## An Identity-Based Key Agreement Protocol for the Network Layer

Citations: | 4 - 3 self |

### BibTeX

@MISC{Schridde_anidentity-based,

author = {Christian Schridde and Matthew Smith and Bernd Freisleben},

title = {An Identity-Based Key Agreement Protocol for the Network Layer},

year = {}

}

### OpenURL

### Abstract

Abstract. A new identity-based key agreement protocol designed to operate on the network layer is presented. Endpoint addresses, namely IP and MAC addresses, are used as public keys to authenticate the communication devices involved in a key agreement, which allows us to piggyback much of the security overhead for key management to the existing network infrastructure. The proposed approach offers solutions to some of the open problems of identity-based key agreement schemes when applied to the network layer, namely multi-domain key generation, key distribution, multi-domain public parameter distribution, inter-domain key agreement and network address translation traversal. 1

### Citations

3188 | A method for obtaining digital signatures and public-key cryptosystems
- Rivest, Shamir, et al.
- 1977
(Show Context)
Citation Context ...d optionally MAC addresses on the data link layer for bootstrapping purposes. It utilizes the mathematics also used in the traditional Diffie-Hellman [12] key agreement and Rivest-ShamirAdleman (RSA) =-=[23]-=- public key cryptography approaches, and in the key distribution system proposed by Okamoto [19]. Solutions to the problems of multi-domain key generation, key distribution, multi-domain public parame... |

2966 | Hellman: New Directions in Cryptography
- Diffie, Martin
- 1976
(Show Context)
Citation Context ...ealized using IP addresses on the network layer and optionally MAC addresses on the data link layer for bootstrapping purposes. It utilizes the mathematics also used in the traditional Diffie-Hellman =-=[12]-=- key agreement and Rivest-ShamirAdleman (RSA) [23] public key cryptography approaches, and in the key distribution system proposed by Okamoto [19]. Solutions to the problems of multi-domain key genera... |

1246 | Identity-based encryption from the Weil pairing
- Boneh, Franklin
- 2003
(Show Context)
Citation Context ...emes [16] and identity-based key agreement protocols [14] have been suggested, but it was not until 2001 when the first practical IBE systems were introduced by Boneh and Franklin using Weil pairings =-=[6]-=- and Cocks using quadratic residues [10]. IBC has been applied to several application layer protocols, with the main focus lying on e-mail protection. Some attempts have been made to apply IBC to lowe... |

799 |
Identity-based cryptosystems and signature schemes
- Shamir
- 1985
(Show Context)
Citation Context ...itable for small networks but does not scale well. The PKI approach scales better but has a high management overhead [27],[2]. To avoid the complexity of authenticated public key distribution, Shamir =-=[25]-=- in 1984 proposed the concept of identitybased cryptography (IBC) which allows an arbitrary string to be used as a public key. Since then, several identity-based encryption (IBE) schemes [16] and iden... |

329 | An improved algorithm for computing logarithms over GF(p) and its cryptographic significance
- Pohlig, Hellman
- 1978
(Show Context)
Citation Context ...he requirements stated in the Setup algorithm, i.e. the computation of discrete logarithms is infeasible in ZN1 and ZN2 , respectively. Consequently, an algorithm such as the Pohlig-Hellman algorithm =-=[20]-=- cannot be applied and Pollard’s P− 1 factoring algorithm [21] will not be a threat. Thus, a random non-trivial integer has a large order in ZN1N2 with an overwhelming probability, and the computation... |

221 | An Identity Based Encryption Scheme Based on Quadratic Residues
- Cocks
- 2001
(Show Context)
Citation Context ...ent protocols [14] have been suggested, but it was not until 2001 when the first practical IBE systems were introduced by Boneh and Franklin using Weil pairings [6] and Cocks using quadratic residues =-=[10]-=-. IBC has been applied to several application layer protocols, with the main focus lying on e-mail protection. Some attempts have been made to apply IBC to lower layers like the network layer to offer... |

