To ensure secure mobile communication, the communicating entities must know their mutual identities. The entities which need to be identified in a mobile communication system are mobile devices and the network. Third Generation Partnership Project (3GPP) has specified Evolved Packet System Authentication and Key Agreement (EPS AKA) procedure for the mutual authentication of user and the Long Term Evolution (LTE) network. EPS AKA certainly overcomes most of the vulnerabilities in the Global System for Mobile Communications (GSM) and Universal Mobile Telecommunication System (UMTS) access procedures. However, the LTE access procedure still has security weaknesses against some of the sophisticated security threats, such as, Denial-of-Service (DoS) attacks, Man-in-the-Middle (MitM) attacks, rogue base station attacks and fails to ensure privacy protection for some of the important parameters. This paper proposes an improved security framework for the LTE access procedure by ensuring the confidentiality protection of International Mobile Subscriber Identity (IMSI) and random-challenge RAND. Also, our proposed system is designed to reduce the impact of DoS attacks which try to overwhelm the network with useless computations. We use a one-time shared key with a short lifetime between the UE and MME to protect IMSI and RAND privacy. Finally, we explore the parameters design for the proposed system which leads to satisfy the requirements imposed on computational load and latency as well as security strength.

Established in self-organized mode between mobile terminals (MT), mobile Ad Hoc networks are characterized by a fast change of network topology, limited power dissipation of network node, limited network bandwidth and poor security of the network. Therefore, this paper proposes an efficient one round certificateless authenticated group key agreement (OR-CLAGKA) protocol to satisfy the security demand of mobile Ad Hoc networks. Based on elliptic curve public key cryptography (ECC), OR-CLAGKA protocol utilizes the assumption of elliptic curve discrete logarithm problems (ECDLP) to guarantee its security. In contrast with those certificateless authenticated group key agreement (GKA) protocols, OR-CLAGKA protocol can reduce protocol data interaction between group users and it is based on efficient ECC public key infrastructure without calculating bilinear pairings, which involves negligible computational overhead. Thus, it is particularly suitable to deploy OR-CLAGKA protocol on MT devices because of its limited computation capacity and power consumption. Also, under the premise of keeping the forward and backward security, OR-CLAGKA protocol has achieved appropriate optimization to improve the performance of Ad Hoc networks in terms of frequent communication interrupt and reconnection. In addition, it has reduced executive overheads of key agreement protocol to make the protocol more suitable for mobile Ad Hoc network applications.

Two new authenticated key agreement protocols in the certificateless setting are presented in this paper. Both are proved secure in the extended Canetti-Krawczyk model, under the BDH assumption. The first one is more efficient than the Lippold et al.'s (LBG) protocol, and is proved secure in the same security model. The second protocol is proved secure under the Swanson et al.'s security model, a weaker model. As far as we know, our second proposed protocol is the first one proved secure in the Swanson et al.'s security model. If no pre-computations are done, the first protocol is about 26% faster than LBG, and the second protocol is about 49% faster than LBG, and about 31% faster than the first one. If pre-computations of some operations are done, our two protocols remain faster.

We consider secret key agreement for multiple terminals based on radio propagation characteristics in a wireless relaying system where more than two terminals communicate with each other via a relay. In this system, the multiple terminals share a common secret key generated from their radio propagation characteristics with the help of the relay in the presence of an eavesdropper. In this paper, we present three secret key agreement schemes: an amplify-and-forward (AF) scheme, a signal-combining amplify-and-forward (SC-AF) scheme, and a multiple-access amplify-and-forward (MA-AF) scheme. The key idea of these schemes is that each terminal shares the fading coefficients between all terminals and the relay, and use them as the source of a secret key. The AF scheme is based on a conventional amplify-and-forward two-way relaying method, whereas in the SC-AF scheme and the MA-AF scheme, we apply the idea of analog network coding to secret key agreement. We analyze eavesdropping strategies and show that the AF scheme is not secure if the eavesdropper is located near the relay and can receive signals from the relay without multipath fading and noise. Simulation results show that the SC-AF and MA-AF schemes are effective.

