Secure Session Framework: An Identity-based Cryptographic Key Agreement and Signature Protocol

Cryptographic protocols are used to encrypt data during their transmission over a network or to store it on a data carrier. This thesis is about the method of identity-based encryption. In this form of encryption, the name or identity of the target subject is used to encrypt the data. This property makes it a perfect tool for modern electronic communication, because all involved identities and endpoint addresses (e.g. IP addresses) have to be unique worldwide and must be known in order to establish a communication. The identity-based key agreement protocol that has been invented in this thesis has several advantages compared to existing schemes. One important property is its complete independence of key generators. This independence allows each participating security domain to set up and maintain its own key generator. They are not forced to agree on a common setup or a common secret anymore. Due to the properties of the protocol, the security domains are still compatible to each other. Users from one security domain can communicate with users from another security domain using encryption. This new property of independence is also carried over to a signature protocol. It allows users from different security domains to sign a certain object. Additionally, the act of signing is independent and the signers do not need to communicate with each other. Apart from the protocol and its security proofs with respect to standard definitions from the literature, the thesis contains an analysis of existing schemes. Attacks on known protocols and assumptions are presented, and it is shown under which circumstances these become insecure. On the one hand, a completely new approach that is based on defined or rather undefined objects in discrete structures is used. On the other hand, the method of lattice based reduction is successfully applied to the new area of secret sharing schemes. Finally, application scenarios for the protocol are presented. These scenarios are chosen such that the advantages of the protocol become apparent. Cryptographic protocols are used to encrypt data during their transmission over a network or to store it on a data carrier. This thesis is about the method of identity-based encryption. In this form of encryption, the name or identity of the target subject is used to encrypt the data. This property makes it a perfect tool for modern electronic communication, because all involved identities and endpoint addresses (e.g. IP addresses) have to be unique worldwide and must be known in order to establish a communication. The identity-based key agreement protocol that has been invented in this thesis has several advantages compared to existing schemes. One important property is its complete independence of key generators. This independence allows each participating security domain to set up and maintain its own key generator. They are not forced to agree on a common setup or a common secret anymore. Due to the properties of the protocol, the security domains are still compatible to each other. Users from one security domain can communicate with users from another security domain using encryption. This new property of independence is also carried over to a signature protocol. It allows users from different security domains to sign a certain object. Additionally, the act of signing is independent and the signers do not need to communicate with each other. Apart from the protocol and its security proofs with respect to standard definitions from the literature, the thesis contains an analysis of existing schemes. Attacks on known protocols and assumptions are presented, and it is shown under which circumstances these become insecure. On the one hand, a completely new approach that is based on defined or rather undefined objects in discrete structures is used. On the other hand, the method of lattice based reduction is successfully applied to the new area of secret sharing schemes. Finally, application scenarios for the protocol are presented. These scenarios are chosen such that the advantages of the protocol become apparent. The first application is telephony, GSM as well as Voice over IP (VoIP). In this case, the telephone number of the callee is used as the encryption key. Implementations on a modern mobile phone as well as within existing Voice over IP software are presented. The second application is IP networks. Here, the IP address of a communication unit is used as the encryption key. However, in this case, there are more problems than in the GSM/VoIP case, e.g., dynamic IP addresses or network address translation (NAT) where an IP address is substituted by another one. These are only two problems out of several for which solutions are presented.