179 | Hierarchical Identity Based Encryption with Constant Size Ciphertext
- Boneh, Boyen, et al.
- 2005
(Show Context)
Citation Context ...s it is unlikely that a single trusted authority can be found to operate the identity private key generator (ID-PKG). Several solutions have been proposed which allow multiple ID-PKGs to interoperate =-=[15,17,7,5]-=-, but these systems require either cooperation between the ID-PKGs or a hierarchical approach with a trusted party at the top. Both approaches are difficult to use in the Internet due to organizationa... |

115 | Toward hierarchical identity-based encryption
- Horwitz, Lynn
- 2002
(Show Context)
Citation Context ...s it is unlikely that a single trusted authority can be found to operate the identity private key generator (ID-PKG). Several solutions have been proposed which allow multiple ID-PKGs to interoperate =-=[15,17,7,5]-=-, but these systems require either cooperation between the ID-PKGs or a hierarchical approach with a trusted party at the top. Both approaches are difficult to use in the Internet due to organizationa... |

85 | Anonymous hierarchical identity-based encryption (without random oracles
- Boyen, Waters
- 2006
(Show Context)
Citation Context ...s it is unlikely that a single trusted authority can be found to operate the identity private key generator (ID-PKG). Several solutions have been proposed which allow multiple ID-PKGs to interoperate =-=[15,17,7,5]-=-, but these systems require either cooperation between the ID-PKGs or a hierarchical approach with a trusted party at the top. Both approaches are difficult to use in the Internet due to organizationa... |

75 |
Theorems on factorization and primality testing
- Pollard
- 1974
(Show Context)
Citation Context ...ation of discrete logarithms is infeasible in ZN1 and ZN2 , respectively. Consequently, an algorithm such as the Pohlig-Hellman algorithm [20] cannot be applied and Pollard’s P− 1 factoring algorithm =-=[21]-=- will not be a threat. Thus, a random non-trivial integer has a large order in ZN1N2 with an overwhelming probability, and the computation of discrete logarithms is infeasible in ZN1N2 .Inthe followin... |

55 |
An identity-based key-exchange protocol
- Gunther
- 1990
(Show Context)
Citation Context ...entitybased cryptography (IBC) which allows an arbitrary string to be used as a public key. Since then, several identity-based encryption (IBE) schemes [16] and identity-based key agreement protocols =-=[14]-=- have been suggested, but it was not until 2001 when the first practical IBE systems were introduced by Boneh and Franklin using Weil pairings [6] and Cocks using quadratic residues [10]. IBC has been... |

52 | A New Two-Party Identity-Based Authenticated Key Agreement (Extended version available from http://eprint. iacr.org/2004/122
- McCullagh, Barreto
- 2005
(Show Context)
Citation Context |

50 | Identity Based Authenticated Key Agreement Protocols from Pairings (Corrected version at http://eprint.iacr.org/2002/ 184
- Chen, Kudla
- 2003
(Show Context)
Citation Context ...pplication focus is e-mail, dealing with key distribution and expiration in this domain. Several optimizations and extensions of Boneh and Franklin’s IBE approach have been suggested (e.g. [17], [8], =-=[9]-=-, [26]), all based on the Weil pairings [6] originally used by Boneh and Franklin. These extensions include hierarchical IBE systems [15] and public parameter distribution systems [27]. However, the m... |

50 | ID based cryptosystems with pairing on elliptic curve
- Sakai, Kasahara
- 2003
(Show Context)
Citation Context ...osals is on application level security, and e-mail is the main application. Apart from the full IBE systems, several identity based key agreement schemes have been proposed, such as [14], [19], [17], =-=[24]-=-, [9], [26] and [8]. For example, the key distribution system proposed by Okamoto [19] extracts identity information and combines it into a session initiation key in a similar manner as in our scheme,... |

45 | Identity-based key agreement protocols from pairings
- Chen, Cheng, et al.
(Show Context)
Citation Context ...ain application focus is e-mail, dealing with key distribution and expiration in this domain. Several optimizations and extensions of Boneh and Franklin’s IBE approach have been suggested (e.g. [17], =-=[8]-=-, [9], [26]), all based on the Weil pairings [6] originally used by Boneh and Franklin. These extensions include hierarchical IBE systems [15] and public parameter distribution systems [27]. However, ... |

