GB2407236A

GB2407236A - Diffie-Hellman exchange of a session key

Info

Publication number: GB2407236A
Application number: GB0324356A
Authority: GB
Inventors: Chan Yeob Yeun; Georgios Kalogridis; Gary Clemo
Original assignee: Toshiba Research Europe Ltd
Current assignee: Toshiba Europe Ltd
Priority date: 2003-10-17
Filing date: 2003-10-17
Publication date: 2005-04-20
Anticipated expiration: 2023-10-17
Also published as: GB2407236B; GB0324356D0

Abstract

A secret session key is exchanged via the Diffie-Hellman key exchange protocol. This is done by generating a first initialisation value, generating first data that includes data based on the first initialisation value, and digitally signing at least a portion of the first data using a private key to form first signed data; then sending the first data, and receiving second data, the second data including data based on a second initialisation value, wherein at least a portion of the second data includes second signed data that has been digitally signed using a private key. The second signed data is verified using a public key corresponding to the private key, to extract the second initialisation value, and to generate a shared session key using a Diffie-Hellman algorithm. Timestamps, sequence numbers, identification data and hash functions may also be used. An embodiment is a secure voting procedure.

Description

METHODS AND APPARATUS FOR SECURE DATA COMMUNICATION LINKS

This invention generally relates to methods, apparatus and computer program code for establishing secure communication links where deniable authentication is required.

As electronic communications become ever more a part of everyday life, issues of secure data transmission are becoming increasingly important. Broadly speaking at present two basic cryptographic techniques, symmetric and asyrnrnetric, are employed, to provide secure data transmission for example for software download. Symmetric cryptography uses a common secret key for both encryption and decryption, along traditional lines. The data is protected by restricting access to this secret key and by key management techniques, for example, using a different key for each transmission or for a small group of data transmissions. A well-known example of symmetric cryptography is the US Data Encryption Standard (DES) algorithm (FIPS-46, FIPS-47-1, FIPS-74, FIPS-8 1 of the US National Bureau Standards). A variant of this is triple DES (3DES) in which three keys are used in succession to provide additional security. Other examples of symmetric cryptographic algorithms are RC4 from RSA Data Security, Inc and the International Data Encryption Algorithm (IDEA).

Asymmetric or so-called public key cryptography uses a pair of keys one "private" and one "public" (although in practice distribution of the public key is also often restricted).

A message encrypted with the public key can only be decrypted with the private key, and vice-versa. An individual can thus encrypt data using the private key for decryption by any one with the corresponding public key and, similarly, anyone with the public key can securely send data to the individual by encrypting it with the public key safe in the knowledge that only the private key can be used to decrypt the data.

Asymmetric cryptographic systems are generally used within an infrastructure known as Public Key Infrastructure (PKI) which provides key management functions.

Asymmetric cryptography can also be used to digitally sign messages by encrypting either the message or a message digest, using the private key. Providing the recipient has the original message they can compute the same digest and thus authenticate the signature by decrypting the message digest. A message digest is derived from the original message and is generally shorter than the original message making it difficult to compute the original message from the digest; a so-called hash function may be used to generate a message digest.

A Public Key Infrastructure normally includes provision for digital identity Certificates.

To prevent an individual posing as somebody else an individual may prove his identity to a certification authority which then issues a certificate signed using the authority's private key and including the public key of the individual. The Certification Authority's public key is widely known and therefore trusted and since the certificate could only have been encrypted using the authority's private key, the public key of the individual is verified by the certificate. Within the context of a mobile phone network a user or the network operator can authenticate their identity by signing a message with their private key; likewise a public key can be used to verify an identity. Further details of PKI for wireless applications can be found in WPKI, WAP-217-WPKI, version 24 - April 2001 available at www.wapforum.ore and in the X.509 specifications (PKIX) which can be found at www.ietf.org, all hereby incorporated by reference.

In the context of 3G mobile phone systems standards for secure data transmission have yet to be determined and discussions are currently taking place in the MExE forum (Mohle Execution Environment Forum) at wavy mcxclorum.org. Reference may also be made to ISO/lEC 1170-3, "Information Technology - Security Techniques - Key Management - Part 3: Mechanism Using Asymmetric Techniques", DIS 1996.

Asymmetric cryptography was first publicly disclosed by Diffie and Hellman in 1976 (W. Diffie and D.E. Helhnan, "New directions in cryptography', IEEE Transactions on Information Theory, 22 (1976), 644-654) and a number of asymmetric cryptographic techniques are now in the public domain of which the best known is the RSA (Rives", Shamir and Adleman) algorithm (ILL. Rivest, A. Shamir and L.M. Adleman, "A method for obtaining digital signatures and public-key cryptosystems", Communications ofthe ACM, 21 (1978), 120-126). Other more recent algorithms including elliptic curve crypto systems (see, for example, X9.63, "Public key cryptography for the financial services industry: Key agreement and key transport using elliptic curve cryptography", Draft ANSI X9F1, October (1999)). The abovementioned X.509 ITU (International Telecommunications Union) standard is commonly used for public key certificates. In this a certificate comprising a unique identifier for a key issuer, together with the public key (and normally information about the algorithm and certification authority) is included a directory, that is a public repository of certificates for use by individuals and organizations.

The symmetric and asymmetric cryptographic techniques outlined above each have advantages and disadvantages. Asymmetric approaches are less resource-efficient, requiring complex calculations and relatively longer key lengths than symmetric approaches to achieve a corresponding level of security. A symmetric approach, however, requires storage of secret keys within the terminal and does not provide non- repudiation or anonymous software download. The present invention combines both these approaches, broadly speaking using public key techniques to transfer a secret session key. A symmetric session may then be established using this key, for example to download software securely. After software download this key may be stored in a repository in the mobile terminal for non-repudiation purposes or discarded once the software or other data download is complete. This technique supports a hierarchical infrastructure for key management such as X.509 or WPKI, the ability to broadcast to multiple mobile tenninals, the ability to anonymously download software to mobile terminals (adopting asymmetric techniques) and faster software download by mobile terminals after establishing a symmetric session (using symmetric techniques).

Authentication is the term given to any process through which one proves and verifies certain information. For example, a recipient of a document may want to verify the origin of a document and the identity of the sender. A digital signature of a document is a cryptographic means through which many of these may be verified. A digital signature typically comprises a piece of information based on both the document itself and a private key of the signer. Digital signatures can be used to authenticate the origin of a document in a way that is analogous to an individual signing a letter with a hand written signature unique to the individual.

One property of authentication that was traditionally not considered to be important, but is becoming increasingly relevant, is the issue of deniability. This is a privacy property that ensures that the participants in a particular protocol exchange can later deny they took part in this particular protocol exchange. For example, using a deniable authentication protocol, a recipient of a document would be able to authenticate that the document was sent by a particular sender, but would not be able to prove to a third party that the document came from the particular sender as both participants can deny they took part in the exchange.

Deniable authentication has two important characteristics. First it enables a receiver of a given message to identify the source of the message in the same manner as a conventional authentication protocol. Secondly, and more importantly, it provides that a receiver cannot prove the source of the message to a third party. Hence the sender and the receiver can deny that they ever took part in the protocol exchange.

Deniable authentication protocols could have applications in many situations. An example of a potential use of a deniable authentication protocol would be in including electronic voting systems. In such systems, for example in Government elections, a voter will want to securely place their vote. However, it is extremely important that the content of their vote cannot be traced hack to them. IJence, any protocol exchange between a voter and an electronic system should be deniable.

Another example of an application for a deniable authentication protocol is in electronic commerce. A user may wish to buy certain items from an electronic retailer, but may not want the retailer to be able to show that the user made the transaction to a third party. For example, this would be important if the user wished to buy items that had a social stigma attached to them. s

Example of deniable authentication protocols are disclosed by Deng, X., Lee, C.H., and Zhe, H. in 'Deniable authentication protocols' IKE Proc, Comput. Digit. Tech., 2001, 148, (2), pp. 101-104. A further example is disclosed by Dwork, C, Naor, M., and Sahai, A. in 'Concurrent zero-knowledge' Proc. 30th ACM STOC'98, Dallas, TX, USA, 1998, pp. 409-418. A still further example is disclosed in Aumann, Y., and Rabin, M. in Efficient deniable authentication of long Messages'. Int. Conf. on Theoretical Computer Science in honour of Professor Manuel Blum's 60th birthday, 1998.

In order to use a deniable authentication protocol, it is first necessary for the sender and receiver to negotiate a secure communications channel. Many authentication protocols use methods of negotiating a secure communications channel that are based on the well known Diffie-Hellman key exchange protocol, mentioned above.

The Diffie-Hellman key exchange protocol allows two users to exchange a secret key k over an insecure medium, without the two users sharing any prior secrets. This protocol uses two parameters n and g, which are both public and may be used by all the users in a system. Parameter n is a prime number, and parameter g (usually termed the "generator") is an integer less than n, with the following property: for every number int between 1 and n- 1 inclusive, there is a power k of g such that int = gk mod n.

