Investigation of Security Enhancement and Performance Attributes of Key Agreement Protocol in Elliptic Curve Cryptography

Document Sample
Investigation of Security Enhancement and Performance Attributes of Key Agreement Protocol in Elliptic Curve Cryptography Powered By Docstoc
					                                                               (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                      Vol. 10, No. 12, 2012

     Investigation of Security Enhancement and
Performance Attributes of Key Agreement Protocol in
            Elliptic Curve Cryptography

                     Sonali U Nimbhorkar                                                         Dr.L.G.Malik
            Computer Science &Engineering                                              Computer Science & Engineering
           G.H.Raisoni College of Engineering                                         G.H.Raisoni College of Engineering
                      Nagpur, India                                                              Nagpur, India

Abstract—Augmented network use to communicate susceptible                  Authenticated key(AK) and another is Authenticated key
data and transactions requires an enhanced level of                        with key confirmation (AKC)[10][11].
authentication and privacy for digital communication .Now a                Key establishment protocols have conventionally been among
day’s most of the user authentication, integrity and                       the hardest protocols to design. There are several challenges
confidentiality schemes are based on elliptic curve cryptography.
                                                                           concerning key exchange. These are:[17][19]ensuring that the
The use of elliptic curve cryptography techniques provide greater
security using less bits .The construction of key agreement                keys are exchanged so that sender and receiver can perform
protocol in elliptic curve cryptography requires being resistant to        Encryption and decryption, preventing an eavesdropper from
both active and passive attacks. In this paper provides                    getting to know the key, offer the receiver ,some proof that a
comparative cryptanalysis of vulnerable schemes for key                    message was encrypted by the party who claims to            have
agreement protocol using elliptic curve cryptography and also              sent the message. The rapid growth in communication
considering parameters for security enhancement and                        technology and personal communication systems encouraged
performance attributes for achieving greater security for                  new security questions.
communication networks reducing computational overhead,                    Recently commencing 2002 to 2012, many studies were
bandwidth, and storage requirement.
                                                                           proposed to secure authentication protocols. In2008,.numerous
Keywords—Key agreement ,elliptic curve , finite field , security,          schemes proposed an improved key agreement protocol [6]
cryptosystem .                                                             [8][19] [27] [28]. These protocol is a smart card based
                                                                           password authentication protocol and operates with symmetric
                I.     INTRODUCTION (HEADING 1)                            key encryption algorithm. They claimed that their protocol is
                                                                           secure, can achieve user anonymity, and prevent various
In cryptography, a key agreement protocol is a protocol                    attacks, such as replay attack, stolen verifier attack, password
whereby two or additional parties can agree on a key in such a             guessing attack, insider attack, and man-in-the-middle attack.
way that both control the outcome .Key agreement protocols                 In 2009, proposed a scheme [11][26] which is improved
are considered one of the hardest protocols to design, and are             protocol [26] and can avoid the weakness existing in protocol
one of the most important parts of a system when it comes to               is also a smart card based password authentication protocol
integrity and confidentiality of data. Many key agreement                  and bases on bilinear pairings. They claimed that their
protocols have been proposed, but many of them are without                 protocol is secure and can withstand replay attack and insider
security proof. Even with the security proof, the protocol may             attack and also proposed an improvement on protocol [11].
contain weaknesses that may be exploited with a new kind of                Their scheme is a smart card based password authentication
attack. Because of this, it must continuously analyze protocols            protocol as well and operates with secure one-way hash
to make sure that they are sound. Key agreement protocols are              function. They claimed that their protocol is secure and can
the common way for two principals to achieve secure                        achieve mutual authentication. Also in 2011, improved two
communication by establishing a session key to encrypt the                 identity-based        authentication        protocols,        [2]
data that is being sent between them[8][9][15].                            [3][5][13][16][30][34][40]. Their protocols are r password-
A secure key agreement protocol should be enforced while                   based smart card based protocols. They are identity-based
two parties communicate to each other to defend themselves                 public key cryptosystem and operate with ElGamal signature
from various kinds of active and passive attacks .There are                scheme. Claimed the protocols are not only efficient but also
two basic models for secure key agreement protocols one is                 secure. Although all of the above schemes mentioned claimed