31 | A non-interactive public-key distribution system
- Maurer, Yacobi
- 1996
(Show Context)
Citation Context ..., Shamir [25] in 1984 proposed the concept of identitybased cryptography (IBC) which allows an arbitrary string to be used as a public key. Since then, several identity-based encryption (IBE) schemes =-=[16]-=- and identity-based key agreement protocols [14] have been suggested, but it was not until 2001 when the first practical IBE systems were introduced by Boneh and Franklin using Weil pairings [6] and C... |

28 |
Identity-based authenticated key agreement protocol based on Weil pairing
- Smart
(Show Context)
Citation Context ...ation focus is e-mail, dealing with key distribution and expiration in this domain. Several optimizations and extensions of Boneh and Franklin’s IBE approach have been suggested (e.g. [17], [8], [9], =-=[26]-=-), all based on the Weil pairings [6] originally used by Boneh and Franklin. These extensions include hierarchical IBE systems [15] and public parameter distribution systems [27]. However, the main fo... |

16 |
Key distribution system based on identification information
- Okamoto, Tanaka
- 1989
(Show Context)
Citation Context ...thematics also used in the traditional Diffie-Hellman [12] key agreement and Rivest-ShamirAdleman (RSA) [23] public key cryptography approaches, and in the key distribution system proposed by Okamoto =-=[19]-=-. Solutions to the problems of multi-domain key generation, key distribution, multi-domain public parameter distribution, cross-domain key agreement and NAT are presented. The paper is organized as fo... |

11 | Domain-Based Administration of Identity-Based Cryptosystems for Secure Email
- Smetters, Durfee
- 2003
(Show Context)
Citation Context ...cture (PKI) to secure the communication channel. The pre-shared keys approach is suitable for small networks but does not scale well. The PKI approach scales better but has a high management overhead =-=[27]-=-,[2]. To avoid the complexity of authenticated public key distribution, Shamir [25] in 1984 proposed the concept of identitybased cryptography (IBC) which allows an arbitrary string to be used as a pu... |

6 | Lightweight email signatures (extended abstract
- Adida, Chau, et al.
- 2006
(Show Context)
Citation Context ...opt the public parameter distribution technique for our system. For more information on the details of how to incorporate this kind of information into the DNS system, the reader is referred to [27], =-=[1]-=- or [13]. To secure the transport, either DNSsec can be used or the public parameters can be signed and transferred with standard DNS, or a key agreement can be executed between the requesting party a... |

4 | Minimal-overhead ip security using identity based encryption
- Appenzeller, Lynn
- 2002
(Show Context)
Citation Context ... (PKI) to secure the communication channel. The pre-shared keys approach is suitable for small networks but does not scale well. The PKI approach scales better but has a high management overhead [27],=-=[2]-=-. To avoid the complexity of authenticated public key distribution, Shamir [25] in 1984 proposed the concept of identitybased cryptography (IBC) which allows an arbitrary string to be used as a public... |

1 |
B.: An Identity-Based Key Agreement and Signature Protocol with Independent Private Key Generators
- Schridde, Smith, et al.
- 2008
(Show Context)
Citation Context ...it calculates ((G1G2) rIDA dIDA � )R1R2 �H1(IDA) −1 �rIDB ≡ (G1G2) R1R2rID rID A B ≡ Smod(N1N2) Output: S A security analysis, correctness proofs and further details on the algorithms can be found in =-=[3]-=-. 4 Implementation Issues In the following, several issues for deploying the proposed system in practice are discussed. It will be shown how the public parameters and the identity keys are distributed... |

1 |
Cryptographically Generated Addresses, RFC
- Aura
- 2005
(Show Context)
Citation Context ... the transport and network layer which maps HIP identifiers to the routable IPv6 addresses and provides authentication. To address the last critical issue, Cryptographically Generated Addresses (CGA) =-=[4]-=- have been propsed to encode a public key into the 64-bit identifier of the IPv6 address, thus avoiding the need to change the protocol stack. However, CGA still requires the public key to be created ... |