If two users desire to agree a shared secret key k using the DiffieHellman key agreement protocol, the first user generates a random number a, and the second user generates a random number b. Both a and b are drawn from the set of integers I, ..., n - 2}. The numbers a and b serve as the private values for the first and second users.

Both users then derive public values using the shared public parameters n and g and their private values. Using the Diffie-Hellman key exchange protocol the first user's public value is: 8a mod n The second user's public value is: gb mod n Both users then exchange their public values, and in order to derive a secret session key k, the first user computes: gab (mod n) = (gb mod n)a mod n The second user then computes: gba (mod n) = (8a mod n)b mod n As gab (mod n) = gba (mod n) = k, the first and second users now have a shared secret key k.

The Diffie-Hellman key exchange protocol is recognised as being dependent on the discrete logarithm problem for its security. It is assumed that, when the prime n is sufficiently large, it is computationally infeasible to calculate the shared secret key k = gab mod n given the two public values ga mod n and gb mod n.

However, the Diffie-Hellman key exchange protocol does not authenticate the participants, and it is therefore susceptible to man-in-the-middle attacks. Fan et al. disclosed a deniable authentication protocol, in which a receiver cannot prove the source of a message to a third party in 'Deniable authentication protocol based on Diffie-Hellman algorithm', IKE Electronics Letters, 2002, 38, (14), pp. 705-706. This protocol is based on the Diffie-Hellman key exchange protocol discussed above. The Fan protocol does not require a trusted third party, and it is argued in their paper that the protocol can resist man-in-the-middle attacks, thus overcoming the problems associated with the conventional Diffie-Hellman key exchange protocol. However, it has been discovered by the applicant that the Fan protocol is vulnerable to a spoofing attack.

The Fan protocol will now be discussed in detail with reference to Figure 1, in which the two participants in an example protocol exchange are shown. The participants in this example exchange are a sender S. a receiver R. In the Fan protocol, certificates are disclosed as being used to defeat a man-in-the-middle attacks. Every sender S has a certificate issued by the certification authority (CA). The certificate contains the public key Kp,,b of the sender S. and the signature of CA for this certificate. The receiver can obtain the public key Kp,,b of the sender S and verify it. The private key KprV of the sender S is kept secret, and is also issued by the CA. In the exchange, the sender S and the receiver R use two parameters g and n, as does the original Diffie-Hellman key exchange protocol. It is not disclosed in the Fan paper, but for the protocol to work g is not just any prime but g is a primitive element of Z., and n is prime.

The process of the Fan protocol is as follows: At step Fl, the sender S chooses a random large integer x and computes: X = gx mod n {Equation I} X'= EKP,, (X) {Equation 2} where: EK IS an encryption function based on S's private key Kprv for digital signing issued by the CA; and g and M are the public numbers of a Diffie-Hellman algorithm.

The sender S then sends the value X' to the receiver R. At step F2, R chooses a random large integer y and computes: Y = g " mod n {Equation 3} The receiver R then sends the value Y to the sender S. At step F3, R decrypts X' and obtains: X = EK h (X) {Equation 4} Although not disclosed in the Fan paper, Equation 4 will not hold for every possible case. R can decrypt X' and gets X if and only if the function EK h has a facility to recover the message. That is to say that the digital signing function and the corresponding verification function are reversible, i.e. for a message L and a signature Q under a private keyj: If EI{L) = Q. then Eh(Q) =L; where h is a public key corresponding to private keyj.

Further information on digital signature schemes with message recovery can be found in ISO/IEC 9796:1991: 'Information technology - Security techniques - Digital signature scheme giving message recovery', International Organisation for Standardisation, Geneva, Switzerland. Further information still is disclosed by Nyberg, K., and Rueppel, R. in 'A new signature scheme based on the DSA giving message recovery', Is' ACM Conference on Computer and Communications Security, 1993, pp. 58-61 If it is assumed under the Fan protocol that the function EK b has a facility for a digital signature with message recovery, then the receiver R computes: k = X ' mod n {Equation 5} where: k is a session key.

At step F4, S computes: k'= ye mod n {Equation 6} It is stated in the Fan paper that k = go, = k'. Therefore the sender S and the receiver R now share a session key k.

The Fan paper discloses that, if the sender S wishes to send a message M to the recipient R. the sender S will send the recipient R both the message M and a message digest D, where: D = H(k, M) {Equation 7} where: H is a collision free hash function. Further information on collision free hash functions is disclosed by Schneier, B. in 'Applied cryptography: protocols, algorithms and source code in C' (John Wiley and Sons Inc., 1996).

At step F6, the recipient R receives the message M and the message digest D. The recipient R then uses the shared key k and the hash function H to compute: 1 1 D' = H(k, M) {Equation 8} R then compares D to D ', and if D = D ', R accepts the message M. In all other situations, the Fan paper discloses that R rejects the message.

The Fan paper argues that as the valueXis digitally signed with EK in step Fl (i.e. with the private key ol talc sender S), a third party Cabot obtains a shared session key k with the sender S. because the third party cannot obtain the sender's private key.

However, a problem with the Fan protocol is that it is still vulnerable to a man-in-the- middle attack, as will be shown below.

Consider the flow diagram shown in Figure 2, using the Fan protocol. This flow diagram shows the steps involved with an exchange which has three participants. The participants in this example exchange are a sender S. a receiver R. and an intruder INQ.

INQ sits on the link between the sender S and the receiver R. and intercepts the traffic between them and is capable of injecting a message of his own. It will be shown below that the Fan protocol is vulnerable, as the intruder INQ could launch a spoofing attack by sitting on the link between the sender S and the recipient R. As for the exchange discussed in relation to Figure 1, at step Fl 1, the sender S chooses a random large integer x and computes: X = gx mod n {Equation 1} X'= EKP,, (X) {Equation 2} where the parameters are the same as those discussed above with relation to step Fl of Figure 1.

The sender S then sends the value X' to the receiver R. as discussed above.

However, consider a situation when INQ intercepts the value X', and the receiver R never receives X'. Then, as will be shown below, the intruder INQ is free to launch a spoofing attack.

At step F12, to start the spoofing attack, the intruder INQ chooses a random large integer i and sends to the sender S the value Z. where: = g' mod'' {Equation 9} i.e. the intruder INQ sends bogus data to the sender S. that the sender will assume is being sent from the receiver R. At step Fly, the intruder INQ verifies X' using the public key Kpub of the sender S. and obtains: X = EK h (X) {Equation 4} The intruder is free to do this, because the value X was digitally signed with the private key of the sender S. Therefore, the intruder INQ can verify X' using the public key KpUb that corresponds to the private key of the sender S to obtain the value X. It should be noted that for the purposes of this description, "verification" will be used to refer to the process of using an asymmetric encryption key to obtain the value of data that has been digitally signed with a corresponding asymmetric encryption key.

The intruder INQ then computes: k = X' mod n {Equation 10} At step F14, the sender S computes: k'= Zx mod n {Equation I 1) it, As for the exchange disclosed in the Fan paper discussed in relation to Figure 1, it will apparent to the skilled addressee that k = gX, = k'. Therefore, the sender S and the intruder INQ have established a shared session key k.

On the basis of the above exchange, the sender S will assume that the communication has been with the intctlctl rcccivcr R. and not the intrutlcr INN I lets is bccausc, the sender S will not have any reason to consider that a spoofing attack has taken place.

From the point of view of the sender S. the exchange has progressed normally, and thus the sender S will assume that it has sent data to the receiver R. and received data back from the receiver R. Therefore, in this situation the steps F5 and F6 discussed in relation to Figure 1 can pass without the sender S knowing that a spoofing attack has taken place. The sender S could send the intruder a message M and the message digest D, and the intruder INQ could compute D' and verify that D = D '. Therefore, the intruder is free to obtain the message M that the sender S wished to securely send to the receiver R. As discussed, the sender S will not be aware that the spoofing attack has taken place, and will thus share any secret information with the intruder INQ, that it would have shared with the receiver R. It follows that the applicant has discovered that the Fan protocol is not secure, and that the Fan protocol is not suitable for applications that require a deniable authentication protocol, as it does not properly authenticate both participants.

On the basis of the above, and contrary to the arguments of the Fan paper, it has been shown that the Fan protocol is vulnerable to a spoofing attack due to the nature of the protocol. This is because the sender S and the recipient R are not authenticated properly.

At step F2 of the Fan protocol, the recipient R sends the Y to the sender S without signing back. Therefore, if the value X is intercepted by an intruder, the intruder can send data to the sender S. and as the sender S will have no way of authenticating the data. Thus, the sender S will assume the data was sent from the receiver R and then go on to complete the protocol exchange. Therefore, the Fan paper does not disclose a secure protocol.

It is an aim of the present invention to provide deniable authentication protocol that obviates the above problems. It is a further aim of the invention to provide a deniable authentication that is immune to a spoofing attack that consists of the digital signature with message recovery and digital signature without message recovery case.

