not until2001, a fully functional secure identity-based encryption scheme has been designed by Boneh and Franklinusing bilinear maps. On the basis, Smartproposed the first identity based authenticated key agreement protocol. Then, a large number of identity-based authenticated key agreement protocols were proposed.How to prove that a newly proposed protocol is secure is also an important aspect of the research of key agreement protocol. In1993, Bellare and Rogaway proposed the concept of Random Oracle Model, and they proposed the the first security model with formal description on the same year. In this model, they first gave the definition of authentication and secure key agreement protocol, as well as the ability of attackers. After this, a list of classical models, such as BR95, BCK, CK, eCK, has been put forward. We will give a detailed description of these models, and describe their advantages and disadvantages.Motivated by Chen and Chen’KEM scheme, this paper presents a provably secure two-party ID-based authenticated key exchange protocol under the Computational Bilinear Diffie-Hellman (CBDH) assumption in the standard model. The new protocol has the following characteristics:1) Based on a weaken security as sumption. There are a lot protocols that are based on DBDH assumptions or other variants of BDH assumption,schemes based on weak assumptions are rare. Unlike these schemes, this scheme is based on CBDH assumption.2) The scheme is based on standard model(RAM). The security of the standard model is based on the intractability of mathematical problems and therefore it have a higher level of security.3) The consistency of the messages transmitted is publicly verifiable, which means anyone can verify whether the messages is consistent or not. |
PDF Full Text Request