Design And Analysis Of Key Agreement With Cryptographic Reverse Firewall

Due to the high-speed growth of modern technology,the number of users is increas-ing,and the environment of network is more and more intricate.Information security has become a topic of general interest.Snowden issue in 2013 made people find that security risks might not just exist in the external network.An apparently secure but actually tam-pered system may secretly eavesdrops on users' privacy.How to communicate without information leakage is an important problem in information security research.To deal with this problem,Mironov and Stephens-davidowitz proposed the concept of cryptographic reverse firewall(CRF).Taking key agreement protocol as the research topic,this thesis proposes CRF schemes for two different kinds of key agreement.Besides,this thesis pro-vide provable security for the two CRF schemes.Through experiments,the performance of the designed CRFs is analyzed.The main contributions of this thesis include:(1)This thesis designs CRF schemes for multi-party key agreement protocols.For Joux's one round tripartite Diffie-Hellman key agreement,tripartite authenticated key agreement and BD group key agreement,this thesis proposes Joux-CRF,TAK-CRF and BD-CRF schemes respectively.The deployment of CRF can ensure that the attacker can not obtain secret information by tampering with multi-party key agreement protocol and other subversion attacks,so as to maintain the internal security of protocol participants and prevent data leakage.This thesis provides the security proof of TAK-CRF scheme,and uses PBC library to analyze the performance of the scheme through experiments.(2)This thesis designs a CL-2AKA-CRF scheme which is applicable to the certifi-cateless key agreement protocol(CL-2AKA)proposed by Shi et al.This scheme can protect both sides of the protocol from the threat of subversion attack and resist data theft by internal adversaries.In this scheme,even if the user's algorithm implementation is tampered,the security claimed by the original protocol can be achieved.CL-2AKA-CRF provides provable security,in which the CRF maintains functionality,weakly preserves security and weakly resists exfiltration.Eventually,this paper analyzes the performance of CL-2AKA-CRF through experiments using PBC library.