According to a first aspect of the present invention there is provided a method of establishing a shared key between a first data processing system and a second data processing, the method comprising: at said first data processing system, generating a positive integer x and then generating a first initialization value gXmod n, where n is a prime number and g is generator for a Diffie-Hellman key exchange protocol and x is less than n-l; at said first data processing system, generating first transmission data that includes data based on said first initialization value, and digitally signing at least a portion of said first transmission data using a private key of said first data processing system to form first signed data; at said second data processing system, generating a positive integer y and then generating a second initialization value gYmod n, where y is less than n-l; at said second data processing system, generating second transmission data that includes data based on said second initialization value, and digitally signing at least a portion of said second transmission data using a private key of said second data processing system to form second signed data; receiving at said second data processing system said first transmission data, verifying said first signed data using a public key corresponding to the private key of said first data processing system, and extracting said first initialization value from said first transmission data; receiving at said first data processing system said second transmission data, and verifying said second signed data using a public key corresponding to the private key of said second data processing system, and extracting said second initialization value from said second transmission data; and generating at both said first and said second data processing systems a shared session key by calculating at both said first and said second data processing systems a value equal to gxy mod p using a Diffie-Hellman algorithm.

Such a method provides proper authentication for both parties involved in the protocol exchange. Therefore the method is not vulnerable to a spoofing attack. This is because the private keys of both the first and second data processing systems are kept secret.

Therefore, using such a method, it is not possible for a third party to communicate with either the first data processing system or the second data processing system and be able to fool either the first data processing system or the second data processing system into thinking that they are communicating with the other of the first or second data processing systems and not the third party.

Said first signed data may include the data based on said first initialization value.

The first signed data may further comprise time stamp data, and the method may further comprise: at said second data processing system, after verifying said first signed data, checking the time stamp data to see if the first signed data was sent within a predetermined time, and determining the validity of if the first signed data by establishing if the first signed data was sent within the predetermined time. The first signed data may further comprise a sequence number, and the method may further comprise: at said second data processing system, after verifying said first signed data, checking the sequence number to see if the first signed data was sent within a predetermined number in a sequence known to said second data processing system, and determining the validity of if the first signed data by establishing if the first signed data was sent within the predetermined number in the sequence.

Both time stamp data and sequence numbers are freshness data and if present prevent replay attacks. If the transmission was not sent within the predetermined time or within a predetermined number in the sequence the transmission data will be rejected.

The first signed data may further comprise identification data that is uniquely associated with the second data processing system, and the method may further compnse: at said second data processing system, after verifying said first signed data, checking whether the identification data correctly identifies said second data processing system, and determining the validity of if the first signed data by establishing if the identification data correctly identifies said second data processing system.

The inclusion of identification data is advantageous, as it prevents the transmission data from being accepted as being genuine by anyone other than the intended recipient.

The first initialization value may be recoverable from the first signed data by verifying the first signed data using the public key corresponding to the private key of said first data processing system. This would be the case if digital signing schemes with message recovery were used.

The portion of said first transmission data that is digitally signed may not be recoverable from the first signed data by verifying the first signed data using the public key corresponding to the private key of said first data processing system, and the first transmission data may include first unsigned data which includes the data based on said first initialization value. This would be the case if digital signing schemes without message recovery were used.

The first unsigned data may further comprise time stamp data, and the method may further comprise: at said second data processing system, after verifying said first signed data, checking the time stamp data to see if the first transmission data was sent within a predetermined time, and determining the validity of if the first transmission data by establishing if the first transmission data was sent within the predetermined time.

The first unsigned data may further comprise a sequence number, and the method may further comprise: at said second data processing system, after verifying said first signed data, checking the sequence number to see if the first transmission data was sent within a predetermined number in a sequence known to both said first and second data processing systems, and determining the validity of if the first transmission data by establishing if the first transmission data was sent within the predetermined number in the sequence.

The first unsigned data may further comprise identification data that is uniquely associated with the second data processing system, and the method may further comprise: at said second data processing system, after verifying said first signed data, checking whether the identification data correctly identifies said second data processing system, and determining the validity of if the first transmission data by establishing if the identification data correctly identifies said second data processing system.

The method may comprise, at said first data processing system, retrieving the public key ofthe second data processing system from a third data processing system.

According to a second aspect of the invention, there is provided a methodof deniably sending a message after establishing a shared key using a method according to the first aspect of the invention, the method further comprising: at said first data processing system, generating a message to be sent to the second data processing system, operating on said message and the shared key obtained by the first data processing system with a hash function to obtain a message digest, and sending said message and said message digest to the second data processing system; at said second data processing system, receiving said message and said message digest, operating on said message and the shared key obtained by the second data processing system with the hash function to obtain a message digest check value; and at said second data processing system, accepting the message if said message digest matches said message digest check value.

The method authenticates both parties and is deniable. Carrying out the method is deniable, as after negotiating a shared key with the first data processing system, the second data processing system construct a new message, which is different from the message received from the first data processing system, but capable of being hashed with the shared key to form the same message digest as that received from the first data processing system. Therefore, the second data processing system a cannot prove the source of the message received by the first data processing system to a third party. This is because, the second data processing system can simulate the authenticated message of the first data processing system, and both the first and second data processing systems can assert that the shared session key can be simulated by anyone.

According to a third aspect of the invention, there is provided a method of sending a message after establishing a shared key using a method according to the first aspect is provided comprising: at said first data processing system, generating a message to be sent to the second data processing system, encrypting said message using the shared key to form an encrypted message, and sending said encrypted message to said second data processing system, wherein said encrypting comprises using a symmetric cryptography algorithm; and said second data processing system, receiving said encrypted message and decrypting sending said encrypted message using the shared key; and said decrypting comprises using the symmetric cryptography algorithm.

According to a fourth aspect of the invention, there is provided a method of a first data processing system authenticating received data from a second data processing system, comprising using a method according to the first aspect of the invention, and determining the validity of the first transmission data.

According to a fifth aspect of the invention, there is provided a data processing apparatus comprising: memory for storing a prime number, n, and generator, g, for a Diffie-Hellman key exchange protocol; a processor adapted to generate a positive integer x less than n-l, generate a first initialization value gXmod n, generate first transmission data that includes data based on said first initialization value, digitally sign at least a portion of said first transmission data using a private key of the data processing system to form a first signed data; a communications interface adapted to send said first transmission data, and adapted to receive second transmission data from a second data processing system, said second transmission data including data based a second initialization value gYmod n, wherein at least a portion of the said second transmission data includes second signed data that has been digitally signed using a private key of said second data processing system; wherein the processor is further adapted to verify said second signed data using a public key corresponding to the private key of said second data processing system, to extract said second initialization value; and to generate a shared session key by calculating a value equal to gxy mod p using a Diffie-Hellman algorithm.

Said first signed data may include the data based on said first initialization value. Said first signed data may further comprise at least one of a time stamp data, a sequence number, and identification data that is uniquely associated with the second data processing system.

The processor may be adapted to digitally sign the portion of the transmission data using a digital signature function that does not allow message recovery to form the first signed data, wherein the first transmission data includes first unsigned data which includes the data based on said first initialization value.

The communications interface may be adapted to receive the public key corresponding to the private key of said second data processing system from a third data processing apparatus.

The processor may be further adapted to generate a message to be sent to the second data processing system, and to operate on said message and the shared key obtained by the first data processing system with a hash function to obtain a message digest; wherein the communications interface is adapted to send said message and said message digest to the second data processing system.

According to a sixth aspect of the invention, there is provided a communications system adapted to establish a shared key between data processing systems, the communications system comprising: a first data processing system adapted to generate a positive integer x and generating a first initialization value gXmod n, where n is a prime number and g is generator for a Diffie-Hellman key exchange protocol and x is less than pl; to generate first transmission data that includes data based on said first initialization value, digitally sign at least a portion of said first transmission data using a private key of said first data processing system to form first signed data; a second data processing system adapted to generate a positive integer y and generate a second initialization value gYmod n, where y is less than n-l, to generate second transmission data including data based on said second initialization value, digitally sign at least a portion of said second transmission data using a private key of said second data processing system to form second signed data, to receive said first transmission data, to verify said first signed data using a public key corresponding to the private key of said first data processing system, and to extract said first initiation value; wherein said first data processing system is further adapted to receive said second transmission data, to verify said second signed data using a public key corresponding to the private key of said second data processing system, and to extract said second initiation value; and wherein both said first and said second data processing systems are adapted to generate a shared session key by calculating a value equal to gxy mod p Using a Diffie-Hellman algoritllm.

The system may be further adapted to carry out the method of the first aspect of the invention.

The system may be further adapted to deniably send a message from a first data processing system to a second data processing system after establishing a shared key using a method according to the first aspect of the invention, wherein the first data processing system is further adapted to generate a message to be sent to the second data processing system, to operate on said message and the shared key obtained by the first data processing system with a hash function to obtain a message digest, and to send said message arid said message digest to the second data processing system; wherein the second data processing system is further adapted to receive said message and said message digest, and to operating on said message and the shared key obtained by the second data processing system with the hash function to obtain a message digest check value; wherein said second data processing system will only accept the message if said message digest matches said message digest check value.

