An Authenticated Key Exchange with Perfect Forward Secrecy for Two Message Diffie-Hellman Type Protocols

In emerging technological world, security potentially remains as a highest challenge in the large-scale distributed systems, as it is suffering extensively with adversarial attacks due to insufficient mutual authentication. In order to address this, a state-of-art tetrahedron (3D) based two-server Password Authenticated and Key Exchange (PAKE) protocol has been formulated with formal proof of security by incorporating the elementary properties of plane geometry. The main intention of this work is, obtaining a password from the stored credentials must be infeasible when both the servers compromised together. At the outset to realize these goals, in this paper, the properties of the tetrahedron are utilized along with Diffie-Hellman (DH) key exchange algorithm to withstand against malicious attacks. A significant aspect of the proposed 3D PAKE protocol is, client side complexity has been reduced to a greater extent in terms of computation and communication. Both theoretically and practically, 3D PAKE protocol is the first demonstrable secure two-server PAKE protocol that breaks the assumptions of the Yang et al. and Yi et al. protocol that the two servers must not compromise together. Computational complexity, communication complexity, security key principles, best of all attacks happening dubiously are considered as the evaluation parameters to compare the performance of the proposed 3D PAKE protocol.

Download Full-text

Non-invertible Public Key Certificates

10.20944/preprints202012.0494.v1 ◽

2020 ◽

Author(s):

Luis Lizama-Pérez ◽

J. Mauricio López

Keyword(s):

Public Key Infrastructure ◽

Key Exchange ◽

Public Key ◽

Key Exchange Protocol ◽

Forward Secrecy ◽

Certification System ◽

Perfect Forward Secrecy

Post-quantum public cryptosystems introduced so far do not define an scalable public key infrastructure for the quantum era. We demonstrate here a public certification system based in Lizama’s non-invertible Key Exchange Protocol which can be used to implement a public key infrastructure (PKI), secure, scalable, interoperable and efficient. We show functionality of certificates across different certification domains. Finally, we discuss that non-invertible certificates can exhibit Perfect Forward Secrecy (PFS).

Download Full-text

Parallel network file systems using authenticated key exchange protocols

Journal of Applied and Advanced Research ◽

10.21839/jaar.2017.v2i3.89 ◽

2017 ◽

Vol 2 (3) ◽

pp. 161

Author(s):

S. Sathya ◽

M. Ranjith Kumar ◽

K. Madheswaran

Keyword(s):

Large Scale ◽

File Systems ◽

Key Exchange ◽

Distributed File Systems ◽

Authenticated Key Exchange ◽

Forward Secrecy ◽

Storage Devices ◽

Key Exchange Protocols ◽

Parallel Network ◽

Metadata Server

The keyestablishment for secure many-to-many communications is very important nowadays. The problem is inspired by the proliferation of large-scale distributed file systems supporting parallel access to multiple storage devices. In this, a variety of authenticated key exchange protocols that are designed to address the issues. This shows that these protocols are capable of reducing the workload of the metadata server and concurrently supporting forward secrecy and escrow-freeness. All this requires only a small fraction of increased computation overhead at the client. This proposed three authenticated key exchange protocols for parallel network file system (pNFS). The protocols offer three appealing advantages over the existing Kerberos-based protocol. First, the metadata server executing these protocols has much lower workload than that of the Kerberos-based approach. Second, two of these protocols provide forward secrecy: one is partially forward secure (with respect to multiple sessions within a time period), while the other is fully forward secure (with respect to a session). Third, designed a protocol which not only provides forward secrecy, but is also escrow-free.

Download Full-text