                                                                                                      ISSN 1947-5500
                                                            (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                   Vol. 10, No. 12, 2012
that they are secure, however, there are still some threats                      III.   DESIRABLE PROPERTIES OF KEY AGREEMENT
existing in them.                                                                                  PROTOCOLS
The rest of the paper is organized as follows. Related Works            A number of desirable properties for key agreement protocols
and Fundamental required for key agreement protocol are                 have been identified [2] and nowadays most of the protocols
briefly discussed in Section II. Desirable properties of key            are analyzed using these properties which are described below
agreement protocols are given in Section III. Section IV                [17][19][26]:
presents various attack methods For key agreement protocol,
security analysis with respect to key agreement properties and                   Known-key security: Each run of a key agreement
possible attacks. Performance comparison with respect to
design schemes for key agreement protocol and other related                       protocol between two entities A and B should
schemes is given in Section V. Finally conclude the paper in                      produce a unique shared secret key called session key
Section VI.                                                                       Ks. A protocol should still achieve its goal in the face
                                                                                  of an adversary who has learned some other session
There are three major categories of key agreement schemes                        Perfect forward secrecy: If long-term private keys of
defined in the standards with two of these categories having                      one or more entities are compromised, the secrecy of
multiple cases [14][15][16]:                                                      previous session keys established by honest entities is
                                                                                  not affected.
       Two-Party Participation: an interactive, two-way
        method where each party generates an ephemeral key                       Key-compromise impersonation: Suppose that A’s
        pair. This method is used in the most widely                              long- term private key is disclosed. Clearly an
        deployed security protocols.
                                                                                  adversary that knows this value can now impersonate
       One-Party Participation: a store-and-forward, one-                        A, since it is precisely this value that identifies A.
        way method where only the initiator generates an                          However, it may be desirable that this loss does
        ephemeral key pair. This method is ideally suited to                      not enable an adversary to impersonate other entities
        email and is used in the S/MIME protocol. It can also
                                                                                  to A .In addition, Identification protocols should have
        be used in SSL if the server has a static DH public-
        key.                                                                      other properties which are related to performance.
                                                                                  Because round trips and large blocks are critical
       Static Keys Only: a static (passive) method where                         factors in terms of communication load and because
        each party has only a static key pair, no ephemeral                       exponentiations and random numbers are to be
        keys are used. This method can be used in S/MIME                          critical factors in terms of computation load.
        and SSL but the absence of ephemeral keys
        diminishes its security. In this method, the shared
                                                                                 Computational efficiency: this includes the number of
        symmetric keys are only assured to be distinct from
        previous by adding unencrypted (public) nonce’s to                        operations required to execute a protocol. In order to
        the derivation of the shared keys.                                        achieve this property, the protocol should have the
                                                                                  minimum number of operation as possible.

In addition, two important properties are regarded for key                  Communication efficiency: This includes the number of
agreement protocols as follows [14][16]:                                passes (message exchanges) and Communication efficiency:
                                                                        This includes the number of passes (message exchanges) and
       Implicit key confirmation: A key agreement                     the bandwidth required (total number of bits transmitted).
        protocol has this property if the both participants are
        assured that only the other participant can compute
        the secret common key.                                                  IV.ATTACK METHODS FOR KEY AGREEMENT PROTOCOL
       Explicit key confirmation: This means that the both
        participants are assured that the other participant have        There are numerous different ways to perform an attack on a
        computed the secret common key.                                 key agreement protocol. In this will briefly depict how attacks
                                                                        may be characterized, the distinction between active and
                                                                        passive attacks and present some widespread attack methods.
                                                                        There are many different ways an attacker can develop a
                                                                        protocol This section contains a brief description of some of
                                                                        the most common attack methods [28][1][4] :