The system may be further adapted to send a message from a first data processing system to a second data processing system after establishing a shared key using a method according to the first aspect of the invention, wherein the first data processing system is further adapted to generate a message to be sent to the second data processing system, encrypt said message using the shared key to form an encrypted message using a symmetric cryptography algorithm, and send said encrypted message to said second data processing system, and wherein said second data processing system, is adapted to receive said encrypted message and decrypt sending said encrypted message using the shared key using the symmetric cryptography algorithm.

The present invention can be implemented either in hardware or on software in a computer or other programmable data processing equipment. Further, the present invention can be implemented in a combination of hardware and software. The present invention can also be implemented by a single processing apparatus or a distributed network of processing apparatuses.

Since the present invention can be implemented by software, the present invention encompasses computer code provided to a general purpose computer on any suitable carrier medium. The carrier medium can comprise any storage medium such as a floppy disk, a CD ROM, a magnetic device or a programmable memory device, or any transient medium such as any signal e.g. an electrical, optical or microwave signal.

Embodiments of the invention will now be described, by way of example, and with reference to the accompanying drawings in which: Figure 1 is a flow diagram of the exchange protocol between a sender and a receiver disclosed in the Fan paper; Figure 2 is a flow diagram showing the vulnerability of the exchange protocol of the Fan paper to a spoofing attack.

Figure 3 is a flow diagram of an exchange protocol according to a first embodiment of the present invention; Figure 4 is a flow diagram of an exchange protocol according to a second embodiment of the present invention; Figure 5 is a schematic diagram of a communications system according to a practical implementation of the first embodiment of the present invention; Figure 6 is a schematic diagram of a data processing system suitable for use as a sender or receiver in the communications system of Figure 5.

A deniable authentication protocol according to a first embodiment of the invention will be described with reference to Figure 3. Such a protocol is not vulnerable to a spoofing attack, and is appropriate for digital signing with message recovery.

At step S I, the sender S chooses a random large integer x and computes an initialization value X, where: X = gx mod n {Equation 12} where: g and n are the public numbers of a Diffie-Hellman algorithm.

The sender S then digitally signs transmission data that includes data based on the initialization value X to obtain a signed value X', where: X'=EKP,V5(TSINS IIRID IIX) {EqUatiOn 13} where: E,c s is a digital signature function with message recovery, based on S's private key Kp,S for digital signing; 1I denotes concatenation of data items. The sender S uses either a timestamp T5 or a sequence number N5, and R/D is an identifier to uniquely identify the intended recipient R. The sender S then sends the signed value X' to the receiver R. At step S2, the receiver R chooses a random large integer y and computes an initialization value Y. where y = g v mod n {Equation 14} l where: g and n are the public numbers of a Diffie-Hellman algorithm.

In contrast to the protocol exchange disclosed in the Fan paper, the receiver R then digitally signs transmission data that includes data based on the initialization value Y to obtain a signed value Y', where: y'=Et,,(TK/NR IIS,,, IIY) {Equation 15, where: EK is a digital signature function with message recovery, based on R's private key KP,,,R for digital signing; 11 denotes concatenation of data items. The sender S uses either a timestamp TR or a sequence number NR, and S/D is an identifier to uniquely identify the intended recipient of the signed message, which in this case is the sender S. The receiver R then sends the signed value Y'to the sender S. This contrasts to the Fan protocol, in which the receiver R sends the unsigned value Y to the sender S. As has been shown above, the step of sending of the unsigned value Y to the sender S renders the Fan protocol vulnerable to a spoofing attack.

The inclusion of identities RID and S/D in the signed string of steps S 1 and S2, respectively, is advantageous, as it prevents the data from being accepted as being genuine by anyone other than the intended recipient. If the receiver R receives data from in Step S I that had an identifier GID, i.e. not uniquely identifying the receiver R. the receiver R will know that the data was not meant for them, but for another party G. The receiver R will therefore not complete the protocol exchange once the signed data has been verif ed. The choice of using either a timestamp or a sequence number in the protocol depends on the technical capabilities of the sender S and the receiver R. and will be discussed in more detail later. Uniqueness or timeliness is controlled by generating and checking a timestamp or a sequence number.

At step S3, the receiver R verifies the signed data X' using the public key KpUbs of the sender, and obtains the initialization value X, the identifier RID, and the timestarnp TS or sequence number NS.

The receiver will then check the freshness of the signed data X'. When a time stamp TS is present, the receiver R will check the time stamp to see if the signed data was sent within a predetermined time. If the signed data X' was not sent within the predetermined time, the receiver R will reject the signed data X', and not participate further in the protocol.

When a sequence number Ns is present, the receiver R will check the sequence number to see if the signed data X' was sent within a predetermined number in the sequence. If the signed data X' was not sent within the predetermined sequence, the receiver R will reject X', and not participate further in the protocol.

A sequence number (serial number or counter value) serves as a unique number identifying a message. It will be appreciated that typically for stored files, sequence numbers may serve as version numbers for the file in question. Sequence numbers are specific to a particular pair of entities, and are explicitly or implicitly associated with both the sender and recipient of a message. It is noted that distinct sequences are customarily necessary for the sender and recipient of a message, and distinct sequences are customarily necessary for the messages from A to B and from B to A. When a sequence number, both the sender S and the receiver R follow a pre-defined policy for message numbering. At step S3, the signed data X' is accepted only if the sequence number NS there has not been used previously (or not used previously within a specific time period), and satisfies the agreed policy. The simplest policy is that a sequence number starts at zero, is incremented sequentially, and each successive data exchange is assigned a number one greater than the previous one received. A less restrictive policy is that sequence number be monotonically increasing; this allows for lost messages due to nonmalicious communications errors, but precludes detection of message lost due to adversarial intervention.

Although, this embodiment of the invention uses a time stamp or a sequence number, other embodiments could use both a time stamp and a sequence number in the signed data.

Hence, using freshness data as described above prevents replay attacks. A reply attack is when an intruder stores all the messages sent between two parties in a protocol exchange, and then later attempts to resend the messages from one party to the other in order to impersonate the first patty. However, it will be appreciated that the use of freshness data is not essential to the ability of the embodiments of the invention to provide secure communications between parties.

As discussed, the identifier RID uniquely identifies the receiver R as the intended recipient of the signed data X'. The receiver R will check the identifier RID, and if it does not indicate that it was the intended recipient, then the receiver will reject the signed data X' and not participate further in the protocol.

If the freshness data and identifier RID are acceptable to the receiver R. the receiver R will then compute shared session key k, where: k = X' mod n {Equation 16} At step S4, the sender S verifies Y. the identifier S/D, a timestamp or a sequence number by using the public verification key KpUbR of the receiver R. and checks the timestarnp or the sequence number and the identity S/D included in the signed data.

As discussed in relation to Step S3, the use of freshness data andlor the identifier SID is an optional feature of embodiments of the present invention. If present, the sender will check the freshness data and the identifier S/D, and will reject the signed data Y' if the message is not from within a predetermined time or number in a sequence, or if the identifier SID does not correctly identify the sender S. If the freshness data and identifier S/D are acceptable to the sender S. the sender S will then compute shared session key k', where: ke= yx mod n {Equation 17} It will be apparent to the skilled addressee that k = go, = k' . Therefore the sender S and the receiver R now share a session key k.

At step SS, if the sender S wants to send a message M to the receiver R. the sender S will send the receiver R both the message M and a message digest D. D = H(k, M) {Equation 18} where: H is a collision free hash function.

It will be understood that a message digest is derived from the original message and is generally shorter than the original message making it difficult to compute the original message from the digest. In this embodiment a collision free hash function H is used to generate a message digest. In other embodiments, other message shortening techniques could be used.

At step S6, R receives the message M and the message digest D, and computes: D' = H(k, M) {Equation 19} Thus, the receiver R applies the hash function H to the message M and the shared session key k to produce a verification message digest D'. The receiver R then compares the message digest D received from the sender and the verification message digest D'.

The receiver will only accept the message M if D = D '. In all other situations, R rejects the message, because if D does not equal D' then the message digest has not been created by applying the hash function H to the message M and the shared session key k.

Therefore, the receiver R can infer that the message M and the message digest D were not sent from the sender S. a, In contrast to the exchange of the Fan protocol, the above protocol exchange authenticates both parties and is deniable. The protocol exchange is deniable, as after negotiating a shared key k with the sender S. the receiver R can construct a message M', which is different from M, but capable of being hashed with the shared key k to form a message digest which has value to the message digest D sent by the sender. Therefore the receiver R can compute a message digest D using the hash function H and the shared session key k, where: D' = H(k, M') {Equation 20} Therefore, the receiver R is able to simulate the authenticated message M of the sender S. It will be apparent to the skilled addressee that a third party would be incapable of proving that M'and D' were not the messages sent from the sender S. Similarly both the receiver R and the sender S can claim that the shared session key k can be simulated by anyone.