Since the number of server providing the facilities for users is usually more than one, remote user authentication schemes used for multi-server architectures, rather than single server circumstance, is considered. As far as security is concerned, privacy is the most important requirements, though some other properties are also desirable in practice. Recently, a number of dynamic ID-based user authentication schemes have been proposed. However, most of those schemes have more or less weaknesses and/or security flaws. In the worst case, user privacy cannot be achieved since malicious servers or users can mount some attacks, i.e., server spoofing attack and impersonation attack, to identify the unique identifier of users and masquerade of one entity as some other. In this paper, we analyze two latest research works and demonstrate that they cannot achieve true anonymity and have some other weaknesses. We further propose the improvements to avoid those security problems. Besides user privacy, the key features of our scheme are including no verification table, freely chosen password, mutual authentication, low computation and communication cost, single registration, session key agreement, and being secure against the related attacks.

Group key establishment is an important mechanism to construct a common session key for group communications. Conventional group key establishment protocols use an on-line trusted key generation center (KGC) to transfer the group key for each participant in each session. However, this approach requires that a trusted server be set up, and it incurs communication overhead costs. In this article, we address some security problems and drawbacks associated with existing group key establishment protocols. Besides, we use the concept of secret sharing scheme to propose a secure key transfer protocol to exclude impersonators from accessing the group communication. Our protocol can resist potential attacks and also reduce the overhead of system implementation. In addition, comparisons of the security analysis and functionality of our proposed protocol with some recent protocols are included in this article.

In 2010, Guo and Zhang proposed a group key agreement protocol based on the chaotic hash function. This letter points out that Guo-Zhang's protocol is still vulnerable to off-line password guessing attacks, stolen-verifier attacks and reflection attacks.

The VoIP-based Internet Phonesystem is now seen as one of the killer applications in the high speed and broadband internet environment. Given the wide-spread use of the Internet Phone, it is necessary to provide security services for guaranteeing users' privacy. However, providing security service in Internet Phone has the possibility of incurring additional overheads such as call setup delay time. In this paper, we present a one-way key agreement model based on VoIP in order to reduce call setup time as well as protecting user privacy. The proposed approach decreases the delay time of the call setup in comparison with the previous models because our model enables the key generation in caller side without waiting the response from the receiver.

We investigate the secret key agreement from correlated Gaussian sources in which the legitimate parties can use the public communication with limited rate. For the class of protocols with the one-way public communication, we show a closed form expression of the optimal trade-off between the rate of key generation and the rate of the public communication. Our results clarify an essential difference between the key agreement from discrete sources and that from continuous sources.

Privacy amplification is a technique to distill a secret key from a random variable by a function so that the distilled key and eavesdropper's random variable are statistically independent. There are three kinds of security criteria for the key distilled by privacy amplification: the normalized divergence criterion, which is also known as the weak security criterion, the variational distance criterion, and the divergence criterion, which is also known as the strong security criterion. As a technique to distill a secret key, it is known that the encoder of a Slepian-Wolf (the source coding with full side-information at the decoder) code can be used as a function for privacy amplification if we employ the weak security criterion. In this paper, we show that the encoder of a Slepian-Wolf code cannot be used as a function for privacy amplification if we employ the criteria other than the weak one.

In PKC 2004, Choi et al. proposed an ID-based authenticated group key agreement (AGKA) protocol using bilinear pairings. Unfortunately, their protocol suffered from an impersonation attack and an insider colluding attack. In 2008, Choi et al. presented an improvement to resist insider attacks. In their modified protocol, they used an ID-based signature scheme on transcripts for binding them in a session to prevent replay of transcripts. In particular, they smartly used the batch verification technique to reduce the computational cost. In this paper, we first show that Choi et al.'s modified AGKA protocol still suffers from an insider colluding attack. Then, we prove that the batch verification of the adopted ID-based signature scheme in their modified protocol suffers from a forgery attack.

The purpose of this paper is to study sender authenticated key agreements by a third party, which uses the received parameters to verify the fact that a sender of a message knows his long-term private key. In particular, we propose a standard model for the protocol among three entities for the first time. The security of this protocol depends on the difficulty of solving two new problems related to one-way isomorphisms and the decision co-bilinear Diffie-Hellman problem on multiplicative cyclic groups. It is the first time that the security of a key agreement has been formally proven by using negligible probability. We believe that our contribution gives many applications in the cryptographic community.

We consider the problem of secret key agreement in Gaussian Maurer's Model. In Gaussian Maurer's model, legitimate receivers, Alice and Bob, and a wire-tapper, Eve, receive signals randomly generated by a satellite through three independent memoryless Gaussian channels respectively. Then Alice and Bob generate a common secret key from their received signals. In this model, we propose a protocol for generating a common secret key by using the result of soft-decision of Alice and Bob's received signals. Then, we calculate a lower bound on the secret key rate in our proposed protocol. As a result of comparison with the protocol that only uses hard-decision, we found that the higher rate is obtained by using our protocol.

