Theses and Dissertations

Permanent URI for this collectionhttp://ir.daiict.ac.in/handle/123456789/1

Browse

Subject: search.filters.subject.Public key infrastructure

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Modeling and detecting attacks against key agreement protocols
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2012) Yadav, Anshu; Mathuria, Anish M.
    Key agreement protocols establish a shared secret key between two or more communicating parties willing to exchange data over insecure channels using symmetric key cryptography. Based on the number of members involved in the communication these protocols can be classied as a two party or group key agreement protocols. Various formal methods are available in the literature to analyze the security of such protocols. This helps in establishing the validity of any attacks, if found, or to prove the security of the protocols under given adversarial assumptions. In this thesis we analyze the security of several existing two party and group key agreement protocols. We used provable security models like eCK'08 and enhanced eCK and the DS model given as an algebraic approach by Delicata and Schneider to analyze a class of DH based key agreement protocols. The distinguishing feature of key agreement protocols from key transport protocols is that the former aims to ensure the contribution of all the honest participants so that no one can predetermine the key. In a poorly designed protocol, an insider adversary can control the key in different forms as dened by Pieprzyk and Wang. This type of attack is termed as key control. We also dene ephemeral key control w.r.t. dishonest insider where it is assumed that the adversary also knows the ephemeral secret of the victim honest participants. This assumption is based on several advanced attributes that assume ephemeral leakage. We analyze this attack on MTI protocols using DS model. We have shown weakness in some provably secure two party implicitly authenticated protocols and modeled the attacks in provable security model. We also analyzed key control in some group key agreement protocols. We have used the DS model to formally derive an attack shown by Pieprzyk on Burmester-Desmedt protocol and have also proposed attacks on static version of the group key agreement protocol proposed by Dutta and Barua.
  • Thumbnail Image
    ItemOpen Access
    Technique to improve revocation mechanism and enhancement of CA's services
    (Dhirubhai Ambani Institute of Information and Communication Technology, 2004) Thacker, Grishma D.; Jadhav, Ashish
    Public Key Cryptography [PKC] is becoming popular in the world of security because of its promising features like authentication and non-repudiation along with integrity and data confidentiality. It has been possible to achieve an electronic equivalent of hand written signatures that are considered to be the most common method of providing identity proof in a non-electronic world, thanks to PKC techniques. Public Key Infrastructure [PKI] is a technology that supports PKC to achieve its intended services by implementing PKC concepts. It is considered to be one of the potential technologies for the future of e-business and e-governance. Digital certificates are one of the most important components of PKI. They are issued and signed by a trusted third party named Certification Authority to provide trust worthy binding between the entity and its public key, thus, they impute trust in the public key of a claimant. The certificate has predefined validity period after which they expire. But sometimes during its valid lifetime due to certain events, the certificate doesn't remain valid. A need arises to declare its invalidity implying withdrawal of trust that was imputed in it at the time of issuance. This event is called 'revocation' of the certificate. The information regarding this event of revocation has to propagate to the entire community that might use the certificate in question for its important transaction. 'Certificate Revocation' is one of the key issues in PKI because security of any transaction relies on the validity of the certificate used in it. Hence, the status of these certificates in terms of 'valid' / 'non- valid' becomes important information to be processed, conveyed, acquired, and managed securely. There are many mechanisms proposed for the certificate revocation information distribution. My primary concern is to focus on some of these mechanisms and to provide some solution for this problem. I've proposed a method named "Staggered CRLs". It uses delta CRLs and shows how a CA can avoid generation of signature over the voluminous CRL and still can provide more timely information than the traditional CRL. CRLs are issued along with delta CRLs with 'slight' modification. The method avoids prefixing of next update time of CRL and makes it dynamic based on some other criteria. It provides more timely information at lesser frequency of CRL. My second proposal is about how a CA can enhance its services to the user community. I suggest to go beyond merely providing revocation information about the certificate and to add more value to the CA services by providing further information about the certificates.