It follows that the protocol is deniable, as it meets the two required characteristics. First the protocol enables a receiver R of a given message to authenticate the sender S of a message M, by performing step S6. Secondly, and more importantly, the protocol provides that the receiver R cannot prove the source of the message M to a third party.

This is because, the receiver R can simulate the authenticated message M of the sender S. and both the receiver R and the sender S can claim that the shared session key k can be simulated by anyone.

It will be apparent that removing the identities R/D and S/D from the signatures in Step S 1 and Step S2 would not compromise properties of authentication and deniability (which will be discussed later). However, it would make the protocol less robust due to the fact that the receiver does not know who is the intended verifier for the message. In Step S2, the receiver R sends the signed data Y' to the sender S. If the sender S receives Y' from the receiver R and successfully verifies the signed data, then the sender S implicitly knows that the protocol works otherwise S assumes it has failed.

A deniable authentication protocol according to a second embodiment of the invention will now be described with reference to Figure 4. Such a protocol is not vulnerable to a spoofing attack, and is appropriate for digital signing without message recovery.

At step S 1 1, the sender S chooses a random large integer x and computes an initialization value X, where: X = g r mod n {Equation 21} where: g and are the public numbers of a Diffie-Hellman algorithm.

The sender S then computes a value X', where: XI=TS/NS IIR/D IIXIIFK, (H(TSINS IIRID IIX)) {EqUatiOn22} where: FK 5 is a digital signature function without message recovery, based on S's private key Kprvs for digital signing; 1l denotes concatenation of data items; and H is a collision free hash function. The sender S uses either a timestamp T5 or a sequence number N5, and R/D is an identifier to uniquely identify the intended recipient R. Unlike the embodiments of the invention described in relation to Figure 3, the receiver would not be able to obtain the initialization value X, the identifier R/D, and the timestamp TS or sequence number NS from the signed data using the public key KpUbs of the sender S. This is because the digital signature function FK 5 used by the sender S does not have the facility for message recovery.

Therefore, the value X' in this embodiment contains a mixture of signed and unsigned portions of data. The portion of the value X' that is signed data is obtained by first hashing the value X, along with the timestamp TS or sequence number N5 and the identifier R/D. This hashed data is then digitally signed with private key KpVrs of the I, sender. The unsigned data comprises the value X, along with the timestamp T5 or sequence number N5 and the identifier R/D.

The reason that a hash of function H is used to produce the hashed data that is digitally signed is to cut down the size of the value X'. However, as will be discussed below, other embodiments of the invention need not hash the data to be signed.

At step S12, the receiver R chooses a random large integer y and computes an initialization value Y. where: Y = g' mod n {Equation 23} where: g and n are the public numbers of a Diffie-Hellman algorithm.

The receiver R then digitally signs transmission data that includes data based on the initialization value Y to obtain a value Y', where: Y' = TR /NR 11 S/D 1l Y || FK K (H(TR I NR || S/D || Y)) {Equation 24} where; FK R iS a digital signature function without message recovery, based on R's private key KprvR for digital signing; 1 l denotes concatenation of data items. The sender S uses either a timestamp TR or a sequence number NR, and S/D is an identifier to uniquely identify the intended recipient of the signed message, which is this case is the sender S. Therefore, the value Y'in this embodiment contains a mixture of signed and unsigned data. The signed data is obtained by first hashing the value Y. along with the timestamp TR or sequence number NR and the identifier S/D. This hashed data is then digitally signed with private key Kpvrs of the sender. The unsigned data comprises the value Y. along with the timestamp TR or sequence number NR and the identifier S/D.

The receiver R then sends the value Y' to the sender S. In this embodiment, the It will be apparent that the sender S and the receiver R are free to send the values X and Y along with the unsigned data in steps S 1 1 and S 12, because these initialization values are themselves secure, as they are equivalent to the values used for a Diffie-Hellman exchange protocol.

At step S 13, the receiver R receives the value X' from the sender S. The receiver R then splits the data X' into signed and unsigned components.

The receiver R then verifies the signed component of X' using the public key KpUbs of the sender S. This process does not yield the contents of the data that was signed, as the digital signature function does not have message recovery. An example of a technique that does not employ message recovery is DSS (Digital Signature Standard). Further information on DSS (Digital Signature Standard): FIPS 186 can be found at http://www.itl. nist.gov/fipspubs/fip 1 86.htm.

As previously discussed, the use of a hash of function H to produce hashed data that is then digitally signed, reduces the size of the message X', but is not essential.

At step S 13, the receiver R also checks the freshness data and identifier RID, which were included in the unsigned data. This procedure is carried out in the same way as described above.

If the freshness data and the identifier RID are acceptable to the receiver R. the receiver R will then compute shared session key k where: k = X Y mod n {Equation 26} At step S 14, the sender S carries out steps on the received value Y' that correspond to those described above in relation to step S 13.

That is to say that the sender S verifies the signed component of Y' with the public key KpUbR that corresponds to the private key of the receiver R. and also checks the freshness data and the identifier S/D received in the unsigned data.

If the freshness data and the identifier S/D are acceptable to the sender S. the sender S will then compute shared session key k', where: k'= Y ' mod '' Equation 27' It will be apparent to the skilled addressee that k = gX, = k' . Therefore, the sender S and the receiver R now share a session key k.

Once the shared session key k has been established, the sender S is free to deniably send a message M and a message digest D to the receiver R. in the way described above in relation to steps S5 and S6 of Figure 3. The protocol is deniable as it enables the receiver R of a given message M to authenticate the sender S. by performing step S6.

More importantly, the protocol provides that the receiver R cannot prove the source of the message M to a third party. This is because the receiver R can simulate the authenticated message M of the sender S. and both the receiver R and the sender S can claim that the shared session key k can be simulated by anyone.

It will be apparent that if a digital signature function based on a technique such as DSS is used, then the contents of the data to be signed does not matter, and the portion of the transmission data that is digitally signed need not include or be based on the value X. This is because, the contents of the data to be signed is not recovered on verification.

On this basis, it will be understood that at step S 1 1, the sender could compute a value X', the signed component of which could be any number, and the authentication of the data by the receiver R at step S 13 would not be compromised. However, signing data based on H(Ts I Ns li R/D it X) is convenient, and hashing the data before digitally signing has the effect of reducing the size of the value X'.

Unlike the protocol exchange disclosed in the Fan paper, embodiments of the invention are not vulnerable to a spoofing attack. Consider the situation when an intruder INQ sits on the link between the sender S and the receiver R and is capable of intercepting messages sent between the two.

If embodiments of the invention that use a digital signature function withmessage recovery are considered, then the protocol will begin at step S 1 with the sender S choosing a random large integer x and computing an initialization value X, where: X = gx mod n {Equation 12} where: g and n are the public numbers of a Diffie-Hellman algorithm.

As previously discussed, the sender S then digitally signs the initialization value X to obtain a signed value X', where: Xt=EK',, 5(TslNs IIR,D IIX) {Equation 13} where: EK S is a digital signature function with message recovery, based on S's private key Kprvs for digital signing; 1I denotes concatenation of data items. The sender S uses either a timestamp TS or a sequence number N5, and RID is an identifier to uniquely identify the intended recipient R. The sender S will then attempt to send the signed value X' to the receiver R. but consider the situation when it is intercepted by the intruder INQ.

The intruder INQ could obtain the public key Kpubs of the sender S. and use this to verify X' and obtain the initialization value X. This is because the public key Kp'bs is not a secret known only to the sender S. As in this situation, the intruder INQ just wishes to launch a spoofing attack, and so it could ignore any freshness data or identifier included in the message.

However, simply obtaining Xis of no use to the intruder INQ unless it allows a shared key to be established with the sender S. The intruder is free to choose a random number i, and compute a bogus initialization value Z. where: Z = g' mod n {Equation 28} In order to attempt to duplicate the protocol according to this embodiment of the invention, the intruder INQ could digitally sign the bogus initialization value Z to obtain a signed value Z. where: Z'= EK, (T/ I N/ 1l S/D 1l Z) {Equation 29} where: EK / IS a digital signature function with message recovery, based on the intruder's private key Kp,.v' for digital signing; 1I denotes concatenation of data items.

The intruder INQ uses either a timestamp T. or a sequence number N., and SID is an identifier to uniquely identify the intended recipient, the sender S. The intruder could then send the signed data Z' to the sender S. In other embodiments, the intruder could simply send the sender S the value EK (Z) . However, in this exchange, the sender S would be expecting to be participating in a protocol exchange with the receiver R. Therefore, if the sender S received the signed data Z' from the intruder INQ, the sender S would assume that it this data was sent from the receiver R. This is because the receiver R was the intended recipient of the signed data X' that was sent by the sender S. Therefore, the sender S will attempt to verify the faked signed data Z' received from the intruder INQ with the public key KpUbR of the receiver R. However, the public key KpubR of the receiver R will not be suitable to verify the data signed with the private key Kp of the intruder INQ. Therefore, the sender S will reject the bogus data Z', and will not proceed any further in the protocol exchange.