This letter proposes an identity-based authenticated key agreement protocol. Different from available comparable ones, the new protocol realizes implicit authentication without bilinear pairings which makes it more efficient. The security of proposed protocol can be reduced to the standard Computational Diffie-Hellman problem. Two variants of the protocol are also given, with one achieving the security-efficiency trade-off and the other providing authenticated key agreement between users of different domains.

Security for wireless sensor networks (WSNs) has become an increasingly serious concern due to the requirement level of applications and hostile deployment areas. To enable secure services, cryptographic keys must be agreed upon by communicating nodes. Unfortunately, due to resource constraints, the key agreement problem in wireless sensor networks has become quite complicated. To tackle this problem, many public-key unrelated proposals which are considered more reasonable in cost than public key based approaches have been proposed so far including random based key pre-distribution schemes. One prominent branch of these proposals is threshold random key pre-distribution schemes. However these schemes still introduce either communication overhead or both communication and computational overheads to resource constrained sensor nodes. Considering this issue, we propose an efficient ID-based threshold random key pre-distribution scheme that not only retains all the highly desirable properties of the schemes including high probability of establishing pairwise keys, tolerance of node compromise but also significantly reduces communication and computational costs of each node. The proposed scheme is validated by a thorough analysis in terms of network resiliency and related overheads. In addition, we also propose a supplementary method to significantly improve the security of pairwise keys established indirectly.

In 2004, Choi et al. proposed an ID-based authenticated group key agreement. Unfortunately, their protocol was found to be vulnerable to the insider attacks by Zhang, Chen and Shim. To prevent insider attacks, Shim presented a modification of Choi et al.'s protocol. In this letter, we first show that Shim's modification is still insecure against insider attacks. We then present a modification of Choi et al.'s protocol that resists insider attacks. The counter-measure uses an ID-based signature on transcripts in order to bind them in a session. This prevents any replay of transcripts. Especially, by applying ID-based batch verification, the proposed one still consists of two rounds and is computationally efficient.

There are many protocols proposed for protecting Radio Frequency Identification (RFID) system privacy and security. A number of these protocols are designed for protecting long-term security of RFID system using symmetric key or public key cryptosystem. Others are designed for protecting user anonymity and privacy. In practice, the use of RFID technology often has a short lifespan, such as commodity check out, supply chain management and so on. Furthermore, we know that designing a long-term security architecture to protect the security and privacy of RFID tags information requires a thorough consideration from many different aspects. However, any security enhancement on RFID technology will jack up its cost which may be detrimental to its widespread deployment. Due to the severe constraints of RFID tag resources (e.g., power source, computing power, communication bandwidth) and open air communication nature of RFID usage, it is a great challenge to secure a typical RFID system. For example, computational heavy public key and symmetric key cryptography algorithms (e.g., RSA and AES) may not be suitable or over-killed to protect RFID security or privacy. These factors motivate us to research an efficient and cost effective solution for RFID security and privacy protection. In this paper, we propose a new effective generic binary tree based key agreement protocol (called BKAP) and its variations, and show how it can be applied to secure the low cost and resource constraint RFID system. This BKAP is not a general purpose key agreement protocol rather it is a special purpose protocol to protect privacy, un-traceability and anonymity in a single RFID closed system domain.

This study is to investigate new schemes for distributing cryptographic keys in sensor networks. Sharing a key is the very first step to realize secure communication over an untrusted network infrastructure, but commonly used cryptographic techniques cannot be employed for sensor networks due to the restriction of computational resources of sensor nodes. A practical solution to this issue is to predistribute cryptographic keys in sensor nodes before they are deployed. A focal point in this solution is the choice of keys that are assigned to a sensor node. Eschenauer et al. considered to choose keys randomly, and Chan et al. also followed the random choice approach. We consider in this paper a new approach in which keys are assigned according to a basic algebraic geometry. The performance of the proposed scheme is investigated analytically.

Pairing based cryptography has been researched intensively due to its beneficial properties. In 2005, Wu et al. [3] proposed an identity-based key agreement for peer group communication from pairings. In this letter, we propose attacks on their scheme, by which the group fails to agree upon a common communication key.

In a secure group communication, a group key agreement is to provide a secret key exchange among a group of users. When a new user joins the group, a new group key will be established. In this paper, we analyse Horng's joint protocol and show that this protocol does not provide backward secrecy. This means that a new joining user is able to discover the previous group key used by the previous group member.