                                                                                                    ISSN 1947-5500
                                                         (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                Vol. 10, No. 12, 2012
   Eavesdropping: Eavesdropping means that an                               Cryptanalysis: Cryptanalysis is the study of methods
    adversary captures information that is being sent in                      for obtaining the meaning of encrypted information,
    the protocol. Eavesdropping has existed throughout                        without access to the secret information that is
    time, where someone overhears things they were not                        normally required. In most cases, this kind of attack
    supposed to and when the communicating parties are                        focuses on finding the secret key. Frequency analysis
    not aware of it. This is one of the most basic kinds of                   is the basic tool for breaking classical ciphers and
    attack, and more complex attacks might include                            reveals the secret key.
    eavesdropping as part of the attack. Eavesdropping is                    Certificate manipulation: Certificate manipulation
    a kind of passive attack.                                                 is when the adversary modifies certificate
                                                                              information to perform an attack on a protocol. The
   Modification: In a modification attack, the adversary                     certificate of a principal acts as an assurance from a
    alters the information that is sent in the protocol. This                 trusted third party that the principal’s public key
    is a kind of active attack, since the attacker has a                      really does belong to that principal.
    stronger role in this situation than a passive attack,                   Protocol interaction: Protocol interaction means that
    where he just listens to the communication. A way to                      the adversary chooses a new protocol to interact with
    prevent this kind of attack is to use cryptographic                       a known protocol. Most of the long-term keys are
    integrity measures.                                                       meant to be used for a single protocol only.

   Replay: A replay attack is an attack where a valid
                                                                             V.DESIGN SCHEMES FOR KEY AGREEMENT PROTOCOL
    transmission is being recorded, and then later
    repeated, to the same or a different principal, for              Design methods used for designing the new key agreement
    attacking purposes. This is done either by the                   protocols are based on some standard protocols. Here we
                                                                     describe the most important of these standards. Also present
    originator or by an adversary who intercepts the data
                                                                     the assumed problems that is used in cryptography in order to
    and retransmits it. This is a fundamental kind of                keep information available to the intended parties, and
    attack, which is often used as a part of more complex            unavailable to others [24][26][28].
    attacks. One way to avoid replay attacks is using
    session.                                                             a) Diffie-Hellman key agreement protocol
                                                                          Diffie-Hellman is a cryptographic protocol for secure
   Reflection: A reflection attack is a way of attacking a              exchange of a shared secret between two parties over an
    challenge-response authentication system that uses                   untrusted network. The two parties may not have ever
                                                                         communicated previously, but with their new shared
    the same protocol in both directions. The idea is to
                                                                         secret key they can encrypt their communications over the
    trick the target into providing the answer to its own                insecure channel. The perhaps most important part of the
    challenge. This attack is only possible if the protocol              protocol is that the key is not sent over the connection, so
    allow parallel runs. The way to prevent this attack is               that it can be detected by an Eavesdropper [24][28]
    to require the initiating party to first respond to
    challenges before the target party responds to its                   b) Elliptic Curve Cryptosystems
                                                                          Elliptic curve cryptography depends       on the difficulty of
                                                                         solving the discrete logarithm for the     group of an elliptic
                                                                         curve over some finite field. This          problem is called
   Denial of service attack: A denial of service attack
                                                                         Elliptic Curve Discrete Logarithm           Problem, ECDLP
    is when attackers send many invalid requests to a                    [13][9][25].
    server without establishing a server connection in
    order to overwhelm a server and stop legitimate users                c) MQV protocol:
    from getting a connection with the server.                            This protocol is used to establish a shared secret between
                                                                         two parties. Both parties generate dynamic private/public
   Typing attack: A typing attack means that the                        key pairs and exchange their public keys. Then each party
    adversary replaces a message field of one type with a                calculates an implicit signature by using his own private
    message field of another type. This will make the                    key and the other party’s public key. This signature is
    recipient is interpret a message, and accept a protocol              used to generate the shared secret. The secret generated by
    element as another one (of a different type). For                    each party will be the same only if they are based on the
    Example could a principal identifier be falsely                      corresponding public keys [25][26][30].
    accepted as a key.