In order for the intruder INQ to successfully obtain a shared key with the sender S. it will need to obtain the private key KprvR of the receiver R. However, as the private key KPrVR of the receiver R is kept secret, then intruder INQ is not able to obtain it. It follows that the protocol is secure, as the exchange cannot take place without the proper authentication of both parties.

If embodiments of the invention that use a digital signature function without message recovery are consiticrecl, then the protocol Will begin at step S I I with the sender S choosing a random large integer x and computing an initialization value X, where: X = gx mod n {Equation 21} where: g and n are the public numbers of a Diffie-Hellman algorithm.

The sender S will then computes a value X', where: XI=TS/NS IIR/D IIXIIFKP,1(H(TSINS IIR'D IIX)) {EqUatiOn22} where: FK S IS a digital signature function without message recovery, based on S's private key Kprvs for digital signing; 1l denotes concatenation of data items; and H is a collision free hash function. The sender S uses either a timestamp T5 or a sequence number N5, and R/D is an identifier to uniquely identify the intended recipient R. Therefore, as disused in more detail above, the value X' in this embodiment contains a mixture of signed and unsigned data. The sender S then attempts to send the signed value X' to the receiver R. but it is intercepted by the intruder INQ.

In this situation, the intruder INQ does not need to verify the signed data with the public key KPU6S of the sender S. because the initialization value X was included in the unsigned data.

However, as discussed the initialization value X is of no use to the intruder INQ unless it allows a shared key to be established with the sender S. To attempt to launch a spoofing attack, the intruder INQ is free to choose a random number i, and compute a bogus initialization value Z. where: z = g' mod n {Equation 28} In order to attempt to duplicate the protocol according to this embodiment of the invention, the intruder 1NQ could compute a value Z', where: Z'= T' I N! 11 S/D 1l Z 11 FKr,,, (H(T, / N. 11 S/D 1I Z)) {Equation 30} where: FK / IS a digital signature function with message recovery, based on the intruder's private key Kprv/ for digital signing; 1I denotes concatenation of data items.

The intruder INQ uses either a timestamp T. or a sequence number N., and S/D is an identifier to uniquely identify the intended recipient, the sender S. Therefore, the intruder could produce fake data Z', which could then be sent to the sender S. However, as discussed above in relation to the message recovery case, in this exchange, the sender S would be expecting to be participating in a protocol exchange with the receiver R. and not the intruder INQ. Therefore, on receipt of the bogus data Z' from the intruder INQ, the sender S would assume that it this data was sent from the receiver R. Although the sender S has received Z in the unsigned data, the protocol exchange according to this embodiment of the invention requires that the sender S then persona the step of hashing the unsigned data received in the fake data Z' to produce an integrity value.

The sender S will then attempt to verify the signed data included in the received value Z' with the public key KpUbR of the receiver R. However, the public key KpUbR of the receiver R will not be suitable to verify the data signed with the private key Kprv/ of the intruder INQ. On this basis, the sender S will not be able to check the integrity of the unsigned data Z', and consequently will not proceed further in the protocol exchange.

As discussed above, the only way that the sender S could verify that the value sent by the intruder INQ and complete the protocol exchange would be if the if the signed portion of Z' had been signed with the private key KprvR of the receiver. However, as the intruder INQ will not be able to receive this, it follows that the protocol is secure, and not vulnerable to spoofing attacks.

The above described embodiments provide a method of establishing a shared key k, and then using the shared key k to deniably send a message M and a message digest D from the sender S to the receiver R. in the way described above in relation to steps S5 and S6 of Figure 3. However, other embodiments of the invention could use the shared key k in a different manner. For example, shared key k could be used as a key in a symmetric cryptography algorithm such as DES or RC4 mentioned above. The sender S could encrypt a message M with the shared key k using a symmetric cryptography algorithm.

This encrypted data could then be decrypted by the receiver R using its shared key k to obtain the message M. In other embodiments, the sender S could encrypt a message M with the shared key k symmetric cryptography algorithm, and send the signed data J to the receiver R with a message digest L, where: J= Ok (M) L = H(Gk (M)) where: Gk is a symmetric encryption function, based on the shared key k.

The receiver R will then decrypt J using the shared key k, in order to obtain the message M. The receiver will then compute: L'= H(Gk (M)) The receiver R can then compare the message digest L received from the sender S and the verification message digest L '. The receiver would only accept the message M if L = L'.

The above described embodiments have been described in the general terms of a sender and a receiver of data. It is noted that both the sender and the receiver could be considered data processing systems suitable for use with embodiments of the present invention.

The data processing systems could be a mobile terminal such as a mobile telephone, lap top, or a PDA equipped with communications capabilities. However, the data processing systems could be a general purpose computer, terminal, or server.

Furthermore, it is well-known and will be understood by those skilled in the art that servers can comprise a computer program application implemented on a dedicated machine, or they can comprise a computer program application as one of many implemented on a machine.

The private keys of the data processing systems could be generated by the data processing systems. Alternatively, they could be issued by the CA. The private keys of the data processing systems could be stored in nonvolatile memory on the general purpose computer, terminal or server; or on a secure data store. The private key could also be stored in secure tamper resistance module such as smart or other such card (for example, a SIM: Subscriber Identity Module, WIM: Wireless Identity Module, SWIM: Combined SIM and WIM, USIM: Universal Subscriber Identity Module). In a practical system where the data processing system is a mobile terminal incorporating a SIM card, the SIM may store the private key of the mobile terminal.

The public keys may be stored in the terminal at manufacture, or on a SIM card, or they may be downloaded from a remote data processing system, such a public key server.

For example a mobile terminal may access a read-only directory of a network operator to download public keys or certificates for other mobile terminals.

As discussed, the use of freshness data is not essential, however it does advantageously prevent replay attacks. The choice of using either a time stamp and/or a sequence number depends on the technical capabilities of the data processing systems involved in the protocol and on the environment. The security of times/amp-based techniques relies on the use of a common time reference. This implies that host clocks should be available, and synchronization is necessary to counter clock drift and must be appropriate to accommodate the acceptable time window used. Therefore, the use of timestamps would not be appropriate where the data processing systems lack adequately synchronized clocks. In such a situation, as sequence number may be preferred.

A practical implementation of the first embodiment of the invention will now be described with reference to Figure 5. Figure 5 schematically shows an electronic voting system carried out partially over the internet. In this embodiment, users of mobile terminals and general purpose computer can deniably sent electronic votes to a central Government server 20. In this embodiment, a mobile terminal 1, a general purpose computer 30, and the Government server 20 are all data processing systems that are adapted to perform the protocol according to the first embodiment of the invention.

This embodiment comprises two users, denoted Users A and B. who are both interested in casting votes electronically, by logging their votes on the Government server 20.

However, those skilled in the art will appreciate that the number of users of such a system is not limited in any way.

The electronic voting system comprises a mobile terminal 1 used by User A. The mobile terminal I is in two-way communication with a base station 2 across a radio or air interface, known as a Um interface in GSM (Global Systems for Mobile Communications) networks and GPRS (General Packet Radio Service) networks and a Uu interface in CDMA2000 and W-CDMA networks. Typically at any one time a plurality of mobile devices I are attached to a given base station, which includes a plurality of radio transceivers to serve these devices. Although not shown in Figure 5, it will be understood that the base station 2 will comprise a base station controller that will be coupled, together with a plurality of other base station controllers to a mobile switching centre (MSC). A plurality of such MSCs are in turn coupled to a gateway MSC (GMSC) which connects the mobile phone network to the public switched telephone network (PSTN) 3. The PSTN 3 is in turn connected to the Internet 4. It will be understood that various transmission protocols exist for sending data from a mobile terminal to other data processing systems via the Internet.

The mobile terminal I is connected via the internet 4 to a network operator server 6, which is in turn connected to a secure public key store 8. The mobile terminal I is also connected via the internet 4 to a Government server 20. Connected to the Government server 20 is a secure database 22.

The electronic voting system further comprises a general purpose computer 30 used by User B. The general purpose computer is connected via the internet 4 to a public key server 4O, which is in turn connected to a secure public key store 42. The general purpose computer 30 is also connected via the internet 4 to the Government server 20.

As discussed, the mobile terminal I, the general purpose computer 30, and the Government server 20 are all data processing systems adapted to perform the protocol according to the first embodiment of the invention. Figure 6 shows a schematic of a computer system 600 suitable for use as one of the data processing systems. The computer system 600 comprises an address and databus 602 to which is coupled a keyboard 608, display 610 and a man-machine interface (MMI) 606 such as an audio and/or tough screen interface. In some embodiments a cryptographic processing system, that is memory and a (possibly dedicated) processor may be provided on a removable card such as a SIM card. Figure 6 may thus represent such a system, although the MMI will then generally be absent. Also coupled to bus 602 is a communications interface 604 such as a network interface (for a server), a radio or infrared interface (for a mobile phone or PDA) or a contact pad interface (for a SIM card). Further coupled to bus 602 are a processor 612, working memory 614, non- volatile data memory 616, and non-volatile programme memory 618, the non- volatile memory typically comprising Flash memory.

