New Subclass Framework and Concrete Examples of Strongly Asymmetric Public Key Agreement

Strongly asymmetric public key agreement (SAPKA) is a class of key exchange between Alice and Bob that was introduced in 2011. The greatest difference from the standard PKA algorithms is that Bob constructs multiple public keys and Alice uses one of these to calculate her public key and her secret shared key. Therefore, the number of public keys and calculation rules for each key differ for each user. Although algorithms with high security and computational efficiency exist in this class, the relation between the parameters of SAPKA and its security and computational efficiency has not yet been fully clarified. Therefore, our main objective in this study was to classify the SAPKA algorithms according to their properties. By attempting algorithm attacks, we found that certain parameters are more strongly related to the security. On this basis, we constructed concrete algorithms and a new subclass of SAPKA, in which the responsibility of maintaining security is significantly more associated with the secret parameters of Bob than those of Alice. Moreover, we demonstrate 1. insufficient but necessary conditions for this subclass, 2. inclusion relations between the subclasses of SAPKA, and 3. concrete examples of this sub-class with reports of implementational experiments.

A Secure Distance-Bounding Protocol with Mutual Authentication

Distance-bounding protocol is a useful primitive in resisting distance-based attacks. Currently, most of the existing distance-bounding protocols usually do not take the reuse of nonces in designing the protocols into consideration. However, there have been some literature studies showing that nonce repetition may lead to the leakage of the shared key between protocol participants. Aikaterini et al. introduced a countermeasure that could serve as a supplementary in most distance-bounding systems allowing nonce repetition. However, their proposal only holds against passive attackers. In this paper, we introduce an active attack model and show that their countermeasure is insecure under the proposed active attack model. We also discover that all existing distance-bounding protocols with mutual authentication are vulnerable to distance-based attacks if a short nonce is applied under the proposed active model. To address this security concern, we propose a new distance-bounding protocol with mutual authentication to prevent distance-based attacks under the active adversary model. A detailed security analysis is presented for the proposed distance-bounding protocol with mutual authentication.

Secure multiparty quantum key agreement against collusive attacks

Quantum key agreement enables remote participants to fairly establish a secure shared key based on their private inputs. In the circular-type multiparty quantum key agreement mode, two or more malicious participants can collude together to steal private inputs of honest participants or to generate the final key alone. In this work, we focus on a powerful collusive attack strategy in which two or more malicious participants in particular positions, can learn sensitive information or generate the final key alone without revealing their malicious behaviour. Many of the current circular-type multiparty quantum key agreement protocols are not secure against this collusive attack strategy. As an example, we analyze the security of a recently proposed multiparty key agreement protocol to show the vulnerability of existing circular-type multiparty quantum key agreement protocols against this collusive attack. Moreover, we design a general secure multiparty key agreement model that would remove this vulnerability from such circular-type key agreement protocols and describe the necessary steps to implement this model. The proposed model is general and does not depend on the specific physical implementation of the quantum key agreement.

IMPLEMENTASI CHALLENGE RESPONSE AUTHENTICATION MECHANISM (CRAM) UNTUK KEAMANAN TRANSAKSI PERANGKAT IoT

This research aims to secure data transaction in Internet of Things (IoT)devices using the challenge-response authentication mechanism (CRAM). The research choose uses ESP 8266 and ESP 32 to develop the system for their ability to run micropython programming language. Using a random challenge to grant authentication protects the system from replay attack from intruders. In each authentication process, the client receives a 10 digit random number to be encrypted using a shared key and sent back to the server. The server then checks if the client posses the correct key by decrypting the encrypted challenge using the same shared key. Access is granted if the decryption result is equal to the original challenge.

Stateless One-time Authenticated Session Resumption in TLS Handshake Using Paired Token

Transport Layer Security (TLS) is a cryptographic protocol that provides communications security between two peers and it is widely used in many applications. To reduce the latency in TLS handshake session resumption using pre-shared key (PSK) had been used. But current methods in PSK mode handshake uses a fixed session key multiple times for the lifetime of session ticket. Reuse of fixed session key should be very careful in the point of communications security. It is vulnerable to replay attacks and there is a possibility of tracking users. Paired token (PT) is a new secondary credential scheme that provides pre-shared key in stateless way in client-server environment. Server issues paired token (public token and secret token) to authenticated client. Public token represents signed identity of client and secret token is a kind of shared secret between client and server. Once client is equipped with PT, it can be used for many symmetric key based cryptographic applications such as authentication, authorization, key establishment, etc. It was also shown that it can be used for one-time authenticated key establishment using the time-based one-time password (TOTP) approach. In this paper we apply the PT and TOTP approach to TLS to achieve stateless one-time authenticated session resumption. Server executes full handshake of TLS 1.3 and issues PT to authenticated client. Then client and server can execute one-time authenticated session resumption using PT in stateless way in server side. In every runs of session resumption distinct session keys are established that the same PT can be used safely for longer lifetime. If anonymous PT is used with renewal issuing, user privacy, untraceability and forward security can be achieved easily. It will provide a huge performance gain in large-scale distributed services.