Cryptography Reference
In-Depth Information
User U
Sensor Node I
*
q
y = ts u
L = yP
tZ
LID ID TSSig
,
,
,
,
( ,
LID ID T
,
,
)
u
i
s
u
i
S
u
c i =H ( ID i , R i )
S i = c i P PKG + R i
K u,i = yS i
Ver ( L , ID u , ID i , T S )
= ys i P
K i , u = s i L
= t s u s i P
= s i yP
= s i ts u P
SK
F
(
K
)
u
u i
,
SK
F
(
K
)
i
i u
,
SK = SK u = SK i =
F
(
ts s P
)
ui
E = ( SK i ْID u ْID i )
E c
c
E c E
()
i
SK
ED c E c
()
SK
u
?
ESK ID ID
(
)
u
u
i
Figure 5.3. Authenticated One-Pass Session Key-Establishment Protocol with Key
Confi rmation
user U and is fresh. Hence, I accepts the message; otherwise, the protocol is terminated
at this stage. Next, the sensor node I computes the shared secret K i,u as K i,u = s i L(=s i ts u P)
and deletes L .
The user U computes the same shared secret K u,i as S i = c i P PKG + R i , where c i =
H ( ID i ;R i ) and K u , i = yS i ( =ts u s i P ). U then deletes L , t , and y . Both parties then compute
the shared session key as SK = ( K u , i ) = ( K i,u ) = ( ts u s i P) , where is the key derivation
function. However, there is no guarantee that at the end of the secure run of the proto-
col both parties compute the key. Indeed, in any key-establishment protocol, the sender
of the last message cannot confirm that the last message is received by the destined
receiver. The user may successfully finish the protocol with a key output. Although the
adversary is not able to learn the computed key, the sensor node might not receive the
user's message and, consequently, might not be able to compute the key. The assurance
against this scenario is achieved via an authenticated key-establishment protocol with
key confirmation (AKC). This is usually achieved by adding a key confirmation mes-
sage to the authenticated key-establishment protocol after the key has been established.
Hence, after both parties establish the session key, the key-establishment algorithm
proceeds as follows:
After key computation, the sensor node I performs the following steps:
• Computes the XOR of its computed key SK i with ID u and ID i , as follows: E = ( SK i
ID u ID i ).
 
Search WWH ::




Custom Search