The non-volatile programme memory 618 stores cryptography code, that is digital signature code, and digital signature verification code, shared key generation code, and driver code for the communications interface. Processor 612 implements this code to provide corresponding processes to implement methods according to embodiments of the invention. The nonvolatile data memory 616 stores a private key, preferably within a digital certificate, of the data processing system.

The process by which the user A of the mobile terminal I casts a vote with the Government server 20 will now be explained. In order to cast a vote, the sequence of events will be described below.

The mobile terminal I first attempts to establish a shared session key with the Government server 20. The process for this is as follows: 1. Mobile terminal 1 retrieves from storage: a prime number, p, and a generator, g, for a Diffie-Hellman key exchange protocol. These may be stored on the SIM card of the mobile terminal 1. The mobile terminal 1 then generates a positive integer a which is less than p-l, and generates a first initialization value gamod n.

2. Mobile terminal 1 then retrieves from storage (for example from its SIM card) its private key KprvA for digital signing. This could be issued by the CA and stored on the SIM card on manufacture. Alternatively, it could be generated on the mobile terminal 1, and then stored in non- volatile memory such as the SIM card. The mobile terminal 1 then attaches a time stamp and/or a sequence number for freshness, and an identifier that uniquely identifies the Government server 20. The mobile terminal then digitally signs data based on the initialization value using its private key KprvA to obtain a signed value.

3. Mobile terminal I then sends the signed data to the Government server 20 via the internet 4. The inclusion of freshness data in the signed value allows the signed data to expire after a time interval, for example if there is no reply within a time window, and thus allows a relatively short period to be defined during which a replay attack is possible. A timestamp may be preferred where the mobile terminal 1 and the Government server 20 have synchronized clocks (for example, to better than one second) otherwise a sequence number may be employed. The inclusion of the identifier allows the Government server 20 to check that the signed data was intended to be sent to it, and not to another party.

4. On receipt of the signed data from the mobile terminal I, the Government server then retrieves the public key KpUbA of the mobile terminal I that corresponds to the private key KprvA that was used to digitally sign the signed data. The public key KpUbA is retrieved from a certificate for the mobile terminal 1, for example downloaded from the public key store 8 (read-only) held by the network operator. The Government server 20 then verifies the signed data from the mobile terminal I using the public key KpUbA, and obtains the initialization value, the identifier and the freshness data.

5. The government server 20 then checks the freshness data. For example, if a time stamp is used, the Government server 20 will check the time stamp to see if the signed data was sent within a predetermined time. If the signed data was not sent within the predetermined time, the Government server 20 will reject the signed data, and not participate further in the protocol. The Government server 20 will also check the identifier to see if the signed data was intended to be sent to it. If the unique identifier does not identify the Government server 20, the Government server 20 will not participate further in the protocol.

6. If the signed data has been successfully verified, and any included freshness data or identifiers are appropriate, the Government server 20 then computes a session key from the initialization value received from the mobile terminal I and the random number b, that was generated by the Government server 20.

7. The Government server 20 then retrieves from the secure database 22: the prime number, n, and the generator, g, for a Diffie-Hellman key exchange protocol. The Government server 20 then generates a positive integer b which is less than n-1, and generates a first initialization value gbmod n.

8. The Government server 20 then retrieves from the secure database 22 its private key KP,,B for digital signing. For maximum security this could be generated locally on the Government server 20. Alternatively, it could be issued by the CA and the stored in the secure database 22. In this embodiment, the Government server 20 then attaches a time stamp and/or a sequence number for freshness, and an identifier that uniquely identifies the mobile terminal 1 as the intended recipient. The Government server 20 then digitally signs data based on the initialization value using its private key KP,,LB to obtain a signed value.

9. The Government server 20 then sends the signed data to the mobile terminal 1 via the internet 4.

10. On receipt of the signed data from the Government server 20, the mobile terminal 1 then retrieves the public key KpUbB of the Government server 20 that corresponds to the private key KP,B that was used to digitally sign the signed data from the Government server 20. This public key KPUbB is retrieved from a certificate for Government Server 20, for example downloaded from the public key store 8 (read-only) held by the network operator. Alternatively, the public key of the Government server 20 could be stored on the mobile terminal I at manufacture, for example on a SIM card.

Furthermore, the public key of the Government server 20 could be held in a read only datastore connected to the Government server 20, that the mobile terminal 1 could access. The mobile terminal 1 then verifies the signed data from the Government server using the public key KpUbA, and obtains the initialization value of the Government server 20, and the included identifier and freshness data from the Government server 20.

11. The mobile terminal 1 then checks the freshness data and identifier received from the Government server 20. If the freshness data and the identifier are not acceptable, the mobile terminal will not participate further in the protocol exchange. If the signed data has been successfully verified, and any included freshness data or identifiers are appropriate, the mobile terminal 1 then computes a session key from the initialization value received from the Government server 1 and the random number a, that was generated by the mobile terminal.

At this stage, the mobile terminal 1 and the Government server 20 have both generated session keys. It will be understood from the above, that the session keys generated by the mobile terminal 1 and the Government server 20 will be equal to each other. The mobile terminal 1 can now deniably send a vote to the Government server 20. The process for this is as follows: 12. In order to register a vote electronically, the user of the mobile terminal 1 will then construct an appropriate voting messing. For example, the voting message could comprise "I vote for Party XYZ". It will be appreciated that the user of the mobile terminal 1 will not want the contents of his or her vote to be able to be traced back to them. It will also be apparent that an electronic voting system must provide proper authentication of the parties involved. Otherwise, the electronic voting system would be open to unacceptable abuse.

13. The mobile terminal 1 will then construct a message digest by hashing the contents of the user's voting message with the shared session key. The mobile terminal 1 will then send both the voting message and the message digest to the Government server 20 via the internet 4.

14. On receipt of voting message and the message digest from the mobile terminal 1, the Government server 20 will need to check the origin of the message. This is because an electronic voting system for Government elections must clearly keep track of who has voted, and for example prohibit the same user from registering a vote more than once. However, as discussed, the user of the mobile terminal 1 does not want the origin of the voting message to be traced back to them. However, the Government server 20 can check that the message was sent by the mobile terminal 1, by checking the integrity of the message digest. The Government server 20 has the voting message received from the mobile terminal 1 and has the same shared session key as the mobile terminal 1. Therefore, the Government server 20 computes its own message digest by hashing the contents of the user's voting message with the shared session key.

15. Government server 20 will then compare the message digest that it received from the mobile terminal I with the message digest that it generated. If these two message digests are equal, then the Government server 20 knows that the voting message was sent by the mobile terminal 1, and accepts the vote. This is because only the Government server 20 will know that only it and the mobile terminal 1 possess the same shared session key. The Government server 20 knows that the shared session key is unique to it and mobile terminal 1 because both parties were authenticated properly in the key establishment process. If the two message digests are not equal, then the Government server 20 knows that the voting message could not have been sent by the mobile terminal 1.

The above vote casting process authenticates both parties and is deniable. The inclusion of the shared key in the message digest enables the Government server 20 to link the voting message to the mobile terminal 1. The process is deniable, because from the point of view of a third party there would be no proof that the voting message originated from the mobile terminal 1. This is because, once the Government server 20 has generated a shared key, the Government server 20 is free to construct a fake voting message that is different to the actual voting message received from the mobile terminal 1, but which has the same message digest.

This fake voting message and correct message digest generated by the Government server 20 would be indistinguishable to a third party from the actual voting message and message digest sent by the mobile terminal 1. The protocol is therefore deniable, and as it enables the Government server 20 to authenticate the sender of a voting message.

Secondly, and more importantly, the protocol provides that Government server 20 cannot prove the source of the voting message to a third party.

It will be appreciated that the process by which the user B of the general purpose computer 30 casts a vote with the Government server 20 corresponds to that described above for the mobile terminal 1. In this situation, the general purpose computer 30 and the Government server 20 could downloaded the appropriate public keys from certificates stored on a public key store 42 of a secure server 40. The server 40 could represent the CA, and could issue the private and public keys to the general purpose computer 30 and Government server 201. Alternatively, the private key of the general purpose computer 30 could be general purpose computer 20 could be generated by the general purpose computer 30, which increases the security ofthe system.

