WO2005083926A1 - Systemes et procedes mis en oeuvre par ordinateur permettant de produire, resoudre et/ou utiliser des casse-tete de securite utiles - Google Patents

Systemes et procedes mis en oeuvre par ordinateur permettant de produire, resoudre et/ou utiliser des casse-tete de securite utiles Download PDF

Info

Publication number
WO2005083926A1
WO2005083926A1 PCT/US2005/006245 US2005006245W WO2005083926A1 WO 2005083926 A1 WO2005083926 A1 WO 2005083926A1 US 2005006245 W US2005006245 W US 2005006245W WO 2005083926 A1 WO2005083926 A1 WO 2005083926A1
Authority
WO
WIPO (PCT)
Prior art keywords
network device
solution
server
solving
client
Prior art date
Application number
PCT/US2005/006245
Other languages
English (en)
Inventor
Theodore Diament
Angelos D. Keromytis
Marcel Mordechay Yung
K. Lee Homin
Original Assignee
The Trustees Of Colmbia University Of The City Of New York
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by The Trustees Of Colmbia University Of The City Of New York filed Critical The Trustees Of Colmbia University Of The City Of New York
Publication of WO2005083926A1 publication Critical patent/WO2005083926A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present invention relates generally to the field of computer network security. More particularly, this invention relates to the use of useful security puzzles by a computer network or server to protect against resource-depletion attacks.
  • a channel is opened between the client and the server for data communications.
  • a channel may be opened between a computer shopper (client) and an online retail store server following a connection request by the computer shopper.
  • client computer shopper
  • the client requesting the open channel for data communications can disrupt the operations of the server, either intentionally (as with DoS attacks) or unintentionally, by generating a large number of connection requests within a relatively short length of time, and thus unduly burdening the server's resources.
  • a similar result can occur, for example, when one or more clients generate a large number of other types of requests that involve the use of one or more resources of the server.
  • a server can ask the client a question such as "which 32-bit number, when supplied as the input to the Secure Hash Algorithm (SHA1) OWF, results in the value Oxdeadbeef?"
  • the server can pick the input at random, and vary its size to reflect the computational resources of clients and attackers.
  • problems e.g., useful security puzzles
  • these problems or puzzles can be used by servers to protect against resource-depletion attacks and to offload at least some of the cryptographic overhead required by the servers for secure cryptographic key establishment.
  • the invention provides a method for solving a problem using network devices in a computer network, where the method includes receiving, by a first network device, a first problem provided by a second network device, providing a second problem, by the first network device, to a third network device, wherein the second problem is based at least in part on the first problem, receiving a solution to the second problem by the first network device, and solving the first problem, by the first network device, using the received solution to the second problem.
  • the invention provides a first network device in a computer network that receives a first problem from a second network device, that provides a second problem that is based at least in part on the first problem to a third network device, that receives a solution to the second problem, and that solves the first problem using the received solution to the second problem.
  • the invention provides an article of manufacture that includes a computer usable medium having computer readable program code means embodied therein for solving a problem
  • the computer readable program code means in the article of manufacture includes computer readable program code means for causing a first network device to receive a first problem from a second network device, computer readable program code means for causing the first network device to provide a second problem to a third network device, where the second problem is based at least in part on the first problem, computer readable program code means for causing the solution to the second problem to be received by the first network device, and computer readable program code means for causing the first network device to use the received solution to the second problem to solve the first problem.
  • FIG. 1 is a simplified illustration of a communications system in which the principles of the present invention may be implemented in accordance with at least one embodiment of the present invention
  • FIG. 2 is a simplified illustration showing various steps involved in the creation of a communications link between a client and a server using the Transport Layer Security protocol;
  • FIG. 3 is a simplified illustration showing various steps involved in the creation of a communications link between a server and two clients using decryption-oriented puzzles in accordance with at least one embodiment of the present invention
