T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography, "Advances in Cryptology - CRYPTO 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....of the card, and obtain its secret key. We of course allow this as a possibility, but require that session keys unrelated to this host are still secure. We shall formalize the above security model, and present a protocol that is secure in this model. We build on the work of Leighton Micali [3], designing a protocol in which the server is essentially just another smart card, and in which access to the server is required only the first time a process on one host talks to a process on another host. Also, both the server and the host smart cards need only compute a few pseudo random ....

....the security parameter k) 2.2 Protocol SKI We now describe a new protocol, which we call SKI, for session key distribution in the third party mode] and prove its security in the Bellare Rogaway security model. This protocol is a modification and extension of one proposed by Leighton Micali [3] before the Bellare Rogaway security model was proposed, and indeed, no formal statements about security are claimed or proved in that paper. We found that several modifications to the protocol were necessary to obtain our proof of security, even though it is not clear that without these ....

T. Leighton and S. Micali. Secret-key agreement without public-key cryptography. In Advances in Cryptology Crypro '93, pages 456 479, 1993.

....which is based on smart cards, is mechanised. Two weaknesses due to lack of explicitness are unveiled, which a#ect the goals of confidentiality, authentication and key distribution. Shoup and Rubin [98] take into account an existing session key distribution protocol due to Leighton and Micali [60] and prove it secure using the Bellare and Rogaway s framework [24] Then, they develop a new protocol, based on the design by Leighton and Micali, for session key distribution in a three agent setting where each agent is endowed with a smart card that can compute a few PRFs. Finally, they extend ....

....of the protocol obtained both from the designers and the implementors presentations. We denote an agent P s longterm key (shared with the server) by Kp, P s smart card by C p and P s smart card long term key by K Cp . The protocol relies on the concept of pairkey (due to Leighton and Micali [60]) to establish a long term secret between the smart cards of a pair of agents. The pairkey is historically referred to the pair of agents: the one for agents A and B is # ab = # B , where is the bit wise exclusiveor operator. While A s card can compute B Ka and then # ab = ....

T. Leighton and S. Micali. Secret-key Agreement without Public-key Cryptography. In D. R. Stinson, editor, Proceedings of Advances in Cryptography --- CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 456--479. Springer-Verlag, 1993.

....keying mechanism must be used. The behavior of this mechanism is further refined to refresh the session key every 60 (240) seconds where a management is (is not) present. Where the session is not deemed private, the weak key mgmt clause simply provisions the LeightonMicali key management mechanism [24]. The confidentiality clause instructs the data handler mechanism to use either 3DES or DES, depending on the result of reconciliation. Note that the mechanisms indicated in the policy specification (e.g. dh key and dhndlr) must be provided by the enforcement infrastructure. These are not ....

T. Leighton and S. Micali. Secret-key Agreement without Public-Key Cryptography. In Proceedings of Crypto 93, pages 456--479, August 1994.

....of these issues below (see Cryptographic Functionality) 4. SDVC COMPONENTS In this section we describe our enhancements and additions to SVC. Security Architecture SDVC uses the GSS API [Lin97] to allow di erent security mechanisms to be interchanged. SDVC replaces LSGC s Leighton Micali [LM94] authentication mechanism with the Globus GSS API but preserves the existing participant key structure. The participant key is a shared secret between a participant and the LSGC group server. The participant key is used to encrypt the common group data key. In this way, the data key is delivered ....

T. Leighton and S. Micali. Secret-key Agreement without Public-Key Cryptography. In Advances in Cryptology - CRYPTO '93, pages 456-479, 1994.

....securely made by such schemes. This is due to the fact that the broadcast message can provide to a user in a privileged subset some information about the secret information of the other users in this subset. Key predistribution schemes were introduced by Blom [4] and have been also considered in [5 7,10 12,14 17,19 24,26,27]. The rst broadcast encryption schemes were proposed by Berkovits [3] and Fiat and Naor [11] Afterwards, several authors have studied these schemes [1,2,5,8,9,13,16,18,26,27] A good survey on these subjects can be found in [26] The speci cation structure of a KPS or a BES is the family of all ....

