Compilers and protocols for key establishment

  1. Suárez Corona, Adriana
Dirigida por:
  1. Consuelo Martínez López Director/a
  2. Rainer Steinwandt Director/a

Universidad de defensa: Universidad de Oviedo

Fecha de defensa: 24 de julio de 2012

Tribunal:
  1. María Isabel González Vasco Presidente/a
  2. Ignacio Fernández Rúa Secretario/a
  3. Michel Ferreira Abdalla Vocal

Tipo: Tesis

Teseo: 327189 DIALNET

Resumen

In this thesis we study key establishment in different settings and compilers adding extra features to existing protocols. Different security models are proposed and several schemes are presented and analysed. In the public key setting, a compiler is proposed in order to add forward secrecy to any existing authenticated group key establishment protocol P. This compiler adds one round and makes use of a forward secure unauthenticated 1-round 2-party key establishment protocol Q. In the identity-based setting, restricting to the two-party case, Identity- Based Non-Interactive Key Distribution (IB-NIKD) is studied, presenting a key-evolving variant. A security model capturing an intuitive form of forward security is proposed and a scheme satisfying this security notion is presented. A key-evolving variant of identity-based encryption can also be defined. We have explored the relation between these two primitives, giving a generic compiler to get forward secure identity-based encryption schemes from forward secure IB-NIKD schemes. If keys have to be established between users without an specific identity but between users possessing certain credentials, attribute-based group key establishment is the most suitable tool. We propose an appropriate security model and a scheme secure in that sense. We construct the protocol from an attribute-based signcryption scheme. A study on how we can realize these schemes has been made: we prove we can generally construct, also in the attribute-based setting, secure signcryption schemes through the encrypt-then-sign paradigm. A cryptanalysis of a two-party key establishment proposed by G. Maze et al. in Advances in Mathematics of Communication is described. We have proved that the session key can be recovered with minor computational effort.