  • FIG. 4 is a simplified illustration showing various steps performed in connection with computing part of the trapdoor that is needed to generate decryption-oriented puzzles in accordance with at least one embodiment of the present invention.
  • FIG. 5 is a simplified illustration showing various steps performed in connection with the encryption and decryption of decryption-oriented puzzles in accordance with at least one embodiment of the present invention.
  • the present invention is directed to methods and systems for generating, solving, and/or using problems (e.g., useful security puzzles) that both provide a useful service to the servers employing them, and protect the servers protection against resource-depletion attacks from clients.
  • problems e.g., useful security puzzles
  • the terms "problems” and “puzzles” are used interchangeably herein.
  • a problem or puzzle as described below can be a ciphertext (e.g., plaintext that has been encrypted using some form of encryption algorithm) that requires some form of computation to decrypt, and which may subsequently be used by a server to generate a secure cryptographic key.
  • the invention is not limited by the particular types of problems or puzzles being used.
  • clients and servers are used generally to differentiate end points in a network connection. It will be understood, however, that clients and servers according to the invention can be any suitable type of computing or network device that is capable of communicating across a network.
  • the clients and servers discussed herein can be a laptop or other personal computer, a mobile (cellular) telephone, a personal digital assistant (PDA), a mainframe server, and so on.
  • a “client” may be a program that sends a request for information from a "server.”
  • a server in one instance may be a client in another (and vice versa).
  • useful security puzzles have some (or all) of the following characteristics.
  • the security puzzles represent at least a moderate computational task, thus assuring a certain slow-down of the accessing parties (clients).
  • the computations associated with the useful security puzzles are useful to the server. For example, solving a useful security puzzle can include performing a computational task that makes the server's computations relating to secure cryptographic key establishment more efficient.
  • solving the useful security puzzle does not depend on any particular client. In other words, if a given puzzle is not actually solved by the first client it is given to, the server is still able to solve it (or give the puzzle to another client to solve).
  • the useful security puzzle should be such that, even when a client determines the solution to a puzzle, the client does not learn any long-term cryptographic keys or other secret information of the server.
  • FIG. 1 An example of useful security puzzles in accordance with the principles of the present invention is now provided in the context of security.
  • a network device e.g., Web server
  • another network device e.g., a client
  • client 104 seeks to initiate a channel, or communications link 106 over a network, such as the Internet 108.
  • client 104 attempts to negotiate (using a handshaking session) how information should be securely transmitted.
  • client 104 may seek to initiate communications link 106 using a session-security protocol such as the Transport Layer Security protocol (TLS) described in RFC 2246, which is incorporated by reference herein in its entirety.
  • TLS Transport Layer Security protocol
  • TLS TLS with a Rivest, Shamir, and Adelman (RSA) key exchange
  • RSA Rivest, Shamir, and Adelman
  • Diffie-Hellman key exchange can also be used.
  • FIG. 2 is a simplified illustration showing various steps involved in the initiation of communications link 106 of FIG. 1 (and subsequent protection of data transmissions using the derives session keys) when TLS (with RSA key exchange) is being used.
  • client 104 extends its "hand” by informing server 102 that it wishes to "talk” (communicate) using TLS.
  • client 104 provides various information about itself (e.g., the ciphers it supports) to server 102, and optionally also provides "nonce” Nc. It will be understood that, as used herein, the term “nonce” refers to a randomly generated value that can be used to detect replay attacks.
  • server 102 In response, in step 204, server 102 extends its "hand" with a reply containing a certificate that can be used in authenticating it, various information about itself (e.g., the selected cipher), and a nonce Ns. Using the received certificate and other information, client 104 authenticates server 102. Although not shown in FIG. 2, server 102 could also ask for a certificate from client 104 when it wishes to authenticate client 104 (e.g., prior to an online financial transaction).
  • client 104 If the client 104 is able to authenticate the server 102 in step 204, in step 206, client 104 generates a randomly-chosen secret message S, encrypts it with the server's public key (obtained, e.g., from the certificate sent by the server 102 in step 204) using the RSA algorithm, and sends the encrypted secret message S to server 102. Once it is received, server 102 decrypts the encrypted secret message S.
