Identity-based encryption is a very convenient tool to avoid key management. Recipient-privacy is also a major concern nowadays. To combine both, anonymous identity-based encryption has been proposed. This paper extends this notion to stronger adversaries (the authority itself). We discuss this new notion, together with a new kind of non-malleability with respect to the identity, for several ex...

Password-based key-server protocols are susceptible to password chaining attacks, in which an enemy uses knowledge of a user's current password to learn all future passwords. As a result, the exposure of a single password eeectively compromises all future communications by that user. The same protocols also tend to be vulnerable to dictionary attacks against user passwords. Bellovin and Merritt...

Transversal Design is a well known combinatorial design that has been used in deterministic key predistribution scheme. Merging of blocks in a design sometimes helps to obtain a key predistribution scheme with better performance. A deterministic merging strategy to merge the blocks has been discussed. Also, a simple key establishment method for transversal design based key predistribution schem...

We provide implementation details for non-associative key establishment protocols. In particular, we describe the implementation of non-associative key establishment protocols for all left self-distributive and all mutually left distributive systems.

Secure group communication is an increasingly popular research area having received much attention in the last several years. The fundamental challenge revolves around secure and efficient group key management. While centralized methods are often appropriate for key distribution in large groups, many collaborative group settings require distributed key agreement techniques. This work investigat...

Secure group protocols are not easy to design: this paper will show new attacks found against a protocol suite for sharing key. The method we propose to analyse these protocols is very systematic, and can be applied to numerous protocols of this type. The A-GDH.2 protocols suite analysed throughout this paper is part of the Cliques suites that propose extensions of the Diffie-Hellman key exchan...

In this work, we re-examine some fundamental group key-exchange and identity-based keyexchange protocols, specifically the Burmester-Desmedet group key-exchange protocol [7] (referred to as the BD-protocol) and the Chen-Kudla identity-based key-exchange protocol [9] (referred to as the CK-protocol). We identify some new attacks on these protocols, showing in particular that these protocols are ...

We survey the set of all prior two-party certificateless key agreement protocols available in the literature at the time of this work. We find that all of the protocols exhibit vulnerabilities of varying severity, ranging from lack of resistance to leakage of ephemeral keys up to (in one case) a man-in-the-middle attack. Many of the protocols admit keycompromise impersonation attacks despite cl...

Secure communication over the Internet becomes an essential requirement for any value-added Internet application. The use of cryptography for secure communication brings out the requirement of cryptographic key management. This paper examines some security issues on the Internet Key Exchange (IKE) protocol specified in RFC 2409. The investigation is intended for clarifying some specification am...

In group key exchange (GKE) protocols users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets, in addition to the possibly used long-lived keys. Undoubtedly, security impact of strong corruptions is serious, and thus specifying appropriate secur...