Textbook, Syllabus, Requirements, Grades

1
Evolutions and researches on group key agreement
(GKA) protocols
Yuh-Min TsengInformation Security Lab.
(ISL) Department of Mathematics NCUEE-mail
ymtseng_at_cc.ncue.edu.tw http//ymtseng.math.ncue.e
du.tw
2
Outline

• 1. Finding Problems
• 2. Definitions and evolutions of problems
• 3. Research approaches and related works
• 4. Problem 1 GKA protocol resistant to insider
  attacks
• 5. Problem 2 GKA protocol for imbalanced
  networks
• 6. Problem 3 Pairing-based (ID-based) GKA
  protocol
• 7. Conclusions

3
1. Finding problems

• Assigned by your advisor
• Research trend for some problems or applications
• Referee of manuscripts submitted to Conferences
  or Journals
• Open / Un-solving problems (Famous problems)
• Self-finding problems (Important !)
• Seminars
• Conferences New
• Journals Complete
• Some experts web-sites
• Livelihood problems (To solve some practical
  problems)

Periodical downloading papers of related
Conferences and Journals
4
1. Finding problems gt Famous problems
Pythagoras(-572 -492) x2y2z2 , right triangle
Fermats Little Theorem
?
for all primes p and 1?a?p-1, ap-1 1 (mod p)
Fermat(1601-1665) Fermat's conjectures ?
Fermats Last Theorem ?
I have obtained a perfect proof, but no space to
write it ?
xnynzn , ngt2 No positive integer solutions
5
1. Finding problems gt Famous problems
Fermats Little Theorem
Euler Theorem
Proof a corollary of Eulers theorem
for all primes p and 1?a?p-1, ap-1 1 (mod p)
Euler(1707-1783)
Wiles Proof
Fermats Last Theorem
370 years
Based on many previous theorems and conjectures
xnynzn , ngt2 No positive integer solutions
Wiles (1993) Taylor (1995, complete)
6
1. Finding problems gt Fermat Little Theorem

• Public key primitiveness in Cryptography
• Euler Theorem for all a?Zn, a?(n)1 (mod n)
• Eulers Totient Function ?(n) Zn the number
  of positive integers less than n and relatively
  prime to n
• Fermats Little Theorem for all primes p,
  1?a?p-1, ap-1 1 (mod p)
• Proof a corollary of Eulers theorem since
  ?(p)p-1 and gcd(a,p)1 for 1?a?p-1.
• Both theorems are useful in public key systems
  (RSA, DSA, and ElGamal) and Primality testing.

7
1. Finding problems gt Fermat Last Theorem

• One conjecture gt Fermat Last Theorem
• History
• Fermat (n4), Euler (n3), Gauss (n3, complete)
• Legendre (n5) gt Legendre Symbol (Primality
  test)
• Dirichlet (n14), Lame (n7), Kummer (1810 -
  1893) (nlt100)
• ..
• Wolfskehl (1908, Offering 100000 Marks bonus)
• Taniyama-Shimura theorem/conjecture (1960)
  Relationships
• gt Fermat last theorem, Elliptic Curve and
  modular forms
• Wiles (1993, 1995) A proof of Fermat last
  theorem
• Based on Taniyama-Shimura theorem/conjecture
• Elliptic Curve Cryptography (ECC, Secure and
  Efficient)

8
1. Finding problems gt Fermat Last Theorem
A. Wiles Modular elliptic curves and Fermat's
Last Theorem, Annals of Mathematics 141
(1995), pp. 443-551, gt 1998 Fields Medal
(Specific Award, 44 years old) R.Taylor and
A.Wiles Ring theoretic properties of certain
Hecke algebras, Annals of Mathematics 141
(1995), pp. 553-572
9
1. Finding problems gt Famous problems

• Fermats another conjecture Fn22n1 is prime
• F15, F217, F3257, F465537
• Error gt F56416700417
• Mersenne prime (1588-1648) 2p-1 is prime gt p
  is prime
• 22-13, 23-17, 25-131, 27-1127
• Error gt 211-12389
• GIMPS The Great Internet Mersenne Prime Search  
  
