Key distribution is an important problem in wireless sensor networks where sensor nodesare randomly scattered in adversarial environments.Due to the random deployment of sensors, a list of keys must be pre-distributed to each sensor node before deployment. To establish a secure communication, two nodes must share common key from their key-rings. Otherwise, they can find a key- path in which ens...

Due to its efficiency, symmetric key cryptography is very attractive in sensor networks. A number of key predistribution schemes have been proposed, but the scalability is often constrained by the unavailability of topology information before deployment and the limited storage budget within sensors. Recently, three in-situ key establishment schemes, SBK [13], LKE [14] and iPAK [15], have been p...

Especially for key establishment protocols to be used in internet applications, the (privacy) concern of deniability arises: Can a protocol transcript be used—possibly by a participant—to prove the involvement of another party in the protocol? For two party key establishment protocols, a common technique for achieving deniability is the replacement of signature-based message authentication with...

In 1991, Damgård proposed a simple public-key cryptosystem that he proved CCA1-secure under the Diffie-Hellman Knowledge assumption. Only in 2006, Gjøsteen proved its CCA1-security under a more standard but still new and strong assumption. The known CCA2-secure public-key cryptosystems are considerably more complicated. We propose a hybrid variant of Damgård’s public-key cryptosystem and show t...

We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party A to compute a common shared key with another party B from B’s public key and A’s secret key alone. This computation requires no interaction between A and B, a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively. Our first contr...

We provide a framework enabling the construction of IBE schemes that are secure under related-key attacks (RKAs). Specific instantiations of the framework yield RKA-secure IBE schemes for sets of related key derivation functions that are non-linear, thus overcoming a current barrier in RKA security. In particular, we obtain IBE schemes that are RKA secure for sets consisting of all affine funct...

We introduce a new lightweight generic compiler that is able to transform any passively forward secure twomessage key exchange (KE) protocols into authenticated key exchange (AKE) protocols with security in the presence of active adversaries who can reveal critical session specific information such as long-term or ephemeral secrets and can establish malicious parties. The compiler is built base...

Symmetric encryption, also referred to as conventional encryption or single key encryption was the only type of encryption in use prior to the development of public-key encryption in 1976. The symmetric encryption scheme has five ingredients (see Figure 1): 1. Plaintext: This is the original intelligible message or data that is fed to the algorithm as input. 2. Encryption algorithm: The encrypt...

Securely sharing the same secret key among multiple parties is the main concern in symmetric cryptography that is the workhorse of modern cryptography due to its simplicity and fast speed. Typically asymmetric cryptography is used to set up a shared secret between parties, after which the switch to symmetric cryptography can be made. In this paper, we introduce a novel key exchange protocol bas...

Wireless sensor networks based on highly resource-constrained devices require symmetric cryptography in order to make them secure. Integral to this is the exchange of unique symmetric keys between two devices. In this dissertation, we propose three novel decentralized key distribution schemes that guarantee the confidentiality of a key exchange even if an attacker has compromised some of the de...