  • server's public key obtained, e.g., from the certificate sent by the server 102 in step 204
  • server 102 decrypts the encrypted secret message S.
  • client 104 selects the secret message S without any input from server 102.
  • step 208 an additional hashing step is used whereby server 102 can supply input in the derivation of the master secret from the secret message S.
  • both client 104 and server 102 use the secret message S, also called a "pre-master secret,” to derive a "master secret” K using additional information, such as Nc, Ns, and information resulting from step 208 described above.
  • additional information such as Nc, Ns, and information resulting from step 208 described above.
  • both client 104 and server 102 are able to generate session keys to be used for encrypting and decrypting various communications between the two.
  • FIG. 3 is a simplified illustration showing various steps involved in the creation of communications links when decryption-oriented puzzles are used in place of RSA encryption in connection with a TLS-like protocol.
  • Server 302 shown in FIG. 3 has a permanent public key Ke, and a periodically generated auxiliary public key Ka. According to various embodiments, both public keys Ke and Ka are arbitrarily chosen and, given a particular permanent public key Ke, any choice for auxiliary public key Ka can be used.
  • server 306 has a permanent private key Pe, and a periodically generated auxiliary private key Pa. It is noted that, while only a first client 304 and a second client 306 are shown as communicating with server 306, this is for simplicity only, and the invention is not limited by the number of clients.
  • step 314 server 302 extends its "hand" with a reply containing a certificate that can be used in authenticating it, various information about itself (e.g., the selected cipher), and a nonce N5. Using the received certificate and other information, client 304 authenticates server 302. Moreover, although not shown in FIG. 3, server 302 could also ask for a certificate from client 304 when it wishes to authenticate client 304 (e.g., prior to an online financial transaction).
  • client 304 If the client 304 is able to authenticate the server 302 in step 314, in step 316, client 304 generates a randomly-chosen secret message Si (similar to the "pre-master secret S" described above), and encrypts it into a decryption-oriented puzzle (using the principles described below) using both the permanent public key Ke and auxiliary public key Ka of server 302 (obtained, e.g., from the certificate sent by the server 102 in step 204).
  • the decryption-oriented puzzle based on secret message SI which is provided to server 302, is a ciphertext that has two portions (CI, C2).
  • the decryption-oriented puzzle is generated such that, given ciphertext (CI, C2), the secret message SI can be recovered using either the server's permanent private key Pe, or the server's auxiliary private key Pa.
  • CI ciphertext
  • TD1 an intermediate value
  • step 316 client 304 sends the generated decryption-oriented puzzle, including both ciphertext portions (CI, C2), to server 302.
  • server 302 may decrypt the puzzle itself (thus recovering secret message Si) using either permanent private key Pa or auxiliary private key Pe. Then, using the recovered secret message Si, along with additional information (e.g., Nl and N3), server 302 is able to derive the master secret Kl.
  • step 348 server 302 forwards only ciphertext portion CI to another accessing client 306 after steps 342-346 (which are similar to steps 312-316, but involve client 306 rather than client 304) have been performed. Moreover, if the auxiliary private key Pa of server 302 was not previously sent to client 306 (e.g., with the certificate at step 344), then in step 348, server 302 also provides this key to client 306 so that client 306 can solve puzzle CI and obtain trapdoor TD1.
  • client 304 may receive another CI ' that was produced by another client (e.g., client 306) connecting to server 302.
  • step 350 client 306 uses Pa to produce the intermediate value TD1, and sends this result back to server 302 as proof of work done. If server 302 verifies the solution (TD1) produced by client 306, it will allow the connection process associated with client 306 to proceed.
  • the secret message SI can be efficiently recovered by server 302 using a "message recovery algorithm" that is substantially more efficient than the trapdoor recovery algorithm used by client 306 to obtain TD1.
  • the message recovery algorithm being used by server 302 to recover secret message SI is able to efficiently detect an incorrect TD1 as explained below. It is be noted that, if the recovery of secret message SI in step 350 fails (e.g., because client 306 did not solve CI to obtain the correct TD1, or did not provide TD1 to the server for another reason), server 302 can still solve puzzle CI itself in order to obtain TD1 and subsequently recover secret message SI. Alternatively, server 302 can try to employ another accessing client to recover TD1.