T. Leighton and S. Micali. Secret-key Agreement without Public Key Cryptography. Advances in Cryptology{CRYPTO'93, Lecture Notes in Computer Science 773 (1994) 456-479.

....ability to prove powerful properties of the protocol. This mathematical strength, coupled with the hardware basis of long term key storage, lends good confidence in the overall security of the session key distribution mechanism. Shoup Rubin builds on the Leighton Micali key distribution protocol [27], an inexpensive symmetric key distribution protocol. Leighton Micali uses a construct known as a pair key to establish a shared secret between communicating parties. Let A and B denote unambiguous identifiers for ALICE and BOB, and let K A and K B be their long term keys, and let M K denote ....

T. Leighton and S. Micali, "Secret-Key Agreement Without Public-Key Cryptography," pp. 456-479 in Proc. of Crypto '93, Santa Barbara (1993).

....The protocol assumes the means between agents and smart cards to be secure. No agent knows any long term secrets, but the cards belonging respectively to protocol initiator and responder agree on a long term secret with the help of a trusted server using a technique due to Leighton and Micali [7]. The initial phases of the protocol are omitted from gure 1 because they do not in uence the con dentiality goals directly. The initiator A obtains some credentials from the trusted server, along with a nonce Na and its certi cate from her smart card. Phase IV sees the responder B forward A s ....

T. Leighton and S. Micali. Secret-key agreement without public-key cryptogrphy. In D. R. Stinson, editor, Proceedings of Advances in Cryptography | CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 456-479. Springer-Verlag, 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography, "Advances in Cryptology - CRYPTO 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography,"Advances in Cryptology - CRYPTO 1993.

No context found.

Leighton, T. and Micali, S. (1994) `Secret-key agreement without public-Key cryptography', Advances in Cryptology, pp.456--479.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography,"Advances in Cryptology - CRYPTO 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography,"Advances in Cryptology - CRYPTO 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography,"Advances in Cryptology - CRYPTO 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography,"Advances in Cryptology - CRYPTO 1993.

No context found.

T. Leighton and S. Micali. Secret-key agreement without public-key cryptography (extended abstract). In Proc. of CRYPTO '93, pages 456--479, 1993.

No context found.

T. Leighton and S. Micali. Secret-key Agreement without Public-key Cryptography. In D. R. Stinson, editor, Proceedings of Advances in Cryptography | CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 456-479. Springer-Verlag, 1993.

No context found.

T. Leighton and S. Micali. Secret-key agreement without public-key cryptography (extended abstract). In Proc. of CRYPTO '93, pages 456--479, 1993.

No context found.

T. Leighton and S. Micali. Secret-key agreement without public-key cryptography. In Advances in Cryptology - Crypto '93, pages 456--479, 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography,"Advances in Cryptology CRYPTO 1993.

No context found.

T. Leighton and S. Micali, "Secret-key agreement without public-key cryptography," Proceedings of CRYPTO 1993.

No context found.

T. Leighton and S. Micali. Secret-key agreement without public-key cryptography (extended abstract). In Advances in Cryptology --- CRYPTO'93, volume 773 of Lecture Notes in Computer Science, pages 456--479, Berlin, New York, Tokyo, 1994. Springer-Verlag.

No context found.

T. Leighton and S. Micali. Secret-key Agreement without Public-key Cryptography. In D. R. Stinson, editor, Proc. of Advances in Cryptography --- CRYPTO'93, LNCS 773, pages 456--479. Springer-Verlag, 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography,"Advances in Cryptology - CRYPTO 1993.

No context found.

T. Leighton and S. Micali. Secret-key agreement without public-key cryptography (extended abstract). In Proc. of CRYPTO '93, pages 456--479, 1993.

No context found.

T. Leighton, S. Micali, "Secret-key Agreement without Public-Key Cryptography, "Advances in Cryptology - CRYPTO 1993.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC