S1. About ECC… S2. Existing protocols S3. Proposed protocol S4. Implementation related issues S5. Conclusion and References

1. IMPROVED AUTHENTICATION
&
KEY AGREEMENT PROTOCOL
USING ELLIPTIC CURVE CRYPTOGRAPHY
V.R. Rajasekar
Lecturer – IT
Al Musanaa College of Technology
Sultanate of Oman
National Conference on Recent Trends in Information Technology
Ibra College of Technology
Sultanate of Oman
May 2006

2. PRESENTATION PATH
S1. About ECC…
S2. Existing protocols
S3. Proposed protocol
S4. Implementation related issues
S5. Conclusion and References

3. S1. About ECC
1. Need for cryptography
"CSI/FBI Computer Crime and Security survey – 2005"

4. • The total losses for 2005, because of Computer Crime and security
attacks were US$130 Million. (639 Respondents)

5. • 68% of respondents are using "Encryption for data in transit"
• 46% of respondents are using "Encrypted files“ as the type of
security technology used by their organizations.

6. • Cryptography plays a major role in the Security mechanism.
• Traditional Public-Key Cryptography algorithms available like
RSA, DSA, DH etc.,
• Elliptic Curve Cryptography (ECC) emerging as attractive
alternative to traditional public-key cryptosystem.
• Recently the NIST (National Institute of Standards and
Technology) approved ECC for use by the U.S government.
• Several standard organizations such as IEEE, ANSI, OMA and
IETF have ongoing efforts to include ECC as recommended
security Mechanism.

7. 2. Why ECC is an alternative for traditional PKCA?
• Offers equivalent security with smaller key sizes.
• Resulting in faster computations, Lower power consumption
as well as memory and Bandwidth savings.
• The use of 1024-bit RSA does not match the 128-bit security
level provided by ECC.
• NIST, "Special Publication 800-57: Recommendation for key
management, Part I: General Guideline", Draft Jan 2003.
says ECC is the best suitable system to transport or
exchange keys for symmetric-key ciphers.

8. • Every public-key cryptosystem have a hard mathematical problem
that is computationally difficult.
• The relative difficulty of solving that problem determines the
security strength of the corresponding system.
Public-Key System Example
Method of Solving the
problem / Attack
Integer factorization RSA, Rabin-Williams Sub-Exponential
Discrete logarithm
Diffie-Hellman (DH), DSA,
ElGamal
Sub-Exponential
Elliptic Curve Discrete
Logarithm
ECDH, ECDSA Fully exponential
• ECC requires exponential time to attack, for this reason; ECC
can offer equivalent security with substantially smaller key sizes.

9. S2. Existing protocols
For Key agreement
• Diffie-Hellman Key exchange
• Elliptic Curve Diffie-Hellman (ECDH)
For Authentication
• Elliptic Curve Digital Signature algorithm.
(ECDSA)

10. 1. Diffie-Hellman Key exchange.
• Number of commercial products available
• To enable user to exchange a key securely
• Subsequently used to encrypt messages
• Only for key exchange

11. Drawbacks of DH.
1. Brute-force attack possible by knowing
Prime number (q), primitive root ( α),
Public key of A and B, the secret key K can
be computed.
2. Reply attacks – An attack in which a
service already authorized and completed is
forged by another duplicated request in an
attempt to repeat authorized commands.

12. 2) Elliptic curve Diffie-Hellman (ECDH)
• This protocol establishes a shared key between two
parties.
• DH is based on the multiplicative group modulo p.
• ECDH is based on the additive elliptic curve group.
Elliptic Curve Diffie-Hellmann

13. Drawbacks of ECDH
1. Possibility for Brute-force attack will be reduced but
we cannot say it is fully removed.
2. Reply attacks – An attack in which a service already
authorized and completed is forged by another
duplicated request in an attempt to repeat authorized
commands.
3. The Public key of both the User and Server is not
protected.
4. For every transaction both the server and user should
be initiated repeatedly

14. 3. Elliptic Curve Digital Signature Algorithm ( ECDSA)
This protocol consists of three parts.
• ECDSA Key generation
• ECDSA Signature generation
• ECDSA Signature verification
1. Key generation - Used to generate the Public and Private key of
the users.
2. Signature generation - Used by the user to generate the
signature for the message using Secure Hash algorithm.
3. Signature verification - Used by the User B to verify A’s
Signature and Accepts/Rejects the message and vice versa.

15. Drawbacks of ECDSA.
1. Only for Authentication.
2. Key agreement should be done separately before
authentication.
3. For every transaction both the Key agreement process
and Authentication should be repeated.
4. Suitable only for a Home network.

16. Consolidating the drawbacks of existing protocols.
• Brute-force attack
• Reply attacks
• The Public key of both the User and Server is not
protected.
• Key agreement and authentication should be
done separately.
• For every transaction both the Key agreement &
Authentication process should be repeated.
• Suitable only for a Home network.

