Abstract
The key exchanged using key transfer protocols is generally used for symmetric key encryption where this key is known as private key and used for both encryption as well as decryption. As we all know, many key transfer protocols including basic Diffie-Hellman protocol are proposed in the literature. However, many of these key transfer protocols either are proven insecure or had a burden of communication and computational cost. Therefore, a more secure and efficient key transfer protocol is needed. In this article, the author proposes an authenticated key transfer protocol that securely and efficiently negotiates a common session key between two end users. He calls this protocol as IBE-TP-AKE. This proposal is based on the elliptic-curve cryptography (ECC) and uses the idea of identity-based encryption (IBE) with pairing. The security of the proposed work is based on the hard problems of elliptic curve and their pairing. Further, the author has shown the security of his proposed protocol and proved it using the security properties discussed later.
TopIntroduction
The twentieth century grew with the rapid development in the area of Internet and Mobile Communications Technologies/Applications, called Information and Communication Technology (ICT). ICT services have grown exponentially and become beneficial to the world in different ways. However, these technologies are changing very frequently, and several services with multimedia applications are growing through various real-life applications. In these regards, the security protection to various services becomes essential and challenging as well, and different security mechanism for different encryption, authentication, and integrity easy data availability technologies are being developed in a rapid pace. In order to design different security mechanisms and meet the challenges, different cryptographic primitives are used in their convenient waysIn the era of Internet technology; key transfer protocols are playing a crucial role in the network and information security field. These protocols are mainly incorporated to transfer a common session key among different user. The key exchanged using these protocols is generally used for symmetric key encryption where this key is known as private key and used for both encryption as well as decryption. As we all know, many key transfer protocols including basic Diffie-Hellman protocol, are proposed in the literature. However, many of these key transfer protocols either are proven insecure or had a burden of communication and computational cost. Therefore, a more secure and efficient key transfer protocol is needed. In this paper, the author proposes an authenticated key transfer protocol, which securely and efficiently negotiates a common session key between two end users. He calls this protocol as IBE-TP-AKE. This proposal is based on the elliptic-curve cryptography (ECC) and uses the idea of identity-based encryption (IBE) with pairing. The security of the proposed work is based on the hard problems of elliptic curve and their pairing extensions discussed in Gupta & Biswas (2015a), Gupta & Biswas (2015c) etc. Further, the author has shown the security of his proposed protocol and proved it using the security properties discussed later. All security properties of key exchange protocol is possessed by our proposed protocol. As we know, cryptography is a branch of science and it is an art to use security primitives in a way to deal with the security challenges and meet the solutions. Data encryption in cryptography is divided into two major categories namely, symmetric/private-key and asymmetric/public-key techniques in which the latter one has greater research impact than the former. However, the useful public-key cryptographic techniques like RSA, ElGamal etc. have some disadvantage as they require extensive public key management overheads. Thus, new technique called, identity-based encryption (IBE) is introduced recently and is used by researchers to design efficient cryptographic tools for different security applications. In this article, the author has formulated the idea of this technique to implement his protocol. Shamir (1984) has firstly proposed the novel idea of IBE by choosing the known identity of a user as public-key. This known identity may be Email, Ph. No, IP address etc. Using the identity of a user as public-key, Shamir removed the overhead of certificate management from public-key cryptography. In addition, a trusted third party Private Key Generator (PKG) is considered to generate user’s private key. However, the practical implementation of IBE is considered in Boneh & Franklin (2001). This proposed IBE-TP-AKE protocol includes the properties of a pairing technique as defined in Gupta & Biswas (2015b). This bilinear map relates two members of a group to a member of another group. For this particular paper, a bilinear mapping technique takes two members (points) of an elliptic curve group and maps it to a member of another multiplicative group. However, authentication to our proposed IBE-TP-AKE scheme is provided by means of the ECC. The elliptic curve hard assumptions are the hard problems which are used to efficient secure the presented protocol. The security provided by the ECC is efficient than that of RSA. A 160-bit key in ECC provides the same level of security provided by a 1024-bit key size in RSA as Gupta & Biswas (2017). The points of the elliptic curve group generate an abelian group which is used to generate the cryptographic algorithms.
Key Terms in this Chapter
Encipherment: An algorithm used to convert a readable message into unreadable message. It is used in the field of security.
Secure Communication: A method of transferring information on the internet securely.
Elliptic Curve: A curve in two dimensions, which is known by its group property on points. It is widely used in cryptography due to its hard assumptions.
Cryptography: The art and science of creating unreadable messages from readable messages by the need of security.
Authentication: Permission to access something, which is confidential. The authentication is only provided to authentic users.
Decipherment: The inverse of encipherment which is also an algorithm to change unreadable messages to readable messages.
Key Exchange: A method of transferring a secret key among various users. This key may be needed in cryptography to protect many entities like information, system, etc.