Information Technology Reference
In-Depth Information
7 Discovering User's Key
Although the zero-knowledge protocol described in section 6 is inspired on the Diffie-
Hellman [4] key agreement scheme, it does not satisfy the objectives. Instead of veri-
fying if a given peer is a legal one, the protocol allows the extraction of the secret key,
i.e.
the ticket
x
j
, of the peer
j
under verification.
Let us consider that the peer
i
is a legal peer and he runs the protocol to verify the
legal peer
j
. Then, peer
i
can obtain the ticket
x
j
, thus breaking completely the security
of the system. The process is as follows.
Step 1
.
Peer
i
computes his part of the Diffie-Hellman challenge, that is,
dh
i
=
g
xi
mod
m
, chooses
inv
at random and sends
dh
i
and
inv
to the peer
j
. Note that the origi-
nal protocol described in section 6 establishes that peer
i
sends an integer
inv
and
dh
i
.
Peer
i
has not established any communication with the server.
Step 2
. Peer
j
computes
r
j
=
inv
-1
mod
x
j
,
dh
j
=
g
xj
mod
m
, and β
j
=
r
j
(
dh
i
)
xj
mod
m
.
He sends
dh
j
and β
j
to the peer
i
.
Step 3
. Peer
i
computes the complete Diffie-Hellman key as
dh
= (
dh
j
)
xi
mod
m
.
Then, he recovers the value
r
j
mod
m
= β
j
·
dh
-1
mod
m
. If
m
is greater or equal than
x
j
,
then
r
j
=
r
j
mod
m
and (
inv
·
r
j
-1) is a multiple of
x
j
. Therefore,
x
j
could be computed as
x
j
= gcd(
inv
·
r
j
-1,
vL
) with high probability. If
m
is lower then
x
j
, then
x
j
can be recov-
ered
r
j
<
m
.
8 Conclusions
The key refreshing scheme proposed in [1], and applied later in [2] and [3], has an
important security weakness. Therefore, the legal members can impersonate the Key
server against the rest of users. Furthermore, the authentication protocol fails because
forged refreshments are not detected. Finally, the secret keys (tickets) of the members
can be recovered by another members using the zero-knowledge protocol proposed in
[1] to detect illegal peers.
Acknowledgments.
This work was supported by Ministry of Science and Innovation
and European FEDER Fund under Project TIN2008-02236/TSI.
References
1.
Naranjo, J.A.M., López-Ramos, J.A., Casado, L.G.: Applications of the Extended Euclidean
Algorithm to Privacy and Secure Communications. In: Proc. of 10th International Confer-
ence on Computational and Mathematical Methods in Science and Engineering (2010)
2.
Naranjo, J.A.M., López-Ramos, J.A., Casado, L.G.: Key Refreshment in overlay networks:
a centralized secure multicast scheme proposal. In: XXI Jornadas de Paralelismo, Valencia,
Spain, pp. 931-938 (2010)
3.
Naranjo, J.A.M., López-Ramos, J.A., Casado, L.G.: A Key Distribution scheme for Live
Streaming Multi-tree Overlays. In: 3rd International Conference on Computational Intelli-
gence in Security for Information Systems, CISIS 2010, pp. 223-230 (2010),
doi:10.1007/978-3-642-16626-6-24
4.
Menezes, A., Oorschot, P., Vanstone, S.: Handbook of applied cryptography. CRC Press,
Boca Raton (1996)
Search WWH ::
Custom Search