• 44 th Mersenne prime (2006, September 4)
• 232582757 -1 Known large prime (9,808,358
  decimal digits)
• 10,000,000 decimal digits gt US100,000

10
1.Finding problems gt Personal experiences

• Group key agreement protocols
• Deep Focusing on one issue deeply
• Broad Understanding related issues
• Two-party key agreement protocols
• Group (Conference, multi-party) key establishment
  
• Conference key distribution protocols
• Group key agreement (GKA) protocols
• Resource-limited devices Elliptic Curve
• Imbalanced network (WLAN, Cellular network)
• Mobile Ad Hoc networks
• Sensor networks
• Based on various cryptographic systems (ID-based,
  Pairing)

Co-assistive
11
2. Definitions and evolutions of problems gt
Diffie-Hellman key exchange (1976)

• DH-scheme provides two-party key agreement
• Global parameters (g, p)
• p a large prime, say, 1024-bit long
• g a generator for group Zp

Discrete logarithm problem
KYabYbagab mod p
12
2. Definitions and evolutions of problems

• Group key establishment protocol
• allows users to construct a group key that is
  used to encrypt/decrypt transmitted messages
  among the users over an open communication
  channel.
• Categories
• Group key distribution
• there is a chairman who is responsible for
  generating a common key and then securely
  distributing this group key to the other users.
• Group key agreement
• involves all users cooperatively constructing a
  group key.

13
2. Definitions and evolutions of problemsgt
Categories
Group key distribution
Group key agreement
U2
U3
U2
U3
Chair/key
U1
U4
key
U1
U4


Un
U5
Un
U5
Easy issue
Challenging issue
14
2. Definitions and evolutions of problems gt
Group key agreement

• Four research approaches
• Concurrent Ring (1982, Ingemarsson et al.)
• First group key agreement
• Linear Ring 1 Broadcast (many protocols)
• Binary Tree (many protocols)
• Broadcast (many protocols)

Parallel processors
15
2. Definitions and evolutions of problems gt
(1) Concurrent Ring (1982, Ingemarsson et al.)

• First group key agreement

Note n participants 1. It requires (n-1)
rounds 2. Concurrent Easy ? How to devise ?
16
2. Definitions and evolutions of problems gt
(2) Linear Ring 1 Broadcast

• Concept (many protocols, 2002)

Note n participants 1. It requires (n-1)
rounds 2. Ui must sends i messages
17
2. Definitions and evolutions of problems gt
(3)Binary Tree

• Concept Button-up (many protocols, 2005)

Note n participants 1. It requires log n
rounds 2. Semi-concurrent
18
2. Definitions and evolutions of problems gt
(4)Broadcast

• Burmester and Demedt (1994, 2005)
• Step 1 (Round 1)
• Ui (1 i n) Keeps xi secret
• broadcasts yigxi mod p
  
• Step 2 (Round 2)
• Ui (1 i n) broadcasts zi(yi1/ yi-1)xi
  mod p
• Step 3 Each Ui computes common key K

U1
U1
Un
Broadcast channel
19
3. Research approaches and related works gt
Burmester and Demedt scheme

• Burmester and Demedt (1994)
• Non-authenticated requires a secure
  authenticated broadcast channel
• (2005, IPL) They provide a complete proof.
• Research approaches based on BD scheme
• Authenticated
• Performance
• Security properties

20
3. Research approaches and related works gt
Three approaches

• Authenticated based on different cryptographic
  systems
• General Public-key system (RSA, DSA, or ElGamal)
• Password-based
• ID-based (Weil pairing and Elliptic curve)
• Performance
• Number of Rounds
• Message size sent by each participant
• Computational cost required for each participant
• Security properties
• Withstanding impersonator attacks
• Providing forward secrecy
• Resisting malicious participant (Insider) attacks
  (New)