  • step 322 an additional hashing step is used whereby server 302 can supply input in the derivation of the master secret from the secret message SI. Then, in step 324, both client 304 and server 302 use the secret message SI to derive a "master secret" Kl using additional information, such as Ni, N3, and information resulting from step 322 described above. Using the derived master secret Kl, both client 304 and server 302 are able to generate session keys to be used for encrypting and decrypting various communications between the two.
  • step 318 when client 304 is provided CI 'that was produced by another client (e.g., client 306) in step 318, it must return the solved TD1 'associated with that CI 'in order for server 302 to allow the connection process associated with client 304 to proceed (i.e., the correct TD1 ' must be returned before steps 322 and 324 are carried out). Moreover, once TD1 ' is received and verified by server 302, steps 350 and 352 (relating to client 306) may follow whereby client 306 and server 302 are both able to generate sessions keys using derived master secret key K2. It will be understood that steps 318-324 are similar to steps 348-354, but involve client 304 rather than client 302.
  • clients 304 and 306 help server 302 recover secret messages S2 and Si, respectively, in the manner described above, preferably neither client 304 nor client 306 has learned anything about these secret values they helped to decrypt. This is because, as mentioned above and explained in greater detail further below, even when given CI and one of the private keys Pe and Pa, a client (e.g., client 304 or client 306) is not able to determine or predict the secret message that was used to obtain ciphertext (CI, C2). Moreover, knowledge of the private auxiliary key(s) Pa provided to clients 304 and 306 (the same key may be used, but this is not required) does not affect security, as private auxiliary key Pa will generally be relatively short lived.
  • decryption-oriented puzzles that are used, e.g., in the manner described above with reference to FIG. 3 adhere to each of the five characteristics of useful security puzzles described above.
  • these decryption-oriented puzzles represent at least a moderate computational task (as necessary to assure a certain slow-down) to accessing clients (e.g., clients 304 and 306).
  • clients e.g., clients 304 and 306
  • the complexity of the puzzles the generation of which is described below, can be varied in accordance with the desired level of protection (slow-down of accessing clients) and various other factors.
  • these decryption-oriented puzzles are "useful" to server 302, because the computation associated with the decryption-oriented puzzles can be used for more than rate limiting connection requests by clients (e.g., to assist server 302 in solving a secret message generated by another client).
  • server 302 by allowing server 302 to offload much (or at least some) of the cryptographic overhead required for secure cryptographic key establishment, the computational processing that would otherwise be required by server 302 can be significantly reduced.
  • server 302 is able to efficiently verify that the solutions (TDls) generated by clients for the decryption-oriented puzzles are correct, because solutions to the puzzles can be checked with much less computation than is required to generate the solutions.
  • these decryption-oriented puzzles are such that the server can still solve them if the clients do not (although this required greater computation on the part of the server), and secrets of the server are not provided to the clients in order for the clients to solve the puzzles, and, similarly, the clients are not in possession of any secrets from the end results (i.e., the solutions).
  • the generation scheme can be based on any bilinear map between two groups which a public key encryption can be based on, using pairing defined on certain elliptic curves.
  • pairings are used to construct cryptosystems.
  • one design is the three-party Diffie-Hellman (DH) key exchange that is discussed in "A one-round protocol for tripartite Diffie-Hellman," Antoine Joux, 2000, which is hereby incorporated by reference in its entirety.
  • DH Diffie-Hellman
  • Another design relates to an identity-based encryption (IBE) scheme in which the public key is a user's identity and a key-generation authority assigns the users private keys.
  • IBE identity-based encryption
  • This scheme which is discussed in “Identity-based encryption from the Weil pairing,” Boneh and Franklin, 2001, which is hereby incorporated by reference in its entirety, key-escrow is inherent, as the key-generation authority knows all the users' private keys.
  • the capability of pairing-based cryptography was previously noted in “Evidence that XTR is more secure than supersingular elliptic curve cryptosystems," Eric Verheul, 2001, which is hereby incorporated by reference in its entirety.
  • pairings can be used to generate short signatures.
  • Various other constructions have also been suggested to date.
  • TDH Tripartite Diffie-Hellman
  • DL Discrete Logarithm
  • CDH Computational Diffie-Hellman
  • DDH Decision Diffie-Hellman
  • the scheme for generating decryption-oriented puzzles is based at least in part on the difficulty of the TDH problem, which is itself an extension of the above three problems.
