A Note on LeakageResilient Authenticated Key Exchange - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

A Note on LeakageResilient Authenticated Key Exchange

Description:

A Note on Leakage-Resilient Authenticated Key Exchange. Authors: Ji Young Chun, Jung Yeon Hwang, and Dong Hoon Lee ... Source: IEEE Transactions on Wireless ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 12
Provided by: infos1
Category:

less

Transcript and Presenter's Notes

Title: A Note on LeakageResilient Authenticated Key Exchange


1
  • A Note on Leakage-Resilient Authenticated Key
    Exchange
  • Authors Ji Young Chun, Jung Yeon Hwang, and Dong
    Hoon Lee
  • Source IEEE Transactions on Wireless
    Communications, vol. 8, no. 5, May 2009
  • speaker Hao-Chuan Tsai
  • Date 2009/10/1

2
Outline
  • Introduction
  • Fathi et al.s LR-AKE scheme
  • Flaws in Fathi et al.s LR-AKE scheme
  • A cubic residue attack on the scheme with a small
    hash output
  • Conclusions

3
Introduction
  • Authenticated Key Exchange (AKE)
  • Use a signature on key materials, whose validity
    is then verified by a corresponding certificate
    (the most classical way)
  • Drawbacks
  • Using PKI requires complex key management via CRL

4
Introduction (cont.)
  • Password-based Authenticated Key Exchange (PAKE)
  • A low-entropy password can be easily memorized by
    a human
  • The risk of key exposure increases
  • Computer viruses
  • Misconfigurations of the relative system
  • Stolen portable devices

5
Introduction (cont.)
  • Promising solution to the problem of key exposure
    is leakage-resilient
  • Split key and distribute partial information of
    the key across possible multiple entities via
    secret sharing
  • Leakage of stored secret from a client or a
    server does not reveal any useful information on
    the password

6
Fathi et al.s LR-AKE Scheme
7
An Attack Scenario
  • Assume that an adversary F has obtained the
    clients secret data from the clients device
    somehow
  • F executes an off-line password guessing attack
    as follows
  • Exhausting a dictionary Dic of passwords, then F
    computes
  • Next, F computes and check if
    ? is a cubic residue
  • The total success probability of the attack is
    approximately
  • , where
    denote the probability that randomly chosen
    number in the set ? is an e-residue modulo N and
    randomly chosen number is a cubic residue modulo
    N . ? is the number of all images of H(.)

8
An Example
  • Assume that we use the SHA-1 with 160-bit output
  • Let ?8 (or n20) and N1142677. In the case the
    number of cubic residue between 1 and 255 is 162
  • The success probability of the attack in the
    public key verification phase is
    (162/256)n?0.6367n. So 0.636720 ?0.0001, we
    expect that attack succeeds within 8338 trials
    for random chosen of ?B.

9
An Example (cont.)
  • For ?A4499804 and ?B3575765, we have
    H0(neNCS?A ?B) H0(2031142677C
    S4499804 3575765)221192049115
  • Then, F can use the pre-computed look-up table to
    find cubic residue sj. That is s1243997,
    s213743, , s193, s20306462

10
Conclusions
  • The authors pointed out that serious flaws in the
    hash function used in Fathi et al.s LR-AKE
    scheme
  • The direct use of the hash function cannot
    guarantee the security of the scheme.

11
Appendix-the cubic residue modulo 1142677
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "A Note on LeakageResilient Authenticated Key Exchange" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!