Claims

CLAIMS: 1. A method of establishing a shared key between a first data

processing system and a second data processing, the method comprising: at said first data processing system, generating a positive integer x and then generating a first initialization value gXmod n, where n is a prime number and g is generator for a Diffie-Hellman key exchange protocol and x is less than n-l; at said first data processing system, generating first transmission data that includes data based on said first initialization value, and digitally signing at least a portion of said first transmission data using a private key of said first data processing system to form first signed data; at said second data processing system, generating a positive integer y and then generating a second initialization value gYmod n, where y is less than n-l; at said second data processing system, generating second transmission data that includes data based on said second initialization value, and digitally signing at least a portion of said second transmission data using a private key of said second data processing system to form second signed data; receiving at said second data processing system said first transmission data, verifying said first signed data using a public key corresponding to the private key of said first data processing system, and extracting said first initialization value from said first transmission data; receiving at said first data processing system said second transmission data, and verifying said second signed data using a public key corresponding to the private key of said second data processing system, and extracting said second initialization value from said second transmission data; and generating at both said first and said second data processing systems a shared session key, by calculating at both said first and said second data processing systems a value equal to gxy mod p using a Diffie-Hellman algorithm.
2. A method according to claim 1, wherein said first signed data includes the data based on said first initialization value.
3. A method according to claim 2, wherein said first signed data further comprises time stamp data, the method further comprising: at said second data processing system, after verifying said first signed data, checking the time stamp data to see if the first signed data was sent within a predetermined time, and determining the validity of if the first signed data by establishing if the first signed data was sent within the predetermined time.
4. A method according to any one of Claims 1 to 3, wherein said first signed data further comprises a sequence number, the method further comprising: at said second data processing system, after verifying said first signed data, checking the sequence number to see if the first signed data was sent within a predetermined number in a sequence known to said second data processing system, and determining the validity of if the first signed data by establishing if the first signed data was sent within the predetermined number in the sequence.
5. A method according to any one of Claims 1 to 4, wherein said first signed data further comprises identification data that is uniquely associated with the second data processing system, the method further comprising: at said second data processing system, after verifying said first signed data, checking whether the identification data correctly identifies said second data processing system, and determining the validity of if the first signed data by establishing if the identification data correctly identifies said second data processing system.
6. A method according to any one of Claims 2 to 5, wherein the first initialization value is recoverable from the first signed data by verifying the first signed data using the public key corresponding to the private key of said first data processing system.
7. A method according to Claim 1, wherein: the portion of said first transmission data that is digitally signed is not recoverable from the first signed data by verifying the first signed data using the public key corresponding to the private key of said first data processing system; and the first transmission data includes first unsigned data which includes the data based on said first initialization value.
8. A method according to claim 7, wherein said first unsigned data further comprises time stamp data, the method further comprising: at said second data processing system, after verifying said first signed data, checking the time stamp data to see if the first transmission data was sent within a predetermined time, and determining the validity of if the first transmission data by establishing if the first transmission data was sent within the predetermined time.
9. A method according to Claim 7 or 8, wherein said first unsigned data further comprises a sequence number, the method further comprising: at said second data processing system, after verifying said first signed data, checking the sequence number to see if the first transmission data was sent within a predetermined number in a sequence known to both said first and second data processing systems, and determining the validity of if the first transmission data by establishing if the first transmission data was sent within the predetermined number in the sequence. l
10. A method according to any one of Claims 7 to 9, wherein said first unsigned data further comprises identification data that is uniquely associated with the second data processing system, the method further comprising: at said second data processing system, after verifying said first signed data, checking whether the identification data correctly identifies said second data processing system, and determining the validity of if the first transmission data by establishing if the identification data correctly identifies said second data processing system.
11. A method according to any one of the preceding claims, further comprising: at said first data processing system, retrieving the public key of the second data processing system from a third data processing system.
12. A method of deniably sending a message after establishing a shared key using a method according to any one of Claims I to 11, the method further comprising: at said first data processing system, generating a message to be sent to the second data processing system, operating on said message and the shared key obtained by the first data processing system with a hash function to obtain a message digest, and sending said message and said message digest to the second data processing system; at said second data processing system, receiving said message and said message digest, operating on said message and the shared key obtained by the second data processing system with the hash function to obtain a message digest check value; and at said second data processing system, accepting the message if said message digest matches said message digest check value.
13. A method of sending a message after establishing a shared key using a method according to any one of Claims I to I I, the method further comprising: at said first data processing system, generating a message to be sent to the second data processing system, encrypting said message using the shared key to form an encrypted message, and sending said encrypted message to said second data processing system, wherein said encrypting comprises using a symmetric cryptography algorithm; and at said second data processing system, receiving said encrypted message and decrypting sending said encrypted message using the shared key, wherein said decrypting comprises using the symmetric cryptography algorithm.
14. A method of a first data processing system authenticating received data from a second data processing system, comprising using a method according to any one of claims 1 to 1 1, and determining the validity of the first transmission data.
15. Processor control code to, when running, perform the method of any one of claims 1 to 14.
16. A carrier carrying the processor control code of claim 15.
17. A data processing apparatus comprising: memory for storing a prime number, n, and generator, g, for a Diffie-Hellman key exchange protocol; a processor adapted to generate a positive integer x less than n-l, generate a first initialization value gXmod n, generate first transmission data that includes data based on said first initialization value, digitally sign at least a portion of said first transmission data using a private key of the data processing system to form first signed data; a communications interface adapted to send said first transmission data, and adapted to receive second transmission data from a second data processing system, said second transmission data including data based a second initialization value gYmod n, wherein at least a portion of the said second transmission data includes second signed data that has been digitally signed using a private key of said second data processing system; wherein the processor is further adapted to verify said second signed data using a public key corresponding to the private key of said second data processing system, to extract said second initialization value from said second transmission data; and to generate a shared session key by calculating a value equal to gXy mod p using a Diffie Hellman algorithm.
18. Apparatus according to claim 17, wherein said first signed data includes the data based on said first initialization value.
19. Apparatus according to claim 18, wherein said first signed data further comprises at least one of a time stamp data, a sequence number, and identification data that is uniquely associated with the second data processing system.
20. Apparatus according to claim 17, wherein the processor is adapted to digitally sign the portion of the transmission data using a digital signature function that does not allow message recovery to form the first signed data, wherein the first transmission data includes first unsigned data which includes the data based on said first initialization value.
21. Apparatus according to any one of clahns 17 to 20, wherein the communications interface is adapted to receive the public key corresponding to the private key of said second data processing system from a third data processing apparatus.
22. Apparatus according to any one of claims 17 to 21, wherein the processor is further adapted to generate a message to be sent to the second data processing system, and to operate on said message and the shared key obtained by the first data processing system with a hash function to obtain a message digest; wherein the communications interface is adapted to send said message and said message digest to the second data processing system.
23. A data processing apparatus comprising: memory means for storing a prime number, n, and generator, g, for a Diffie Hellman key exchange protocol; processing means for generating a positive integer x less than n-l, generating a first initialization value gXmod n, generating first transmission data that includes data based on said first initialization value, and digitally signing at least a portion of said first transmission data using a private key of the data processing system to form first signed data; 1 communications interface means for sending said first signed data, and receiving second transmission data from a second data processing system, said second transmission data including data based a second initialization value gYmod n, wherein at least a portion of the said second transmission data includes second signed data that has been digitally signed using a private key of said second data processing system wherein the processor means is adapted to verify said second signed data using a public key corresponding to the private key of said second data processing system, to extract said second initialization value, and to generate a shared session key by calculating a value equal to gxy mod p using a Diffie-Hellman algorithm.
24. A communications system adapted to establish a shared key between data processing systems, the communications system comprising: a first data processing system adapted to generate a positive integer x and generating a first initialization value gXmod n, where n is a prime number and g is generator for a Diffie-Hellman key exchange protocol and x is less than p-l; to generate first transmission data that includes data based on said first initialization value, digitally sign at least a portion of said first transmission data using a private key of said first data processing system to form first signed data; a second data processing system adapted to generate a positive integer y and generate a second initialization value gYmod n, where y is less than n-l, to generate second transmission data including data based on said second initialization value, digitally sign at least a portion of said second transmission data using a private key of said second data processing system to form second signed data, to receive said first transmission data, to verify said first signed data using a public key corresponding to the private key of said first data processing system, and to extract said first initiation value from said first transmission data; wherein said first data processing system is further adapted to receive said second transmission data, to verify said second signed data using a public key corresponding to the private key of said second data processing system, and to extract said second initiation value from said second transmission data; and wherein both said first and said second data processing systems are adapted to generate a shared session key by calculating a value equal to gay mod p using a Diffie Hellman algorithm.
25. A communications system according to claim 24, further adapted to carry out the method of any one of claims I to 11.
26. A communications system according to claim 24, further adapted to deniably send a message from a first data processing system to a second data processing system after establishing a shared key using a method according to any one of Claims 1 to 1 1, wherein: said first data processing system is further adapted to generate a message to be sent to the second data processing system, to operate on said message and the shared key obtained by the first data processing system with a hash function to obtain a message digest, and to send said message and said message digest to the second data processing system; said second data processing system is further adapted to receive said message and said message digest, and to operating on said message and the shared key obtained by the second data processing system with the hash function to obtain a message digest check value; and said second data processing system will only accept the message if said message digest matches said message digest check value.
27. A communications system according to claim 24, further adapted to send a message from a first data processing system to a second data processing system after establishing a shared key using a method according to any one of Claims I to 1 1, wherein said first data processing system is further adapted to generate a message to be sent to the second data processing system, encrypt said message using the shared key to form an encrypted message using a symmetric cryptography algorithm, and send said encrypted message to said second data processing system; and said second data processing system is adapted to receive said encrypted message and decrypt sending said encrypted message using the shared key and the symmetric cryptography algorithm.