The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

The Security analysis of Self-certified public key based Key agreement protocols against Active Attacks

능동적 공격자 환경에서의 자체인증 공개키에 기반한 키 분배 프로토콜의 안전성 분석

  • 양형규 (강남대학교 컴퓨터미디어공학부)
  • Published : 2005.01.01
Download PDF
⟨ Previous Next ⟩

Abstract

Girault proposed a key agreement protocol based on his new idea of self-certified public key. Later Rueppel and Oorschot showed variants of the Girault scheme. All of these key agreement protocols inherit positive features of self-certified public key so that they can provide higher security and smaller communication overhead than key agreement protocols not based on self-certified public key. Even with such novel features, rigorous security analysis of these protocols has not been made clear yet. In this paper, we give rigorous security analysis of key agreement protocols based on self-certified public key. We use reduction among functions for security analysis and consider several kinds of active attacker models such as active impersonation attack, key-compromise impersonation attack, forward secrecy and known key security.

Girault는 자체 인증 공개키(self-certified public key)의 개념과 함께 이를 사용한 키 분배 프로토롤을 제안하였고 후에 Rueppel과 Oorschot는 이를 변형한 프로토콜들을 제안하였다. 자체인증 공개키에 기반한 키 분배 프로토콜은 사용자가 자신의 비밀키를 직접 선택하므로 개인식별 정보에 기반한 방식의 문제점으로 지적되었던 신뢰센터가 임의의 사용자로 위장할 수 있는 문제를 해결할 수 있고, 또한 메모리와 계산량을 감소시킬 수 있다는 장점이 있다. 그러나, 키 분배 프로토콜의 안전성에 대한 구체적인 증명은 아직까지 미흡한 실정이다. 본 논문에서는 지금까지 제안된 자체인증 공개키에 기반한 키분배 프로토콜에 대한 능동적 공격자 환경에서의 구체적인 안전성 분석을 수행하고자 한다. 본 논문에서 고려하는 공격은 active impersonation 공격, key-compromise impersonation 공격, forward secrecy, known key secuity이며, 안전성 증명에는 수학적 귀착 이론을 이용한다.

Keywords

References

  1. E. Bach, 'Discrete logarithms and factoring,' Technical Report UCB/CSD 84/186, University of California, Computer Science Division (EECS), 1984
  2. W. Diffie and M. Hellman, 'New directions in cryptography', IEEE Trans. Inf. Theory, vol. IT-22, no.6, pp.644-654, 1974
  3. M. Girault, 'Self-certified public keys,' Advances in Cryptology-Eurocrypt '91, LNCS 547, Springer-Verlag, Berlin, pp. 490-497, 1991
  4. Y. Gurevich, 'Average Case Completeness,' Journal of Computer and System Sciences, Vol. 42, pp. 346-398, 1991 https://doi.org/10.1016/0022-0000(91)90007-R
  5. S.J. Kim, M. Mambo, T. Okamoto, H. Shizuya, M. Tada, D.H. Won, 'On the security of the Okamoto-Tanaka ID-Based Key Exchange scheme against Active attacks,' IEICE Trans. Fundamentals, vol. E84-A, pp.231-238, Jan. 2001
  6. M. Mambo and H. Shizuya, 'A note on the complexity of breaking Okamoto-Tanaka ID-based key exchange scheme,' IEICE Trans. Fundamentals, vol. E 82-A, pp77-80, Jan. 1999
  7. K.S. McCurley, 'A key distribution system equivalent to Factoring,' Journal of Cryptology, vol. 1, pp.95-105, 1988 https://doi.org/10.1007/BF02351718
  8. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997
  9. E. Okamoto and K. Tanaka, 'Key distribution system based on identification information,' IEEE J. Sel. Areas Commun., vol.7, pp.481-485, 1989 https://doi.org/10.1109/49.17711
  10. P. Ribenboim, 'The Book of Prime Number Records,' Springer-Verlag, 1988
  11. R.L. Rivest, A. Shamir and L. Adleman, 'A method for obtaining digital signatures and public key cryptosystems,' Communication ACM, vol. 21, no. 2, pp.120-126, 1978 https://doi.org/10.1145/359340.359342
  12. R.A Rueppel and P.C van Oorschot, 'Modern key agreement techniques,' Computer Communications, vol.17 pp.458-465, Jul. 1994 https://doi.org/10.1016/0140-3664(94)90100-7
  13. K. Sakurai and H. Shizuya, 'Relationships among the computational powers of breaking discrete log cryptosystems,' Advances in Cryptology-Eurocrypt '95 LNCS 921, pp.341-355, Springer-Verlag, 1995
  14. Z. Shmuely, 'Composite Diffie-Hellman public-key generating systems are hard to break,' Technical report no. 356, Computer science department, Technion-Israel Institute of Technology, 1985
  15. H. Woll, 'Reduction among number theoretic problems,' Information and Computation, vol. 72, pp. 167-179, 1987 https://doi.org/10.1016/0890-5401(87)90030-7