An Identity-Based Key Agreement Protocol for the Network Layer

  • Christian Schridde
  • Matthew Smith
  • Bernd Freisleben
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5229)


A new identity-based key agreement protocol designed to operate on the network layer is presented. Endpoint addresses, namely IP and MAC addresses, are used as public keys to authenticate the communication devices involved in a key agreement, which allows us to piggyback much of the security overhead for key management to the existing network infrastructure. The proposed approach offers solutions to some of the open problems of identity-based key agreement schemes when applied to the network layer, namely multi-domain key generation, key distribution, multi-domain public parameter distribution, inter-domain key agreement and network address translation traversal.


Domain Name System Public Parameter Host Identity Protocol NATed Device Domain Name System Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Adida, B., Chau, D., Hohenberger, S., Rivest, R.L.: Lightweight Email Signatures (Extended Abstract). In: 5th International Conference on Security and Cryptography for Networks, pp. 288–302 (2006)Google Scholar
  2. 2.
    Appenzeller, G., Lynn, B.: Minimal-Overhead IP Security Using Identity Based Encryption, Technical Report, Voltage Inc. (2002)Google Scholar
  3. 3.
    Schridde, C., Smith, M., Freisleben, B.: An Identity-Based Key Agreement and Signature Protocol with Independent Private Key Generators. Technical Report, Dept. of Mathematics and Computer Science, University of Marburg, Germany (2008)Google Scholar
  4. 4.
    Aura, T.: Cryptographically Generated Addresses, RFC 3972 (2005)Google Scholar
  5. 5.
    Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical Identity Based Encryption with Constant Size Ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)Google Scholar
  6. 6.
    Boneh, D., Franklin, M.: Identity-Based Encryption from the Weil Pairing. SIAM Journal of Computation 32(3), 586–615 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Boyen, X., Waters, B.: Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles). In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 290–307. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  8. 8.
    Chen, L., Cheng, Z., Smart, N.P.: Identity-based Key Agreement Protocols from Pairings. International Journal of Information Security 6(4), 213–241 (2007)CrossRefGoogle Scholar
  9. 9.
    Chen, L., Kudla, C.: Identity Based Authenticated Key Agreement Protocols from Pairings. In: 16th IEEE Computer Security Foundations Workshop (CSFW 2003), p. 219 (2003)Google Scholar
  10. 10.
    Cocks, C.: An Identity Based Encryption Scheme Based on Quadratic Residues. In: Honary, B. (ed.) Cryptography and Coding 2001. LNCS, vol. 2260, pp. 360–363. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Congdon, P., Aboba, B., Smith, A., Zorn, G., Roese, J.: IEEE 802.1X Remote Authentication Dial. In: User Service (RADIUS) Usage Guidelines, RFC 3580 (September 2003)Google Scholar
  12. 12.
    Diffie, W., Hellman, M.E.: New Directions In Cryptography. IEEE Transactions On Information Theory (6), 644–654 (1976)Google Scholar
  13. 13.
    Fenton, J., Allman, E., Libbey, M., Thomas, M., Delany, M., Callas, J.: DomainKeys Identified Mail (DKIM) Signatures, RFC 4870 (2007)Google Scholar
  14. 14.
    Günther, C.G.: An Identity-Based Key-Exchange Protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 29–37. Springer, Heidelberg (1990)Google Scholar
  15. 15.
    Horwitz, J., Lynn, B.: Toward Hierarchical Identity-Based Encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Maurer, U.M., Yacobi, Y.: A Non-Interactive Public-Key Distribution System. Designs, Codes and Cryptography 9(3), 305–316 (1996)zbMATHMathSciNetGoogle Scholar
  17. 17.
    McCullagh, N., Barreto, P.: A New Two-Party Identity-Based Authenticated Key Agreement. In: Menezes, A. (ed.) CT-RSA 2005. LNCS, vol. 3376, pp. 262–274. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Moskowitz, R., Nikander, P., Jokela, P., Henderson, T.: Host Identity Protocol, RFC 4423 (October 2003)Google Scholar
  19. 19.
    Okamoto, E.: Key Distribution Systems Based on Identification Information. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 194–202. Springer, Heidelberg (1988)Google Scholar
  20. 20.
    Pohlig, S.C., Hellman, M.E.: An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance. IEEE Trans.on Info. Theory IT-24, 106–110 (1984)MathSciNetGoogle Scholar
  21. 21.
    Pollard, J.: Theorems of Factorization and Primality Testing. Mathematical Proceedings of the Cambridge Philosophical Society 76, 521–528 (1974)zbMATHMathSciNetCrossRefGoogle Scholar
  22. 22.
    Rigney, C., Rubens, A., Simpson, W., Willens, S.: Remote Authentication Dial In User Service (RADIUS), RFC 2138 (April 1997)Google Scholar
  23. 23.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method For Obtaining Digital Signatures And Public-Key Cryptosystems. Communications Of ACM 1(2), 120–126 (1978)CrossRefMathSciNetGoogle Scholar
  24. 24.
    Sakai, R., Kasahara, M.: ID based Cryptosystems with Pairing on Elliptic Curve. In: Symposium on Cryptography and Information Security (2003)Google Scholar
  25. 25.
    Shamir, A.: Identity-Based Cryptosystems and Signature Schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  26. 26.
    Smart, N.P.: Identity-based Authenticated Key Agreement Protocol based on Weil Pairing. Electronics Letters 38(13), 630–632 (2002)CrossRefGoogle Scholar
  27. 27.
    Smetters, D.K., Durfee, G.: Domain-based Administration of Identity-Based Cryptosystems for Secure E-Mail and IPSEC. In: SSYM 2003: Proceedings of the 12th Conference on USENIX Security Symposium, Berkeley, CA, USA, p. 15. USENIX Association (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Christian Schridde
    • 1
  • Matthew Smith
    • 1
  • Bernd Freisleben
    • 1
  1. 1.Department of Mathematics and Computer ScienceUniversity of MarburgMarburgGermany

Personalised recommendations