21
3. Research approaches and related works gt
History and remarks
1Diffie-Hellman 1976 (Two- party) First key
agreement
2 Ingemaresson - 1982 First group key
agreement
3,4 BD 1994 and 2005 Efficient and Proof
Performance 5, 15
Authenticated 6,8,9,10,16-19
Transformation to authenticated 7,11
Malicious participant 12, 13, 14
22
3. Research approaches and related works gt
History and remarks
Performance 5, 15
Transformation to authenticated 7,11
Malicious participant 12, 13, 14
Authenticated 6,8,9,10,16-19
5 Horng 2001 Comp. Efficient
6,8 2002, 2003 Round Efficient
7 Katz 2003 First Transformation
12Tang 2005 Attack it. Insider attack
15 Jung 2006 Dynamic case (Join/leave)
16 Abdalla 2006 Password-based
11 Tang 2005 Round Efficient
9, 17,18 2004, 2005. ?????? ID-based (Pairing)
14 Tseng 2005 Insider attack
13 Katz 2005 Insider attack
10 Tan 2005 Batch-verification
19 Tseng 2007 Insider attack
23
3. Research approaches and related works gt
Related papers

• 1 Diffie, W. and Hellman, M.E. (1976) New
  directions in cryptography. IEEE Trans. on Infom.
  Theory, 22, 644-654.
• 2 Ingemaresson, I., Tang, T.D. and Wong, C.K.
  (1982) A conference key distribution system. IEEE
  Trans. Infom. Theory, 28, 714-720.
• 3 Burmester, M. and Desmedt, Y. (1994) A secure
  and efficient conference key distribution system.
  Advances in Cryptology - Proceedings of
  Eurocrypt94, Perugia, Italy, 9-12 May, LNCS 950,
  pp. 275-286, Springer-Verlag, Berlin.
• 4 M. Burmester and Y. Desmedt (2005) A secure
  and scalable group key exchange system,
  Information Processing Letters, vol. 94, pp.
  137-143, 2005.
• 5 G. Horng (2001) An efficient and secure
  protocol for multi-party key establishment, The
  Computer Journal 44 (5) (2001) 463-470.
• 6 W. G. Tzeng (2002) A secure fault-tolerant
  conference-key agreement protocol, IEEE Trans. on
  Computers 51 (4) (2002) 373-379.
• 7 Katz, J. and Yung, M. (2003) Scalable
  Protocols for Authenticated Group Key Exchange.
  Advances in Cryptology - Proceedings of
  Crypto03, Santa Barbara, CA, 17-21 August, LNCS
  2729, pp. 110-125, Springer-Verlag, Berlin.
• 8 Boyd, C. and Nieto, G. (2003) Round-Optimal
  Contributory Conference Key Agreement. Proc.
  Public-Key Cryptography03, Miami, USA, 6-8
  January, LNCS 2567, pp. 161-174, Springer-Verlag,
  Berlin.

24
3. Research approaches and related works gt
Related papers

• 9 X. Yi (2004) Identity-Based Fault-Tolerant
  Conference Key Agreement, IEEE TRANS. ON
  DEPENDABLE AND SECURE COMPUTING, VOL. 1, NO. 3,
  pp.170-178, JULY-SEPTEMBER 2004.
• 10 C. Tan and J. Teo, (2005) An Authenticated
  Group Key Agreement for Wireless Networks, IEEE
  Communications Society, WCNC 2005, pp.2100-2105.
• 11 Q. Tang and C. J. Mitchell, (2005) Efficient
  Compilers for Authenticated Group Key Exchange,
  Computational Intelligence and Security
  International Conference, CIS 2005, Xi'an, China,
  December 15-19 2005, Proceedings, Part II,
  Springer-Verlag LNCS 3802, Berlin (2005),
  pp.192-197.
• 12 Q. Tang and C. J. Mitchell (2005) Security
  properties of two authenticated conference key
  agreement protocols' (pdf), in S. Qing, W, Mao,
  J. Lopez, and G. Wang (eds.), Information and
  Communications Security 7th International
  Conference, ICICS 2005, Beijing, China, December
  10-13, 2005. Proceedings, Springer-Verlag LNCS
  3783, Berlin (2005), pp.304-314.
• 13 J. Katz, J. S. Shin (2005) Modeling Insider
  Attacks on Group Key Exchange Protocols. ACM
  Conference on Computer and Communications
  Security 2005, pp. 180-189 .
• 14 Tseng, Y.M. (2005) A robust multi-party key
  agreement protocol resistant to malicious
  participants. The Computer Journal, 48, 480-487.

