The Experts below are selected from a list of 1881 Experts worldwide ranked by ideXlab platform
Gene Tsudik - One of the best experts on this subject based on the ideXlab platform.
-
Authentication for paranoids : Multi-party secret -Handshakes
Lecture Notes in Computer Science, 2020Co-Authors: Stanisław Jarecki, Gene TsudikAbstract:In a society increasingly concerned with the steady assault on electronic privacy, the need for privacy-preserving techniques is both natural and justified. This need extends to traditional security tools such as authentication and key distribution Protocols. A secret Handshake Protocol allow members of the same group to authenticate each other secretly, meaning that a non-member cannot determine, even by engaging someone in a Protocol, whether that party is a member of the group. Whereas, parties who are members of the same group recognize each other as members, and can establish authenticated secret keys with each other. Thus, a secret Handshake Protocol offers privacy-preserving authentication and can be used whenever group members need to identify and securely communicate with each other without being observed or detected. Most prior work in secret Handshake Protocols considered 2-party scenarios. In this paper we propose formal definitions of multi-party secret Handshakes, and we develop a practical and provably secure multi-party secret Handshake scheme by blending Schnorr-signature based 2-party secret Handshake Protocol of Castelluccia et al. [5] with a group key agreement Protocol of Burmester and Desmedt [4]. The resulting scheme achieves very strong privacy properties, is as efficient as the (non-private) authenticated version of the Burmester-Desmedt Protocol [4, 6], but requires a supply of one-time certificates for each group member.
-
Secret Handshakes from CA-Oblivious Encryption
2010Co-Authors: Claude Castelluccia, Stanisław Jarecki, Gene TsudikAbstract:Secret Handshakes were recently introduced {[}BDS(+)03] to allow members\nof the same group to authenticate each other secretly, in the sense that\nsomeone who is not a group member cannot tell, by engaging some party in\nthe Handshake Protocol, whether that party is a member of this group. On\nthe other hand, any two parties who are members of the same group will\nrecognize each other as members. Thus, a secret Handshake Protocol can\nbe used in any scenario where group members need to identify each other\nwithout revealing their group affiliations to outsiders.\nThe work of {[}BDS(+)03] constructed secret Handshakes secure under the\nBilinear Diffie-Hellman (BDH) assumption in the Random Oracle Model\n(ROM). We show how to build secret Handshake Protocols secure under a\nmore standard cryptographic assumption of Computational Diffie Hellman\n(CDH), using a novel tool of CA-oblivious public key encryption, which\nis an encryption scheme s.t. neither the public key nor the ciphertext\nreveal any information about the Certification Authority (CA) which\ncertified the public key. We construct such CA-oblivious encryption, and\nhence a Handshake scheme, based on CDH (in ROM). The new scheme takes 3\ncommunication rounds like the {[}BDS(+)03] scheme, but it is about twice\ncheaper computationally.
-
ACNS - Authentication for paranoids: multi-party secret Handshakes
RoboCup 2005: Robot Soccer World Cup IX, 2006Co-Authors: Stanisław Jarecki, Gene TsudikAbstract:In a society increasingly concerned with the steady assault on electronic privacy, the need for privacy-preserving techniques is both natural and justified. This need extends to traditional security tools such as authentication and key distribution Protocols. A secret Handshake Protocol allow members of the same group to authenticate each other secretly, meaning that a non-member cannot determine, even by engaging someone in a Protocol, whether that party is a member of the group. Whereas, parties who are members of the same group recognize each other as members, and can establish authenticated secret keys with each other. Thus, a secret Handshake Protocol offers privacy-preserving authentication and can be used whenever group members need to identify and securely communicate with each other without being observed or detected. Most prior work in secret Handshake Protocols considered 2-party scenarios. In this paper we propose formal definitions of multi-party secret Handshakes, and we develop a practical and provably secure multi-party secret Handshake scheme by blending Schnorr-signature based 2-party secret Handshake Protocol of Castelluccia et al. [5] with a group key agreement Protocol of Burmester and Desmedt [4]. The resulting scheme achieves very strong privacy properties, is as efficient as the (non-private) authenticated version of the Burmester-Desmedt Protocol [4, 6], but requires a supply of one-time certificates for each group member.
-
ASIACRYPT - Secret Handshakes from CA-Oblivious Encryption
Advances in Cryptology - ASIACRYPT 2004, 2004Co-Authors: Claude Castelluccia, Stanisław Jarecki, Gene TsudikAbstract:Secret Handshakes were recently introduced [BDS + 03] to allow members of the same group to authenticate each other secretly, in the sense that someone who is not a group member cannot tell, by engaging some party in the Handshake Protocol, whether that party is a member of this group. On the other hand, any two parties who are members of the same group will recognize each other as members. Thus, a secret Handshake Protocol can be used in any scenario where group members need to identify each other without revealing their group affiliations to outsiders.
-
PODC - Brief announcement: secret Handshakes from CA-oblivious encryption
Proceedings of the twenty-third annual ACM symposium on Principles of distributed computing - PODC '04, 2004Co-Authors: Claude Castelluccia, Stanisław Jarecki, Gene TsudikAbstract:Secret Handshake Protocols were recently introduced by Balfanz, et al. [1] to allow members of the same group to authenticate each other secretly, in the sense that someone who is not a group member cannot tell, by engaging in the Handshake Protocol, whether his counterparty is a member of the group. On the other hand, any two parties who are members of the same group will recognize each other as members. Thus, secret Handshakes can be used in any scenario where group members need to identify each other without revealing their group affiliations to outsiders. The secret Handshake Protocol of [1] relies on a Bilinear Diffie-Hellman assumption on certain elliptic curves. We show how to build secret Handshake Protocols secure under more standard cryptographic assumptions, like the RSA or the Diffie Hellman (DH) assumption, using a novel tool of CA-oblivious public key encryption, i.e. an encryption scheme where neither the public key nor the ciphertext reveal any information about the Certification Authority which certified the public key.
Wang Tongyang - One of the best experts on this subject based on the ideXlab platform.
-
secure and efficient wtls Handshake Protocol
Journal of Computer Applications, 2008Co-Authors: Wang TongyangAbstract:The primary goal of Wireless Transport Layer Security(WTLS) is to provide the security of the wireless communication.An efficient WTLS Handshake Protocol would speed up establishing the session between the client and the server,and at the same time reduce the spending of resource on the mobile.A new WTLS Handshake Protocol called Light online compute WTLS(L-WTLS) was proposed.L-WTLS was much more economic since it had less computation,especially the online ones.At last,that the L-WTLS is more suitable for the low power mobile terminal is proved.
Stanisław Jarecki - One of the best experts on this subject based on the ideXlab platform.
-
Authentication for paranoids : Multi-party secret -Handshakes
Lecture Notes in Computer Science, 2020Co-Authors: Stanisław Jarecki, Gene TsudikAbstract:In a society increasingly concerned with the steady assault on electronic privacy, the need for privacy-preserving techniques is both natural and justified. This need extends to traditional security tools such as authentication and key distribution Protocols. A secret Handshake Protocol allow members of the same group to authenticate each other secretly, meaning that a non-member cannot determine, even by engaging someone in a Protocol, whether that party is a member of the group. Whereas, parties who are members of the same group recognize each other as members, and can establish authenticated secret keys with each other. Thus, a secret Handshake Protocol offers privacy-preserving authentication and can be used whenever group members need to identify and securely communicate with each other without being observed or detected. Most prior work in secret Handshake Protocols considered 2-party scenarios. In this paper we propose formal definitions of multi-party secret Handshakes, and we develop a practical and provably secure multi-party secret Handshake scheme by blending Schnorr-signature based 2-party secret Handshake Protocol of Castelluccia et al. [5] with a group key agreement Protocol of Burmester and Desmedt [4]. The resulting scheme achieves very strong privacy properties, is as efficient as the (non-private) authenticated version of the Burmester-Desmedt Protocol [4, 6], but requires a supply of one-time certificates for each group member.
