1 / 14

Authors: K. W. Kim, E. K. Ryu and K. Y. Yoo Authors: K. J. Lee and B. J. Lee

Cryptanalysis of Lee-Lee authenticated key agreement scheme Cryptanalysis of the modified authenticated key agreement scheme. Authors: K. W. Kim, E. K. Ryu and K. Y. Yoo Authors: K. J. Lee and B. J. Lee Source: Applied Mathematics and Computation, 2005 Reporter: Chun-Ta Li ( 李俊達 ). Outline.

thelma
Download Presentation

Authors: K. W. Kim, E. K. Ryu and K. Y. Yoo Authors: K. J. Lee and B. J. Lee

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cryptanalysis of Lee-Lee authenticated key agreement schemeCryptanalysis of the modified authenticated key agreement scheme Authors: K. W. Kim, E. K. Ryu and K. Y. Yoo Authors: K. J. Lee and B. J. Lee Source: Applied Mathematics and Computation, 2005 Reporter: Chun-Ta Li (李俊達)

  2. Outline • Introduction of Lee-Lee scheme • Guessing attack on the Lee-Lee scheme • The improved scheme • Man-in-the middle attack on the Lee-Lee scheme • The improved scheme • Comments

  3. : public : private Introduction of Lee-Lee scheme • Alice, Bob: two communicating parties; • Eve: an attacker; • idA, idB: the identities of Alice and Bob; • n: a large prime number; • g: a generator with the order n-1; • P: the common password shared between Alice and Bob; • Q: an integer computed from P; • Q-1: the inverse of Q (mod n) • a: a random number chosen by Alice; • b: a random number chosen by Bob; • H(.): a one-way hash function

  4. Introduction of Lee-Lee scheme (cont.) • Key establishment phase Alice Bob (e.1)computes X1 = gaQ mod n X1 (e.2) computes Y1 = gbQ mod n Y1 (e.3) computes the session key K1 (e.4) computes the session key K2 Y = Y1Q-1 mod n = gb mod n X = X1Q-1 mod n = ga mod n K2 = Yb mod n = gab mod n K1 = Ya mod n = gab mod n // After the Step (e.4),Alice and Bob can compute the same session key K1 = K2 = gab mod n

  5. Introduction of Lee-Lee scheme (cont.) • Key validation phase Alice Bob (v.1) computes X2 = H(idA, X1, K1) X2 (v.2) verifies X2 ?= H(idA, X1, K2) (v.3) computes Y2 = H(idB, Y1, K2) Y2 (v.4) verifies Y2 ?= H(idB, Y1, K1)

  6. Guessing attack on the Lee-Lee scheme • Key establishment phase Eve Alice Bob (e.1)computes X1 = gaQ mod n (g.1)Eve intercepts X1 (e.2) computes Y1 = gbQ mod n Y1 (g.2)Replace Y1 with Y1` = g mod n (g.3) computes the wrong session key K1` (e.4) computes the session key K2 Y` = Y1`Q-1 mod n = gQ-1mod n X = X1Q-1 mod n = ga mod n K1` = Y`a mod n =gaQ-1 mod n K2 = Yb mod n = gab mod n

  7. Guessing attack on the Lee-Lee scheme (cont.) • Key validation phase Bob Eve Alice (v.1) computes X2 = H(idA, X1, K1`) (g.4)Eve intercepts X2 (g.5)Eve guesses a candidate password P` and computes Q` mod n-1 and Q`-1 mod n-1 from P` Off-line guessing attack (g.6)Eve verifies X2 ?= H(idA, X1, (X1)Q` -2) (g.7)If above holds, Q = Q` otherwise, Eve goes back to step (g.5)

  8. The improved scheme • Key establishment phase Alice Bob (e.1)computes X1 = (ga + Q) mod n X1 (e.2) computes Y1 = (gb + Q) mod n Y1 (e.3) computes the session key K1 (e.4) computes the session key K2 Y = Y1 - Q mod n = gb mod n X = X1 - Q mod n = ga mod n K2 = Yb mod n = gab mod n K1 = Ya mod n = gab mod n

  9. Man-in-the middle attack on the Lee-Lee scheme • Key establishment phase Eve Alice Bob (e.1)computes X1 = gaQ mod n X1 (e.1`)Replace X1 with X1` = 1 mod n (e.2) computes Y1 = gbQ mod n Y1 (e.2`)Replace Y1 with Y1` = 1 mod n (e.3`) computes the wrong session key K1` (e.4`) computes the wrong session key K2` Y` = Y1Q-1 mod n = 1 mod n X` = X1Q-1 mod n = 1 mod n K1` = Y`a mod n = 1 mod n K2` = X`b mod n = 1 mod n

  10. Man-in-the middle attack on the Lee-Lee scheme (cont.) • Key validation phase Eve Alice Bob (v.1) computes X2 = H(idA, X1, K1`) X2 (v.1`)Replace X2 with X2` = H(idA, X1`, K1`) (v.2`) verifies X2` ?= H(idA, X1`, K2`) (v.3) computes Y2 = H(idB, Y1, K2`) Y2 (v.3`)Replace Y2 with Y2` = H(idB, Y1`, K2`) (v.4`) verifies Y2` ?= H(idB, Y1`, K1`)

  11. The improved scheme • Alice computes gX mod n (gX is public), where X = aQ (X is secret) • Bob computes gY mod n (gY is public), where Y = bQ (Y is secret) • Key establishment phase is the same as the key establishment phase in the Lee-Lee scheme • Key validation phase Alice Bob (v.1) Alice checks whether K1≠ 1 holds or not. If it holds, Alice computes X2 = H(idA, X1, K1) X2 (v.2) verifies X2 ?= H(idA, X1, K2) (v.3) Bob checks whether K2≠ 1 holds or not. If it holds, Bob computes Y2 = H(idB, Y1, K2) Y2 (v.4) verifies Y2 ?= H(idB, Y1, K1)

  12. Comments • If the guessing attack of first cryptanalysis scheme is applied in second improvement scheme, the second scheme is vulnerable to this attack. • Modify our scheme • Prevent guessing attack • Reduce the computational complexity • 6 exponential and 2 multiplication operations  4 exponential and 4 multiplication operations

  13. Comments (cont.) • Modify our scheme (original)

  14. Comments (cont.) • Modify our scheme gaQ X1/Q gbQ Y1/Q

More Related