25
3. Research approaches and related works gt
Related papers

• 15 B. E. Jung (2006) An Efficient Group Key
  Agreement Protocol, IEEE communications letters,
  vol.10, no. 2, pp. 106-107, Feb. 2006
• 16 M. Abdalla, E. Bresson, O. Chevassut, D.
  Pointcheval (2006) Password-based Group Key
  Exchange in a Constant Number of Rounds, PKC2006,
  LNCS 3958, pp.427-442.
• 17 K. Y. Choi, J. Y. Hwang and D. H. Lee,
  Efficient ID-based Group Key Agreement with
  Bilinear Maps, 2004 International Workshop on
  Practice and Theory in Public Key Cryptography
  (PKC2004).
• 18Y. Shi, G. Chen, and J. Li, ID-Based One
  Round authenticated Group Key Agreement Protocol
  with Bilinear Pairings, Proceedings of the
  International Conference on Information
  Technology Coding and Computing (ITCC05), 2005.
• 19 Y.M. Tseng, A communication-efficient and
  fault-tolerant conference-key agreement protocol
  with forward secrecy, Journal of Systems and
  Software, , 2006, Accepted and to appear.
• 20Y.M. Tseng, A secure authenticated group key
  agreement protocol for resource-limited mobile
  devices, The Computer Journal, Vol.50, No.1, pp.
  41-52, 2007.

26
3. Research approaches and related works gt
Finding worth-to-work problems

• Keep cranky and thinking continuously !!!
• Finding solutions
• Writing a research paper or patent
• Developing application systems
• Keeping a research record (Important !!)
• Finding new problems gt solutions
• It could be a good approach/technique.
• In the future, it is possible to adopt it for
  other applications or problems.

27
3. Research approaches and related works gt
Finding worth-to-work problems

• Problem 1 Malicious participant (Insider) attack
• The malicious legal participant broadcasts a
  wrong message to disrupt the conference key
  establishment
• The proposed protocol must find who are the
  malicious participants
• Problem 2 Imbalanced wireless networks
• Resource-limited PDA, Smart phone, or UMD (Ultra
  mobile device)
• It is a flexible approach to shift the
  computational burden to the powerful node and
  reduce the computational cost of mobile nodes
• Problem 3 Pairing-based (ID-based) public-key
  system
• Practical ID-based public-key system (Elliptic
  Curve)
• 2001, New

28
4. Problem 1 GKA protocol resistant to insider
attacks

• Motivation and finding a solution
• All related GKA protocols based on the BD scheme
  suffer from insider attacks.
• Some secure conferences must be held prior to a
  special time, such as military applications,
  rescue missions and emergency negotiations.
• Related papers (2005)
• 14 Y.M. Tseng (2005) A robust multi-party key
  agreement protocol resistant to malicious
  participants. The Computer Journal, 48, 480-487.
  (2006, Wilkes Award)
• 12 Q. Tang and C. J. Mitchell (2005) Security
  properties of two authenticated conference key
  agreement protocols', in S. Qing, W, Mao, J.
  Lopez, and G. Wang (eds.), Information and
  Communications Security 7th International
  Conference, ICICS 2005, Beijing, China, December
  10-13, 2005. Proceedings, Springer-Verlag LNCS
  3783, Berlin (2005), pp.304-314.
• 13 J. Katz, J. S. Shin (2005) Modeling Insider
  Attacks on Group Key Exchange Protocols. ACM
  Conference on Computer and Communications
  Security 2005, pp. 180-189.