17. S3. Proposed protocol

18. Mutual Authentication and key agreement protocol
Need to be executed in real-time.
Immediate key exchange – Whenever service is needed by User or Server.
Send Public Key
Receive Public Key of Server
Generate Mutually agreed Secret Key
Send Public Key
Receive Public Key of User
Generate Mutually agreed Secret Key
USER SERVER
Generate certificate
{Secret Key, Exp Date, Random Number}
Compress [E [Certificate, Secret Key]]
Send to User
Decompress, Decrypt ->
Certificate, Random Number
Checks the validity of the Certificate
[Continue/Abort]

19. Generate certificate
{Secret Key, Exp Date, Random Number}
Compress [E [Certificate, Secret Key]]
Send to Server
Decompress, Decrypt ->
Certificate, Random Number
Checks the validity of the Certificate
[Continue/Abort]
Verification procedure has been completed by both the sides
User and Server are ready for their communication
Generate the unique Secret Key
using the Mutually agreed key.
Generate the unique Secret Key
using the Mutually agreed key.
For generating the Unique Secret Key – No need to repeat the entire process.
Both Server and User can perform Scalar addition on the random number know to them.
This key can be used for encrypting the data sent through the channel.
For every Communication the Unique Secret Key will be changed.
Encrypt message using Unique Secret Key
Send to Server
Encrypt message using Unique Secret Key
Send to User

20. S4. Implementation related issues.
• ECC was applied over the finite filed GF(2k
).
• GF(2k
) – Galois field, where k is a composite
number.
• ECC operations like addition, multiplication,
inversion and point doubling operations were
carried over the filed GF(2176
).
• Programs were written in C++ and executed on
the PC with 548 MHz, Pentium II Processor.

21. Result Comparison with [*].
[*] M. Aydos, E. Savas and C.K. Koc, "Implementing Network Security Protocols based
of Elliptic Curve Cryptography", Proceedings of the fourth symposium on computer
networks, Pages 130 – 139, Istanbul, Turkey, May 20 – 21, 1999.
Operation Proposed-Timings Timings given in [*]
EC Addition 80µsec 80 µsec
EC Doubling 80 µsec 80 µsec
EC Multip. 25 msec 25 msec
Protocols Storage
Proposed 1120 bits
Protocol Proposed in [*] 1440 bits

22. S5. Conclusion & References
5.1 Conclusion
1. MA-KA Protocol is an improved in performance.
2. Provides all the security services.
3. More effective than existing protocols.
4. Still having some drawbacks – which will be solved in near
future.

23. 5.2 References.
[1] V. Miller, "Uses of elliptic curves in cryptography", Crypto 1985, LNCS218: Advances
in Cryptology, Springer-Verlag, 1986.
[2] N.Koblitz, "Elliptic curve cryptosystems", Mathematics of Computation, 48:203-209,
1987.
[3] U.S. Dept of Commerce/NIST, "Digital Signature Standard (DSS)", FIPS PUB 186-2,
Jan. 2000.
[4] A. Lenstra and E. Verheul, "Selecting Cryptographic Key Sizes", Journal to Cryptology
14 (2001) pp. 255 – 293, Http:/www.cryptosavvy.com/.
[5] NIST, "Special Publication 800-57: Recommendation for Key Management. Part 1:
General Guideline", Draft Jan.2003.
[6] A. Shamir and E. Tromer, "Factoring Large Numbers with the TWIRL Device", Crypto
2003, LNCS 2729, Springer-Verlag, Aug.2003.
[7] B. Kaliski, "TWIRL and RSA Key size", RSA Laboratories Technical Note, May 2003.
http://rsasecurity.com/rsalabs/technotes/twirl.html.

24. [8] N. Smart, "How secure are elliptic curves over composite extension fields?",
EUROCRYPT 2001, LNCS 2045 Springer-Verlag, pp. 30- 39, 2001.
[9] Certicom Research, "SEC 2: Recommended Elliptic Curve Domain Parameters",
Standards for efficient Cryptography, Version 1.0, Sep. 2000.
[10] IEEE P 1363. Standard Specifications for Public-Key Cryptography. Draft version 7,
September 1998.
[11] M. Aydos, B. Sunar and C.K. Koc, "An Elliptic Curve Cryptography based
Authentication and Key agreement Protocol for wireless communication", 2nd
International workshop on Discrete Algorithms and Methods for Mobile Computing and
Communications, Dallas, Texas, October, 30, 1998.
[12] M. Aydos, E. Savas and C.K. Koc, "Implementing Network Security Protocols based of
Elliptic Curve Cryptography", Proceedings of the fourth symposium on computer
networks, Pages 130 – 139, Istanbul, Turkey, May 20 – 21, 1999.
[13] E. De Win. A. Bosselars, S. Vandenberghe P. De Gersem and J. Vandewalle. A fast
software implementation for arithmetic operations in GF (2n). In K. Kim and T.
Matsumoto, editors, Advances in Cryptology – ASIACRYPT 96, Lecture notes in
computer Science, N0. 1163, Pages 65 – 76. New York, NY: Springer – Verlag, 1996.