Key agreement and digital signature are two significant and most useful contributions of modern cryptography. Such protocols and schemes allow two or more parties to establish a common session key securely in the presence of a malicious adversary and provide means of ensuring data origin authentication, data integrity and non-repudiation. Thus, secure key agreement protocols and signature schemes are fundamental building blocks for constructing complex higher-level protocols.udIn this thesis, we deal with security analysis of existing key agreement protocols and digital signature schemes. We examine ten authenticated key agreement protocols without key confirmation, out of which half are two-party and the other half are three-party, and one deterministic identity-based aggregate signature scheme. By giving concrete attacks, we show that these protocols and the scheme do not possess the desirable security attributes or security attributes claimed by their authors. We also present a secure deterministic identity-based signature scheme that supports partial aggregation.udFirst, we show that Okamoto's and Chen et al.’s protocol cannot withstand the key-compromise impersonation attack and that Tan et al.’s, Lim et al.’s and two protocols of Hölbl et al. are insecure against the impersonation attack and the man-in-the-middle attack. Next, we prove that one protocol of Hölbl et al. is vulnerable to the insider attack, one to the unknown key-share attack, one protocol allows an adversary to compute the private key of any user and one protocol allows her to compute the shared session key. We also show that Selvi et. al.'s deterministic identity-based aggregate signature scheme is universally forgeable, i.e., anyone is able to easily generate valid signatures on any messages of his choice having on average twelve genuine digital signatures. udIn the end, we introduce a new deterministic identity-based signature scheme and formally prove its security in the random oracle model. The scheme is a major improvement of the signature scheme proposed by Selvi et. al. and offers the same tight security reduction to the underlying gap Diffie-Hellman problem. Because the newly proposed scheme is deterministic it allows partial aggregation, i.e., all the signatures from the same signer can be aggregated into one single short signature.ud
展开▼