                                                                                                ISSN 1947-5500
                                                               (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                        Vol. 10, No. 12, 2012
                           VI.CONCLUSION                               ECC, 2009 International Conference on Computational Science and
                                                                       Engineering, 2009, pp. 633-640.,IEEE
It has been seen that public key based on key agreement                [12] Ja’afer AL-Saraireh & Sufian Yousef “Extension of
protocol provides strong mean for authentication, data                 Authentication and Key Agreement Protocol (AKA) for Universal
integrity and non-repudiation .This paper provides an                  Mobile Telecommunication System (UMTS)”International Journal of
introduction to Elliptic Curves and how they are used to create        Theoretical and Applied Computer Sciences Volume 1 Number 1
a secure and powerful cryptosystem. Elliptic curve                     (2006) pp. 109–118 (c) GBS Publishers and Distributors (India)
cryptography provides a methodology for obtaining high-                2006.
speed, efficient, and scalable implementations of network              [13] Debiao He.”Weakness in a Mutual Authentication Scheme for
security protocols. The achievement on the protocol goals and          Session Initiation Protocol using Elliptic Curve Cryptography”
the complete security analysis parameters are also consider
                                                                       [14] Kaiping Xue, Peilin Hong, Changsha Ma “A lightweight
overcoming the known security flaws from communication                 dynamic pseudonym identity based authentication and key agreement
network.                                                               protocol without verification tables for multi-server architecture”
                                                                       arXiv:1204.3831v1 [cs.CR] 17 Apr 2012.
                                                                       [15] Hassan Keshavarz, Mohammad Reza Jabbarpour Sattari and
                                                                       Rafidah Md Noor “ Session Initiation Protocol Attacks and
                            REFERENCES                                 Challenges” ISBN 978-1-84626,2012 International Conference on
                                                                       Security Science and Technology (ICSST 2012).
[1] Eun-Jun Yoon1, Sung-Bae Choi2 and Kee-Young Yoo3” A                [16] Shuhua Wu, Yuefei Zhu And Qiong Pu “Cryptanalysis and
Secure And Efficiency Id-Based Authenticated Key Agreement             Enhancements of Three-Party Authenticated Key Exchange Protocol
Scheme Based On Elliptic Curve Cryptosystem For Mobile Devices”        using ECC” JOURNAL OF INFORMATION SCIENCE AND
International Journal of Innovative Computing, Information and         ENGINEERING 27, 1329-1343 (2011)IEEE.
Control ICIC International c 2012 ISSN 1349-4198 Volume 8,             [17] Pierre E. ABI-CHAR, Bachar EL-HASSAN ,Abdallah
Number 4, April 2012 pp. 2637-2653 .                                   MHAMED” A Secure Authenticated Key Agreement Protocol Based
[2] Kavitha Ammayappan , Atul Negi , V. N. Sastry and Ashok            on Elliptic Curve Cryptography” Third International Symposium on
Kumar Das” An ECC-Based Two-Party Authenticated Key                    Information Assurance and Security, 0-7695-2876-7/07 2007 IEEE
Agreement Protocol for Mobile Ad Hoc Networks” JCP110116219-           DOI 10.1109/IAS.2007.57.
KNSD,2011.                                                             [18] Zhang JunHong ,Chen XinMeng, Zhu Ping”A Kind of ECC-
[3] Ja'afer M. AL-Saraireh, Mohammad S. Saraireh” Formal Analysis      Homomorphism Key Agreement in Grid” Third International
of A Novel Mutual Authentication and Key Agreement Protocol”           Conference on Semantics, Knowledge and Grid, 0-7695-3007-9/07
Applied Science University11961, Jordan.JCS&T Vol. 11 No. 2            2007 IEEE DOI 10.1109/SKG.2007.22
October 2011.                                                          [19] Bin YU , Haiyan LI” Research and Design of one Key
[4] M. Aydos, E. Sava¸s, and C¸ . K. Ko¸c ”Implementing Network        Agreement Scheme in Bluetooth” 2008 International Conference on
Security Protocols based on Elliptic Curve Cryptography                Computer Science and Software Engineering, 978-0-7695-3336-0/08
“Proceedings of the Fourth Symposium on Computer Networks, S.          , 2008 IEEE.DOI 10.1109/CSSE.2008.1263.
Oktuˇg, B. ¨ Orencik, and E. Harmancı, editors, pages 130–139,         [20] Eun-Jun Yoon,Kee-Young Yoo” A Three-Factor Authenticated
Istanbul, Turkey, May 20-21, 1999.                                     Key Agreement Scheme for SIP on Elliptic Curves” 2010 Fourth
[5] A. Katvickis, E. Sakalauskas, N. Listopadskis” Microprocessor      International Conference on Network and System Security, 978-0-
Implementation of Key Agreement Protocol over the Ring of              7695-4159-4/10 , 2010 IEEE.DOI 0.1109/NSS.2010.101335.
Multivariate Polynomials” ISSN 1392 – 1215 2011. No. 10(116).          [21] Hongfeng Zhu,Tianhua Liu “A Robust and Efficient Password-
[6] P. Vijayakumar ,V. Vijayalakshmi “Effective Key Establishment      authenticated key agreement scheme without verification table Based
and Authentication Protocol for Wireless Sensor Networks Using         on elliptic curve cryptosystem” 978-0-7695-4202-7/10 2010
Elliptic Curve Cryptography” Mobile and Pervasive Computing            IEEE.DOI 10.1109/CASoN.2010.24.
(CoMPC–2008)                                                           [22] JIANG Jun, HE Chen “A novel mutual authentication and key
[7] B.Maheshwari,” Secure Key Agreement And Authentication             agreement protocol based on NTRU cryptography for wireless
Protocols” International Journal of Computer Science & Engineering     communications” J Zhejiang Univ SCI 2005 6A(5):399-404 399
Survey      (IJCSES)      Vol.3,    No.1,    February   2012DOI:       [23] Xuelei Li, Fengtong Wen and Shenjun Cui”A strong password-
10.5121/ijcses.2012.3111 113.                                          based remote mutual authentication with key agreement scheme on
[8] Liufei Wu,Yuqing Zhang, Fengjiao Wang “ A New Provably             elliptic curve cryptosystem for portable devices” Appl. Math. Inf. Sci.
Secure Authentication and Key Agreement Protocol for SIP Using         6, No. 2, 217-222 (2012) 217.Applied Mathematics & Information
ECC ” IEEE 2008 .                                                      Sciences An International Journal.
[9] Atishay Bansal, Dinesh Sharma, Gajendra Singh, Tumpa Roy”          [24] M. Aydos, B. Sunar, and C. K. Ko.c “An Elliptic Curve
New Approach For Wireless Communication Security Protocol By           Cryptography based Authentication and Key Agreement Protocol for
Using Mutual Authentication ”Advanced Computing: An                    Wireless Communication” 2nd International Workshop on Discrete
International Journal ( ACIJ ), Vol.3, No.3, May 2012 DOI :            Algorithms and Methods for Mobile Computing and
10.5121/acij.2012.3303 31 IEEE.                                        Communications, Dallas, Texas, October 30, 1998.
[10] He Debiao*, Chen Jianhua, Hu Jin” Weakness of two ID-based        [25] ZHENG Dong , CHEN Kefei and YOU Jinyuan “ Multiparty
remote mutual authentication with key agreement protocols for          Authentication Services and Key Agreement Protocols with Semi-
mobile devices” International Conference on Computational Science      Trusted Third Party” Vol.17 No.6 J. Comput. Sci. & Technol. Nov.
and Engineering, 2010 IEEE.                                            2002.
[11] Yoon E.-J., Yoo K.-Y., Robust “ID-based Remote Mutual             [26] Mohsen Sharifi, Saeid Pourroostaei Ardakani, Saeed Sedighian
Authentication with Key Agreement Protocol for Mobile Devices on       Kashi “SKEW: An Efficient Self Key Establishment Protocol for
                                                                       Wireless Sensor Networks” 978-1-4244-4586-8/09,2009 IEEE.

                                                                                                      ISSN 1947-5500
                                                                  (IJCSIS) International Journal of Computer Science and Information Security,
                                                                                                                          Vol. 10, No. 12, 2012
[27] Rakesh Chandra Gangwar “Secure And Efficient Decentralized           [34] Moncef Amara ,Amar siad “Elliptic Curve Cryptography and its
Group Key Establishment Protocol For Robust Group                         application”7th international workshop on systems ,signal processing
Communication” Journal Of Theoretical And Applied Information             and their applications(WOSSPA)IEEE 2011
Technology © 2005 - 2008 JATIT.                                           [35] Fahad Bin Muhaya, Qasem Abu Al-Haija, and Lo'ai Tawalbeh”
[28] Mohammad Sheikh Zefreh, Ali Fanian, Sayyed Mahdi Sajadieh,           Applying Hessian Curves in Parallel to improve Elliptic Curve
Mahdi Berenjkoub, Pejman Khadivi “A Distributed Certificate               Scalar Multiplication Hardware”.International Journal of Security and
Authority and Key Establishment Protocol for Mobile Ad Hoc                Its Applications Vol. 4, No. 2, April, 2010.
Networks” ISBN 978-89-5519-136-3 -1157- Feb. 17-20, 2008                  [36] Sonali U Nimbhorkar, Dr.L.G.Malik” A Survey On Elliptic
ICACT 2008.                                                               Curve Cryptography (Ecc)” International Journal of Advanced
[29] H.-A. Wen, C.-L. Lin and T. Hwang. "Provably secure                  Studies in Computers, Science and Engineering, vol 1 issue1 ISSN
authenticated key exchange protocols for low power computing              2278-7917, 5july2012.
clients". Computers & Security, vol. 25, 2006, pp. 106-113.
[30] R. Arshad, N. Ikram” A Novel Mutual Authentication Scheme
for Session Initiation Protocol based on Elliptic Curve Cryptography”                               AUTHORS PROFILE
ISBN 978-89-5519-155-4 705 Feb. 13-16, 2011 ICACT2011.                    Sonali U Nimbhorkar received Post Graduate degree in
[31] Simon Blake-Wilsony Don Johnsonz Alfred Menezesx “Key
                                                                          computer science from RTMNU, Nagpur. She has published
Agreement Protocols and their Security Analysis “the Sixth IMA
International Conference on Cryptography and Coding, Cirencester,         more than 17 research papers in various international journals
England, 17-19 December 1997 .                                            and international conference as an main author and co-author
[32] “STANDARDS FOR EFFICIENT CRYPTOGRAPHY “SEC 2:                        in the field of issues related wireless network ,wireless mesh
Recommended Elliptic Curve Domain Parameters Certicom Research            network, network security and cryptography At present she is
September 20, 2000                                                        assistant Professor in Computer Science & engineering
[33] Alfred J. Menezes,Paul C. van Oorschot,Scott A. Vanstone”            Department in G.H.Raisoni College of Engineering Nagpur,
HANDBOOK of APPLIED CRYPTOGRAPHY” CRC Press, 2nd                          India.
edition, 1996.

                                                                                                       ISSN 1947-5500