Skip to main content
SpringerLink
Log in

Deniable Authenticated Key Establishment for Internet Protocols

  • Conference paper
Security Protocols (Security Protocols 2003)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3364))

Included in the following conference series:

Abstract

We propose two public-key schemes to achieve “deniable authentication” for the Internet Key Exchange (IKE). Our protocols can be implemented using different concrete mechanisms and we discuss different options; in particular we suggest solutions based on elliptic curve pairings. The protocol designs use the modular construction method of Canetti and Krawczyk which provides the basis for a proof of security. Our schemes can, in some situations, be more efficient than existing IKE protocols as well as having stronger deniability properties.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient algorithms for pairing-based cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 354. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  2. Barreto, P.S.L.M., Lynn, B., Scott, M.: Constructing elliptic curves with prescribed embedding degrees. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 263–273. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  3. Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols. In: Proceedings of the thirtieth annual ACM symposium on Theory of computing, pp. 419–428. ACM Press, New York (1998), Full version at, http://www-cse.ucsd.edu/users/mihir/papers/key-distribution.html

    Chapter  Google Scholar 

  4. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994), Full version at, www-cse.ucsd.edu/users/mihir

    Google Scholar 

  5. Bellare, M., Rogaway, P.: Provably secure session key distribution – the three party case. In: Proceedings of the 27th ACM Symposium on the Theory of Computing (1995)

    Google Scholar 

  6. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. SIAM J. Computing 32(3), 586–615 (2003), http://www.crypto.stanford.edu/~dabo/abstracts/ibe.html full version of [6]

    Article  MATH  MathSciNet  Google Scholar 

  8. Boneh, D., Shacham, H., Lynn, B.: Short signatures from the Weil pairing. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 514–532. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  9. Borella, M.S.: Methods and protocols for secure key negotiation using IKE. IEEE Network, 18–29 (July/August 2000)

    Google Scholar 

  10. Burrows, M., Abadi, M., Needham, R.: A logic of authentication. Proceedings of the Royal Society A426, 233–271 (1989)

    Article  MATH  MathSciNet  Google Scholar 

  11. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001), http://eprint.iacr.org/2001/040.pg.gz

    Chapter  Google Scholar 

  12. Canetti, R., Krawczyk, H.: Security analysis of iKE’s signature-based key-exchange protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, p. 143. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Cheng, P.-C.: An architecture for the Internet Key Exchange protocol. IBM Systems Journal 40(3), 721–745 (2001)

    Article  Google Scholar 

  14. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transaction on Information Theory 22, 644–654 (1976)

    Article  MATH  MathSciNet  Google Scholar 

  15. Dupont, R., Enge, A.: Practical non-interactive key distribution based on pairings. Cryptology ePrint Archive, Report 2002/136 (2002), http://eprint.iacr.org/

  16. Dupont, R., Enge, A., Morain, F.: Building curves with arbitrary small MOV degree over finite prime fields. Cryptology ePrint Archive, Report 2002/094 (2002), http://eprint.iacr.org/

  17. Ferguson, N., Schneier, B.: A cryptographic evaluation of IPsec. (2000), http://www.counterpane.com/ipsec.html

  18. Galbraith, S.D.: Supersingular curves in cryptography. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 495–513. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  19. Galbraith, S.D., Harrison, K., Soldera, D.: Implementing the Tate pairing. In: Fieker, C., Kohel, D.R. (eds.) ANTS 2002. LNCS, vol. 2369, pp. 324–337. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  20. Girault, M.: Self-certified public keys. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 490–497. Springer, Heidelberg (1991)

    Google Scholar 

  21. Harkins, D., Carrel, D.: The Internet Key Exchange (IKE). Internet RFC 2409 (November 1998)

    Google Scholar 

  22. Harkins, D., Kaufman, C., Kivinen, T., Kent, S., Perlman, R.: Design Rationale for IKEv2. Internet Draft (February 2002)

    Google Scholar 

  23. Joux, A.: A one round protocol for tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  24. Krawczyk, H.: SIGMA: The SIGn and MAc approach to authenticated Diffie-Hellman and its use in the IKE protocols, http://www.ee.technion.ac.il/~hugo/sigma.html

  25. Lowe, G.: Some new attacks upon security protocols. In: 9th IEEE Computer Security Foundations Workshop, pp. 162–169. IEEE Computer Society Press, Los Alamitos (1996)

    Chapter  Google Scholar 

  26. Mao, W., Paterson, K.G.: On the plausible deniability feature of Internet protocols (2002), http://www.isg.rhul.ac.uk/~kp/IKE.ps

  27. Menezes, A.J., Okamoto, T., Vanstone, S.A.: Reducing elliptic curve logarithms to a finite field. IEEE Trans. Info. Theory 39, 1636–1646 (1983)

    MathSciNet  Google Scholar 

  28. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Communications of the ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  29. Paterson, K.G.: Cryptography from pairings: A snapshot of current research. Information Security Technical Report 7(3), 41–54 (2002), http://www.isg.rhul.ac.uk/~kp/pairings.ps

  30. Perlman, R., Kaufman, C.: Key exchange in IPSec: Analysis of IKE. IEEE Internet Computing, 50–56 (November-December 2000)

    Google Scholar 

  31. Saeednia, S.: A note on Girault’s self-certified model. Information Processing Letters 86, 323–327 (2003)

    Article  MATH  MathSciNet  Google Scholar 

  32. Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: The 2000 Sympoium on Cryptography and Information Security, Okinawa, Japan (January 2000)

    Google Scholar 

  33. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)

    Chapter  Google Scholar 

  34. Verheul, E.R.: Evidence that XTR is more secure than supersingular elliptic curve cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  35. Zhou, J.: Fixing a security flaw in IKE protocols. Electronics Letters 35(13), 1072–1073 (1999)

    Article  Google Scholar 

  36. Zhou, J.: Further analysis of the Internet key exchange protocol. Computer Communications 23, 1606–1612 (2000)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Research Centre, Queensland University of Technology, Brisbane, Australia

    Colin Boyd

  2. Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, Bristol, BS12 6QZ, UK

    Wenbo Mao

  3. Information Security Group, Royal Holloway, University of London, Egham, Surrey, TW20 0EX, UK

    Kenneth G. Paterson

Authors
  1. Colin Boyd
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Wenbo Mao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kenneth G. Paterson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Systems Group, Vrije Universiteit, Amsterdam, The Netherlands

    Bruno Crispo

  2. Georgia Institute of Technology, Atlanta, GA

    James A. Malcolm

  3. Microsoft Research, Cambridge, UK

    Michael Roe

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Boyd, C., Mao, W., Paterson, K.G. (2005). Deniable Authenticated Key Establishment for Internet Protocols. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds) Security Protocols. Security Protocols 2003. Lecture Notes in Computer Science, vol 3364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11542322_31

Download citation

  • DOI: https://doi.org/10.1007/11542322_31

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-28389-8

  • Online ISBN: 978-3-540-31836-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation