Compilers and protocols for key establishment
- Consuelo Martínez López Directeur/trice
- Rainer Steinwandt Directeur/trice
Université de défendre: Universidad de Oviedo
Fecha de defensa: 24 juillet 2012
- María Isabel González Vasco President
- Ignacio Fernández Rúa Secrétaire
- Michel Ferreira Abdalla Rapporteur
Type: Thèses
Résumé
In this thesis we study key establishment in different settings and compilers adding extra features to existing protocols. Different security models are proposed and several schemes are presented and analysed. In the public key setting, a compiler is proposed in order to add forward secrecy to any existing authenticated group key establishment protocol P. This compiler adds one round and makes use of a forward secure unauthenticated 1-round 2-party key establishment protocol Q. In the identity-based setting, restricting to the two-party case, Identity- Based Non-Interactive Key Distribution (IB-NIKD) is studied, presenting a key-evolving variant. A security model capturing an intuitive form of forward security is proposed and a scheme satisfying this security notion is presented. A key-evolving variant of identity-based encryption can also be defined. We have explored the relation between these two primitives, giving a generic compiler to get forward secure identity-based encryption schemes from forward secure IB-NIKD schemes. If keys have to be established between users without an specific identity but between users possessing certain credentials, attribute-based group key establishment is the most suitable tool. We propose an appropriate security model and a scheme secure in that sense. We construct the protocol from an attribute-based signcryption scheme. A study on how we can realize these schemes has been made: we prove we can generally construct, also in the attribute-based setting, secure signcryption schemes through the encrypt-then-sign paradigm. A cryptanalysis of a two-party key establishment proposed by G. Maze et al. in Advances in Mathematics of Communication is described. We have proved that the session key can be recovered with minor computational effort.