29
4. Problem 1 GKA protocol resistant to insider
attacks

• Insider attacks (Malicious participants) on BD
  scheme
• Step 1 (Round 1)
• Ui (1 i n) Keeps xi secret
• broadcasts yigxi mod p
  
• Step 2 (Round 2)
• Ui (1 i n, i?j) broadcasts zi(yi1/
  yi-1)xi mod p
• Uj broadcasts a random value zj
• Step 3 Each Ui compute different key K

U1
U1
Un
Broadcast channel
Who is the malicious participant ?
30
4. Problem 1 Solution GKA protocol
resistant to insider attacks

• Step 1 (Round 1) Ui (1 i n) Keep xi secret
• broadcasts yigxi
  mod p
• Step 2 (Round 2)
• Step 3 Ui (1 i n) checks and computes K

Zi is computed correctly
31
4. Problem 1 GKA protocol resistant to insider
attacks

• Security Proofs
• Assumption 1 Decision Diffie-Hellman Problem
• Theorem 1 The proposed GKA protocol is secure
  against
• passive attacks
• Theorem 2 The proposed GKA protocol is secure
  against
• insider attacks
• Discussions
• Based on BD scheme, first protocol with resisting
  to insider attacks
• In fact, the proposed GKA protocol can be applied
  to other group key agreement protocols with
  t-round (tgt1) to withstand insider attacks.
  (Reviewer comments)
• Expanding to authenticated (Tseng, 2007, JSS)

32
5. Problem 2 GKA protocol for imbalanced
wireless networks

• Motivation and finding a solution
• Resource-limited devices PDA, Cellular phone, or
  UMD (Ultra mobile device)
• It is a flexible approach to shift the
  computational burden to the powerful node and
  reduce the computational cost of mobile nodes
• Related papers
• Bresson, E. Chevassut, O., Essiari, A. and
  Pointcheval, D. (2004) Multual authentication and
  group key agreement for low-power mobile devices.
  Computer Communications, 27, 1730-1737.
• Nam, J., Kim, S., and Won, D. (2005) A weakness
  in the Bresson-Chevassut-Essiari-Pointcheval's
  group key agreement scheme for low-power mobile
  devices. IEEE Communications Letters, 9, 429-431.
• Nam, J., Kim, S., and Won, D. (2005) DDH-based
  group key agreement in a mobile environment. The
  Journal of Systems and Software, 78, 73-83.
• Y.M. Tseng (2007) A secure authenticated group
  key agreement protocol for resource-limited
  mobile devices, The Computer Journal, Vol.50,
  No.1, pp. 41-52.

33
5. Problem 2 GKA protocol for imbalanced
wireless networks

• Weaknesses of Bresson et al.s Protocol (2004)
• Without forward secrecy
• Without key authentication
• Not a contributory key agreement
• Weaknesses of Nam et al. s Protocol (2005)
• It provides a authenticated protocol based on the
  Katz-Yung transformation 7 (2003).
  (Time-consuming)
• In this case, computational cost is expensive for
  mobile device
• Not a contributory key agreement

34
5. Problem 2 GKA protocol for imbalanced
wireless networks

• Goal
• A real contributory key agreement protocol
  (Proof)
• Authenticated GKA protocol
• The proposed protocol must be well suited for
  mobile devices with limited computing capability.
• Some related issues and knowledge
• Give an example to prove that both Bresson et
  al.s and Nam et al. s protocols are not
  contributory key agreement.
• Given a complete proof to show our proposed
  protocol is a real contributory key agreement.
• Understanding the computing capability of mobile
  devices such as PDA.