-
Secret Handshakes from CA-Oblivious Encryption
2010Co-Authors: Claude Castelluccia, Stanisław Jarecki, Gene TsudikAbstract:Secret Handshakes were recently introduced {[}BDS(+)03] to allow members\nof the same group to authenticate each other secretly, in the sense that\nsomeone who is not a group member cannot tell, by engaging some party in\nthe Handshake Protocol, whether that party is a member of this group. On\nthe other hand, any two parties who are members of the same group will\nrecognize each other as members. Thus, a secret Handshake Protocol can\nbe used in any scenario where group members need to identify each other\nwithout revealing their group affiliations to outsiders.\nThe work of {[}BDS(+)03] constructed secret Handshakes secure under the\nBilinear Diffie-Hellman (BDH) assumption in the Random Oracle Model\n(ROM). We show how to build secret Handshake Protocols secure under a\nmore standard cryptographic assumption of Computational Diffie Hellman\n(CDH), using a novel tool of CA-oblivious public key encryption, which\nis an encryption scheme s.t. neither the public key nor the ciphertext\nreveal any information about the Certification Authority (CA) which\ncertified the public key. We construct such CA-oblivious encryption, and\nhence a Handshake scheme, based on CDH (in ROM). The new scheme takes 3\ncommunication rounds like the {[}BDS(+)03] scheme, but it is about twice\ncheaper computationally.
-
ACNS - Authentication for paranoids: multi-party secret Handshakes
RoboCup 2005: Robot Soccer World Cup IX, 2006Co-Authors: Stanisław Jarecki, Gene TsudikAbstract:In a society increasingly concerned with the steady assault on electronic privacy, the need for privacy-preserving techniques is both natural and justified. This need extends to traditional security tools such as authentication and key distribution Protocols. A secret Handshake Protocol allow members of the same group to authenticate each other secretly, meaning that a non-member cannot determine, even by engaging someone in a Protocol, whether that party is a member of the group. Whereas, parties who are members of the same group recognize each other as members, and can establish authenticated secret keys with each other. Thus, a secret Handshake Protocol offers privacy-preserving authentication and can be used whenever group members need to identify and securely communicate with each other without being observed or detected. Most prior work in secret Handshake Protocols considered 2-party scenarios. In this paper we propose formal definitions of multi-party secret Handshakes, and we develop a practical and provably secure multi-party secret Handshake scheme by blending Schnorr-signature based 2-party secret Handshake Protocol of Castelluccia et al. [5] with a group key agreement Protocol of Burmester and Desmedt [4]. The resulting scheme achieves very strong privacy properties, is as efficient as the (non-private) authenticated version of the Burmester-Desmedt Protocol [4, 6], but requires a supply of one-time certificates for each group member.
-
ASIACRYPT - Secret Handshakes from CA-Oblivious Encryption
Advances in Cryptology - ASIACRYPT 2004, 2004Co-Authors: Claude Castelluccia, Stanisław Jarecki, Gene TsudikAbstract:Secret Handshakes were recently introduced [BDS + 03] to allow members of the same group to authenticate each other secretly, in the sense that someone who is not a group member cannot tell, by engaging some party in the Handshake Protocol, whether that party is a member of this group. On the other hand, any two parties who are members of the same group will recognize each other as members. Thus, a secret Handshake Protocol can be used in any scenario where group members need to identify each other without revealing their group affiliations to outsiders.
-
PODC - Brief announcement: secret Handshakes from CA-oblivious encryption
Proceedings of the twenty-third annual ACM symposium on Principles of distributed computing - PODC '04, 2004Co-Authors: Claude Castelluccia, Stanisław Jarecki, Gene TsudikAbstract:Secret Handshake Protocols were recently introduced by Balfanz, et al. [1] to allow members of the same group to authenticate each other secretly, in the sense that someone who is not a group member cannot tell, by engaging in the Handshake Protocol, whether his counterparty is a member of the group. On the other hand, any two parties who are members of the same group will recognize each other as members. Thus, secret Handshakes can be used in any scenario where group members need to identify each other without revealing their group affiliations to outsiders. The secret Handshake Protocol of [1] relies on a Bilinear Diffie-Hellman assumption on certain elliptic curves. We show how to build secret Handshake Protocols secure under more standard cryptographic assumptions, like the RSA or the Diffie Hellman (DH) assumption, using a novel tool of CA-oblivious public key encryption, i.e. an encryption scheme where neither the public key nor the ciphertext reveal any information about the Certification Authority which certified the public key.
B. Warinschi - One of the best experts on this subject based on the ideXlab platform.
-
The TLS Handshake Protocol: A Modular Analysis
Journal of Cryptology, 2010Co-Authors: P. Morrissey, N. P. Smart, B. WarinschiAbstract:We study the security of the widely deployed Secure Session Layer/Transport Layer Security (TLS) key agreement Protocol. Our analysis identifies, justifies, and exploits the modularity present in the design of the Protocol: the application keys offered to higher-level applications are obtained from a master key , which in turn is derived through interaction from a pre-master key . We define models (following well-established paradigms) that clarify the security level enjoyed by each of these types of keys. We capture the realistic setting where only one of the two parties involved in the execution of the Protocol (namely the server) has a certified public key, and where the same master key is used to generate multiple application keys. The main contribution of the paper is a modular and generic proof of security for a slightly modified version of TLS. Our proofs shows that the Protocol is secure even if the pre-master and the master keys only satisfy only weak security requirements. Our proofs make crucial use of modelling the key derivation function of TLS as a random oracle.
-
a modular security analysis of the tls Handshake Protocol
International Conference on the Theory and Application of Cryptology and Information Security, 2008Co-Authors: P. Morrissey, N. P. Smart, B. WarinschiAbstract:We study the security of the widely deployed Secure Session Layer/Transport Layer Security (TLS) key agreement Protocol. Our analysis identifies, justifies, and exploits the modularity present in the design of the Protocol: the application keys offered to higher level applications are obtained from a master key , which in turn is derived, through interaction, from a pre-master key . Our first contribution consists of formal models that clarify the security level enjoyed by each of these types of keys. The models that we provide fall under well established paradigms in defining execution, and security notions. We capture the realistic setting where only one of the two parties involved in the execution of the Protocol (namely the server) has a certified public key, and where the same master key is used to generate multiple application keys. The main contribution of the paper is a modular and generic proof of security for the application keys established through the TLS Protocol. We show that the transformation used by TLS to derive master keys essentially transforms an arbitrary secure pre-master key agreement Protocol into a secure master-key agreement Protocol. Similarly, the transformation used to derive application keys works when applied to an arbitrary secure master-key agreement Protocol. These results are in the random oracle model. The security of the overall Protocol then follows from proofs of security for the basic pre-master key generation Protocols employed by TLS.
Tang Chaojing - One of the best experts on this subject based on the ideXlab platform.
-
design and analysis of ibc based tls Handshake Protocol
Journal of Computer Applications, 2009Co-Authors: Tang ChaojingAbstract:To overcome the disadvantages of complex certificate management and long Handshake latency which exist in current widely-used Transport Layer Security(TLS) Protocol,two improved Handshake Protocols using identity-based cryptography were designed.One Protocol adopted identity-based encryption scheme,and the other used identity-based authenticated key agreement scheme fit for mutual authentication.Results of security analysis and performance simulation show that IBC-based Protocol has commensurate cryptographic computation overhead compared with certificate-based scheme with equivalent security,but it decreases communication overhead,and has prominent superiority in Handshake latency;therefore,the scheme achieves higher efficiency.