  • a TDH parameter generator is defined as a randomized algorithm that takes a security parameter k, and outputs the description of two groups G / and G 2 , and the description of a non-degenerate bilinear map between the two groups for which the TDH problem is hard.
  • the scheme for generating decryption-oriented puzzles makes use of a non-degenerate pairing (i.e., a bilinear map between two groups Gj and G_).
  • the DL problem should be hard in G ? so that the pairing is not easily invertible and the DL problem in Gj is not easily solved.
  • the Weil and/or the Tate pairings defined over points on an elliptic curve defined over a finite field are chosen for such bilinear maps.
  • An analysis of TDH wherein the Weil and Tate pairings are used as building blocks for cryptosystems is provided in "The Weil and Tate pairings as building blocks for public key cryptosystems," Antoine Joux, 2002, which is hereby incorporated by reference herein in its entirety.
  • Several details of the bilinear mapping used in the scheme for generating decryption-oriented puzzles in accordance with the invention are discussed in the Appendix below.
  • step 402 groups Gj and G 2 are chosen using the TDH parameter generator described above, along with a random element P e Gi and y e Z.
  • the server's permanent public key (Ke) is set to (P,yP), and the permanent private key (Pe) is set to y.
  • a cryptographic hash function H: G2 -» ⁇ 0,1 ⁇ " is also generated in this step.
  • step 404 a random element x e Z is chosen.
  • the auxiliary public key (Ka) is set to (PjcP) and the auxiliary private key (Pa) is set to as x.
  • trapdoor encryption is a one-way function (analogous to the DH computation over a finite field), as it is computable using either the random r, the private key y, or the auxiliary private key x, but is otherwise hard to compute.
  • the REACT conversion is used to convert the one-way preliminary scheme applying the TDH into a chosen-ciphertext secure scheme.
  • this system performs the steps shown in the flow chart of FIG. 5, which are now described.
  • step 502 groups Gi and G 2 are chosen using a TDH parameter generator as described above, as are a random element P e Gj and y e Z.
  • the permanent public key (Ke) is set to (p,yP) and the permanent private key (Pe) is set to y.
  • the following three cryptographic hash functions are generated: H: G 2 -» ⁇ 0,1 ⁇ "' , G: ⁇ 0,1 ⁇ "' ⁇ ⁇ 0,1 ⁇ "' , and F: ⁇ 0,1 ⁇ 4 "' ⁇ ⁇ 0,1 ⁇ "A
  • step 504 a random element x e Z is chosen.
  • the public auxiliary key (Ka) is set to (PjcP) and the private auxiliary key (Pa) is set to x.
  • step 506 the plaintext input of m e ⁇ 0,1 ⁇ "' (which can correspond to one of the "secret messages" described above in connection with FIG. 3), is encrypted.
  • a new client could be asked by the sender at this point to compute TDl . If it is determined in step 522 that u 4 is correct, then in step 514, the algorithm outputs m. Otherwise, the algorithm ends or other suitable steps are performed, as it is assumed that there is a problem with the ciphertext received by the server.
  • the scheme is a chosen-ciphertext secure public-key encryption scheme if the TDH problem is assumed to be hard (one way).
  • the clients seeing only part of the ciphertext that recovers to a random value p, will have no idea what the message is that is being decrypted by the server.
  • G 2 is chosen to be a subgroup of F * q r , where r is the security multiplier and q r - 1 is divisible by /.
  • Two different pairings can be defined over an elliptic curve, the Weil pairing and the Tate pairing. Because it is generally faster to compute, preference is generally given in accordance with the invention to the Tate pairing.
  • a low security multiplier is needed for the pairing to be efficiently computed, and r will generally always reach its optimal value in the Tate pairing, but does not always do so for the Weil pairing.
  • E the function field of the curve E
  • k(E) k(x,y)II(E)
  • the divisor group of a curve E is the free Abelian group generated by the points of E.
  • the support of D is the set of points for which n P ⁇ 0.
  • E[T] the /-torsion subgroup of E
  • E[T] ⁇ P e
  • IP O ⁇ .
  • Dp denotes a divisor from the class (P) - (O) of the quotient of group of divisors of degree 0 by the subgroup of principal divisors
  • the present system can use the Weil pairing, as well as a pairing over more general Abelian varieties. More general bilinear maps of the form m: Gox Gi -» G 2 can also be used. In this case, both the ciphertext and signature can be shortened in length by taking Go to be a subgroup of F p and Gj to be a different subgroup of F P 6 of the same order. Both the Weil and the Tate pairings can be used on the asymmetric pair Go x Gj as the map of m.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé destiné à limiter l'épuisement des ressources. Ce procédé consiste à établir une communication entre un serveur (302) et deux clients (304, 306).
PCT/US2005/006245 2004-02-25 2005-02-25 Systemes et procedes mis en oeuvre par ordinateur permettant de produire, resoudre et/ou utiliser des casse-tete de securite utiles WO2005083926A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US54750204P 2004-02-25 2004-02-25
US60/547,502 2004-02-25

