21 Key Exchange method for portable terminal with direct input by user 1110251 2011 3 17
Diffie-Hellman,..,,,,.,, 2.,.,..,,.,, Diffie-Hellman, i
Abstract Key Exchange method for portable terminal with direct input by user Sasuke KOMATSU Diffie-Hellman key exchange and the key exchange method with public key cryptosystem is a typical key exchange method. These standerd methods were vulnerable to Man-in-the-middle Attacks. Then, new methods improved sacurity against Man-in-themiddle Attacks by combining authentication with PKI is studied, and used generically now. however, two problems occur when those methods use the authentication by PKI. one is the cost which to issue and to manage public key certificate, and another is a problem that is necessary to be able to connect to certificate authority to verify public key certificate. In this paper, we propose the method that combine key exchange and direct input by user especially for PDA. Direct input function in authentication in place of PKI. As a result, we examined the effectiveness of the proposed method by the comparison with existing methods, and mentioned application examples. key words Man-in-the-middle Attacks, key exchange, Diffie-Hellman, authentication ii
1 1 1.1.................................. 1 1.2................................. 1 2 3 2.1.................................. 3 2.1.1 Diffie-Hellman...................... 3............................... 4 Diffie-Hellman...................... 4 2.1.2................ 6............................... 6................ 6 2.2................................ 7 2.2.1...................... 8............................... 8 Diffie-Hellman........... 9....... 11 2.2.2................... 11................ 12..................... 13 3 14 3.1................................ 14 3.2................................ 14 iii
3.2.1............................ 15............................... 15............................ 16 3.2.2.......................... 17......... 17 4 19 4.1............................. 19 4.2.............................. 19 4.3...................................... 20 5 22 23 24 iv
2.1 Diffie-Hellman.......................... 5 2.2...................... 7 2.3 Diffie-Hellman............... 10 2.4........... 12 3.1.................................... 16 3.2............. 18 v
4.1............................... 20 vi
1 1.1,,,,,,,,.,.., Diffie-Hellman,.,,.,,. 1.2,,. 2, Diffie-Hellman,. 3,., 1
1.2. 4,.,,. 2
2,.,,., DES[1], AES[2], FEAL[3].,,..,, Diffie-Hellman [4],,.,. 2.1, Diffie-Hellman.,. 2.1.1 Diffie-Hellman Diffie-Hellman, B.W.Diffie M.E.Hellman. Diffi-Hellman,, 3
2.1. Diffie-Hellman. Alice,. Bob,. Eve,. P. G P. a, b. G a modp Alice. G b modp Bob. K. Diffie-Hellman Diffie-Hellman, Alice Bob,. 2.1, Diffie-Hellman,., P, G Eve,, Alice, Bob,. 1. Alice a. 2. Bob b. 3. Alice a, P, G G a modp. 4. Bob b, P, G G b modp. 5. Alice, Bob G a modp. 4
2.1 2.1 Diffie-Hellman 6. Bob, Alice G b modp. 7. Alice, G b modp a K. 8. Bob, G a modp b K. Eve P, G, G a modp, G b modp 4. Eve K, a b., Eve a, b.., Eve K., Diffie-Hellman (DH)., Alice Bob Eve K. 5
2.1 2.1.2 B.W.Diffie M.E.Hellman, RSA[5],.,.,.,,.. Alice,. Bob,. Eve,. P K B Bob. SK B Bob. K. P E [X] (Y ), X Y. P D [X] (Y ), X Y., Alice, Bob,. 2.2,. 1. Bob P K B SK B. 2. Bob, Alice P K B. 6
2.2 2.2 3. Alice K. 4. Alice P K B K α, Bob. 5. Bob, α, SK B, K. P K B α,, Eve 2., Eve P K B SK B, α., P K B α K., Alice Bob, Eve K. 2.2 Diffie-HEllman,.,, 7
2.2.,. 2.2.1 Diffie-Hellman, (Manin-the-middle Attacks).,.,., Diffie-Hellman,. Diffie-Hellman. Alice,. Bob,. Mallory,. P. G P. a, b, x, y. G a modp Alice. G b modp Bob. G x modp Mallory Bob. G y modp Mallory Alice. P K B Bob. SK B Bob. P K M Mallory. 8
2.2 SK M Mallory. K. P E [X] (Y ), X Y. P D [X] (Y ), X Y. Diffie-Hellman Diffie-Hellman, Mallory, Alice Bob,. 2.3, Diffie-Hellman., 2.1.1, P, G Alice, Bob, Mallory. 1. Alice a. 2. Bob b. 3. Mallory x, y. 4. Alice a, P, G G a modp. 5. Bob b, P, G G b modp. 6. Mallory x, P, G G x modp. 7. Mallory y, P, G G y modp. 8. Alice, Bob G a modp. 9. Mallory G a modp G x modp. 10. Bob, Alice G b modp. 11. Mallory G b modp G y modp. 12. Alice, G y modp a, K1. 13. Bob, G x modp b, K2. 14. Mallory, G a modp y, K1. 9
2.2 15. Mallory, G b modp x, K2. Alice Bob, Alice K1. Mallory,, K1, Alice Bob., Mallory, K2, Bob. Bob K2. Bob Alice, Mallory., Alice Bob,,., Mallory, Alice Bob,. 2.3 Diffie-Hellman 10
2.2, Mallory, Bob,. 2.4n,. 1. Bob P K B SK B. 2. Mallory P K M SK M. 3. Bob, Alice P K B. 4. Mallory P K B P K M. 5. Alice K. 6. Alice, P K M K α, Bob. 7. Mallory,, α SK M, K. 8. Mallory, K P K B β, Bob. 9. Bob, β, SK B, K., Alice Bob, Bob P K B., Mallory Alice Bob, K,. 2.2.2 Diffi-Hellman,, (PKI).,, 11
2.2 2.4., ISO ISO 97988-3[6], IEEE Menezes-Qu-Vanstone (MQV) [7], MQV HMQV [8].,,.,. 2.,,.,., 1 12
2.2 2 12,600 [9]., 1 1 85,050 [10].,., LAN. 13
3, Diffie-Hellman. 3.1 Diffie-Hellman,,,,,.,,, Diffie-Hellman,,.,,.,,. 3.2, 2.,.., 14
3.2.,,.,. 3.2.1,.. Alice, A. Bob, B. Eve,. P,. G, P. a1, ai, an, b1, bi, bn. Na Alice. Nb Bob. G a1 modp, G an modp Alice. G ai modp Alice. Pa Alice. G b1 modp, G bn modp Bob. G bi modp Bob. Pb Bob. K. 15
3.2 3.1,., Diffie-Hellman, P, G. 3.1 1. Alice n, Na. 2. Bob n, Nb. 3. Alice Na, P, G Na Pa. 4. Bob Nb, P, G Nb Pb. 5. Alice, Bob Pa. 6. Bob, Alice Pb. 7.. 8.,. 16
3.2 9. Alice, Pb GbimodP. 10. Bob, Pa GaimodP. 11. Alice, G bi modp ai K. 12. Bob, G ai modp bi K. Eve P, G,Pa,Pb 4., Diffie-Hellman DH, Eve K. 3.2.2.,,.,.,,.,.,,,,. 3.2,. Apple iphone 3GS. 3.2,.,, 17
3.2 3.2,. 3.2,,,., OK,.,,. 18
4,., 2,. 4.1 Diffie-Hellman,,.,,,. N, N 2. 4.2,, 3, 4.1.,,.,.,,,.,, 19
4.3 4.1 PKI.,,. 4.3, Diffie-Hellman,.,, N 2.,,.,,.,,,.,,.,.,,,.,,. 20
4.3,,,.,.,. SAS-2, [11].. 21
5,., Diffie-Hellman,,,,.,, Diffie-Hellman,.,.,,. 22
,,. 23
[1] U.S Dept. of Commerce, Data Encryption Standard (DES), FIPS Publication 46-3, 1999. [2] National Institute of Standards and Technology, Announcling the Advanced Encryption Standard (AES), FIPS Publication 197, 2001. [3],, FEAL,, Vol.J70-D, No.7, pp1413-1423, 1987. [4] W.Diffie, and M.E.Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol.it-22, No.6, pp.644-654, Nov, 1976. [5] R.Rivest, A.Shamir, and L.Adleman, A method for obtaining digital signatures and public-key cryptosystems. Commun.of the ACM, Vol.21, No.2, pp.120-126. [6] ISO/IEC IS 9798-3, Entity authentication mechanisms - Part 3: Entity authentication using asymmetric techniques, 1993. [7] L.Law, A.Menezes, M.Qu, J.Solinas, and S.Vanstone, An efficient protocol for authenticated key agreement, Des.Codes Cryptogr., vol.28, no.pp.119-134,2003. [8] H.Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol, Advances in Cryptology, CRYPTO 2005, LNCS 3621, pp2005, http://eprint.iacr.org/2005/176 [9] 2 ID / Verisign / /, http://www.hitachijoho.com/solution/shield/verisign/class2.html, 2011.2.12 [10], https://www.verisign.co.jp/ssl/chart detail.html, 2011.2.12 24
[11] T.Tsuji, and A.Shimizu, Simple nad secure password authentication protocol, ver.2 (SAS-2), IEICE Technical Reports, OIS2002-30, 2002. 25