35
(No Transcript)
36
5. Problem 2 GKA protocol for imbalanced
wireless networks

• Security Proofs
• Theorem 1 It is a contributory group key
  agreement protocol
• Theorem 2 Against passive adversary
• Lemma 1, Lemma 2, and Theorem 3 Against
  impersonators attack
• Theorem 4 Implicit key authentication
• Theorem 5 Forward secrecy
• Discussions
• Comparisons Computational cost and security
  properties
• This is first protocol which provides the proof
  of contributory group key agreement
• A simulation result shows that the proposed
  protocol is well suited for mobile devices with
  limited computing capability.

37
5. Problem 2 GKA protocol for imbalanced
wireless networks

• Some other possible problems and future works
• Possible inherent problems of a powerful node
• Communication Bottleneck
• Single point fail
• Trust
• Lower bound of the communication cost in a
  contributory group key agreement for imbalanced
  networks.gt Optimal solution
• .

38
6. Problem 3 Pairing-based (ID-based) GKA
protocol

• Motivation and finding a problem
• Based on Factoring problem
• Shamir (1984)
• IDgt Name, ymtseng_at_cc.ncue.edu.tw and some other
  information.
• The motivation is to simplify certificate
  management
• However, it is not practical.
• Based on Bilinear Diffie-Hellman assumption
• In 2001, D. Boneh and M. Franklin presented first
  ID-based encryption scheme.
• Afterwards, it is a important issue for
  cryptography research.
• Question
• If you focus on this topic,
• what knowledge should you prepare and own ?

39
6. Problem 3 Pairing-based (ID-based) GKA
protocol

• Related knowledge
• Elliptic curve
• Bilinear Pairing (Weil pairing and Tate pairing)
  
• Less books focus on this cryptographic systems
• ID-based cryptographic protocols
• ID-based signature (batch, threshold, blind, )
• ID-based encryption (Broadcast, authenticated)
• ID-based two-party key agreement/authentication
• Fast pairing computation
• ID-based authenticated Group key agreement

40
6. Problem 3 Pairing-based (ID-based) GKA
protocol

• Related papers of ID-based signature/encryption
• D. Boneh and M. Franklin, "Identity based
  encryption from the Weil pairing," Crypto 2001,
  LNCS 2139, pp.213--229, Springer-Verlag, 2001.
• D. Boneh and M. Franklin, "Identity based
  encryption from the Weil pairing," SIAM J. of
  Computing, Vol. 32, No. 3, pp. 586-615, 2003.
• D. Boneh, B. Lynn and H. Shacham, "Short
  signature from Weil pairing," Asiacrypt 2001,
  LNCS 2248, pp. 514--532, Springer-Verlag, 2001.
• K. Paterson. ID-based Signatures from Pairings on
  Elliptic Curves. Electronics Letters, Vol. 38,
  No. 18, pp. 10251026, 2002.
• F. Hess, "Efficient identity based signature
  schemes based on pairings," SAC 2002, LNCS 2595,
  pp. 310--324, Springer-Verlag, 2003.
• J. C. Cha and J. H. Cheon, "An identity-based
  signature from gap Diffie-Hellman groups," PKC
  2003, LNCS 2567, pp. 18--30, Springer-Verlag,
  2003.
• Yoon H. J., Cheon J. H., Kim Y. Batch
  verifications with ID-based signatures. Proc.
  ICISC2004, December 23, Seoul, Korea Berlin
  Springer-Verlag pp. 233248, LNCS 3506, 2005.
• N. Koblitz and A. Meneze, "Pairing-based
  cryptography at high security levels,"
  Cryptography and Coding 10th IMA International
  Conference, LNCS 3796, pp. 13--36,
  Springer-Verlag, 2005.
• S. Cui, P. Duan, C. W. Chan,   An efficient
  identity-based signature scheme with batch
  verifications, Proceedings of the 1st
  international conference on Scalable information
  systems , Article No. 22  , May 30 - June 01,
  2006

41
6. Problem 3 Pairing-based (ID-based) GKA
protocol

• Related papers of ID-based key agreement/authentic
  ation
• NP Smart. An identity based authenticated key
  agreement protocol based on the Weil pairing.
  Electronics Letters, volume 38 (13) 630--632,
  June 2002 .
• L. Chen and C. Kudla , Identity Based
  Authenticated Key Agreement Protocols from
  Pairings, 16th IEEE Computer Security Foundations
  Workshop (CSFW'03), 2003, p. 219
• Y. Wang. Efficient identity-based and
  authenticated key agreement protocol. Cryptology
  ePrint Archive, Report 2005/108.
• G. Xie. An ID-based key agreement scheme from
  pairing. Cryptology ePrint Archive, Report
  2005/093.
• Q. Yuan and S. Li. A new efficient ID-based
  authenticated key agreement protocol. Cryptology
  ePrint Archive, Report 2005/309.
• L. Chen, Z. Cheng, and N.P. Smart, Identity-based
  Key Agreement Protocols From Pairings,
  http//grouper.ieee.org/groups/1363/IBC/submission
  s/Chen-IBE.pdf (Good-survey) 2006.
• X. Yi, Identity-Based Fault-Tolerant Conference
  Key Agreement, IEEE TRANS. ON DEPENDABLE AND
  SECURE COMPUTING, VOL. 1, NO. 3, pp.170-178,
  JULY-SEPTEMBER 2004.
• M. Das, A. Saxena, A. Gulati, and D. Phatak A
  novel remote user authentication scheme using
  bilinear pairings, Computers Security, Volume
  25, Issue 3, May, 2006, pp. 184-189

42
6. Problem 3 Pairing-based (ID-based) GKA
protocol

• Goal Pairing-based (ID-based) GKA protocol
• Finding some possible solutions gt No concrete
  publication
• Extra results by surveying pairing-based systems
  
• Reviewer of a ID-based partially blind signature
  (2006)
• Improving performance of the Sherman et al.s
  scheme (2005)
• I presented that their scheme suffers from a
  forgery attack, reject it!
• Try to propose an efficient scheme.
• Until now, no concrete result.
• Seminar gt a two-party key agreement protocol
  (2006, CS)
• Finding some drawbacks
• We have obtained concrete results? Conferences

43
7. Conclusions
Based on the previous knowledge and new
applications/environments Thinking other
problems
44
7. Conclusions gt Thinking other problems

• Wireless environments (Resource-limited devices)
• Imbalanced networks (WLAN, Cellular network)
• Mobile Ad Hoc networks
• Distributed architectures
• No on-line certificate authority
• Sensor networks
• Specific Architectures (Pre-distributed secret
  keys, or passwords)
• Energy-aware (Computation V.S. Communication)

45
7. Conclusions gt Other Problems gt Energy
consuming

• Sensor networks (2005, Wander et al.)
• Specific Architecture (Pre-distributed secret
  keys)
• Energy-aware (Computation V.S. Communication)

Field Value
Effective data rate 12.4kbps
Energy to transmit 59.2µJ/byte
Energy to receive 28.6µJ/byte
ATmega128L active mode 13.8mW
ATmega128L power down mode 0.0075mW
ATmega128L MIPS/Watt 289MIPS/W
Mica2dot sensor platform, 2002, ..
46
7. Conclusions gt Other Problems gt Energy
consuming
Algorithm Energy
SHA-1 5.9µJ/byte
AES-128 Enc/Dec 1.62/2.49µJ/byte

• Energy cost of digital signature and key exchange
  computations mJ

Algorithm Signature Signature Key Exchange Key Exchange
Algorithm Sign Verify Client Server
RSA-1024 304 11.9 15.4 304
ECDSA-160 22.82 45.09 22.3 22.3
RSA-2048 2302.7 53.7 57.2 2302.7
ECDSA-224 61.54 121.98 60.4 60.4
47
7. Conclusions

• Research
• ?????????????,????,?????????????????,?????????????
  ?????????????????(Switch),?????????????????????
  
• ------ Wiles

?? ??? ??
48
7. Conclusions

• Thanks for your participation !
• Questions and Answers !