Publications (1)

Publication Number Publication Date
WO2005083926A1 true WO2005083926A1 (fr) 2005-09-09

Family

ID=34910905

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2005/006245 WO2005083926A1 (fr) 2004-02-25 2005-02-25 Systemes et procedes mis en oeuvre par ordinateur permettant de produire, resoudre et/ou utiliser des casse-tete de securite utiles

Country Status (1)

Country Link
WO (1) WO2005083926A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7356696B1 (en) * 2000-08-01 2008-04-08 Lucent Technologies Inc. Proofs of work and bread pudding protocols
CN107360571A (zh) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 在移动网络中的匿名相互认证和密钥协商协议

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6192473B1 (en) * 1996-12-24 2001-02-20 Pitney Bowes Inc. System and method for mutual authentication and secure communications between a postage security device and a meter server
US20040030932A1 (en) * 2002-08-09 2004-02-12 Ari Juels Cryptographic methods and apparatus for secure authentication

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6192473B1 (en) * 1996-12-24 2001-02-20 Pitney Bowes Inc. System and method for mutual authentication and secure communications between a postage security device and a meter server
US20040030932A1 (en) * 2002-08-09 2004-02-12 Ari Juels Cryptographic methods and apparatus for secure authentication

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
AURA T. ET AL.: "DOS-resistant authentication with client puzzles.", SECURITY PROTOCOLS WORKSHOP 2000., 2000, pages 170 - 177, XP002275098 *
DEAN ET AL.: "Using client puzzles to protect TLS.", PROCEEDINGS OF THE 10TH USENIX UNIX SECURITY SYMPOSIUM., August 2001 (2001-08-01), XP002988754 *
DIAMENT ET AL.: "The dual receiver cryptosystem and its applications.", ACM CC'S 2004., October 2004 (2004-10-01), pages 330 - 343, XP002988753 *
JUELS ET AL.: "Client puzzles: A cryptographic countermeasure against", PROCEEDINGS OF THE ISOC SYMPOSIUM ON NETWORK AND DISTRIPUTED SYSTEMS SECURITY., February 1999 (1999-02-01), pages 151 - 165 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7356696B1 (en) * 2000-08-01 2008-04-08 Lucent Technologies Inc. Proofs of work and bread pudding protocols
CN107360571A (zh) * 2017-09-08 2017-11-17 哈尔滨工业大学深圳研究生院 在移动网络中的匿名相互认证和密钥协商协议
CN107360571B (zh) * 2017-09-08 2020-09-01 哈尔滨工业大学深圳研究生院 在移动网络中的匿名相互认证和密钥协商协议的方法

Similar Documents

Publication Publication Date Title
Mambo et al. Proxy cryptosystems: Delegation of the power to decrypt ciphertexts
US7590236B1 (en) Identity-based-encryption system
US8132005B2 (en) Establishment of a trusted relationship between unknown communication parties
JP5349619B2 (ja) アイデンティティベースの認証鍵共有プロトコル
Diament et al. The dual receiver cryptosystem and its applications
Li et al. Privacy-aware secure anonymous communication protocol in CPSS cloud computing
Heninger RSA, DH, and DSA in the Wild
Abdelfatah A color image authenticated encryption using conic curve and Mersenne twister
Abobeah et al. Public-key cryptography techniques evaluation
Esiner et al. Two-factor authentication for trusted third party free dispersed storage
Gowda Implementation of Elliptic Curve Cryptography over a Server-Clie| nt network
WO2005083926A1 (fr) Systemes et procedes mis en oeuvre par ordinateur permettant de produire, resoudre et/ou utiliser des casse-tete de securite utiles
Wu et al. A publicly verifiable PCAE scheme for confidential applications with proxy delegation
Chawdhury et al. Security enhancement of MD5 hashed passwords by using the unused bits of TCP header
Su et al. New proxy blind signcryption scheme for secure multiple digital messages transmission based on elliptic curve cryptography
Diament et al. The efficient dual receiver cryptosystem and its applications
Bashir et al. Cryptanalysis and improvement of an encryption scheme that uses elliptic curves over finite fields
Yeun et al. New novel approaches for securing VoIP applications
Rabah Secure implementation of message digest, authentication and digital signature
Siddhartha et al. Greatest common divisor and its applications in security: Case study
Kulkarni Study of Modern Cryptographic Algorithms.
Mitchell The (in) security of some recently proposed lightweight key distribution schemes
Rubín Bezpečnostní analýza protokolu Signal
Berg Forged fingerprints and PGP architecture
Zia et al. Cryptanalysis and improvement of an encryption scheme that uses elliptic curves over finite fields

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase