A Fully Resilient, Identity-based, Efficient, Non-interactive and Decentralized Key Exchange Protocol (FRIEND-KEP)

Abstract

A non-interactive key exchange (NIKE) allows two parties to compute a unique shared key without any interaction. Since the innovative work of Diffie and Hellman [10], NIKE has become one of the fundamental problems of modern cryptography. Identity-based NIKE (ID-NIKE) is a fundamental primitive of Identity Based Cryptography. It allows a party to compute a shared key using its own secret key and the other party’s identity. In the recent past, where identity-based encryption and signature have been thoroughly explored, ID-NIKE didn’t get enough attention. At the moment, we have only a few ID-NIKE protocols available (with no fully secure Hierarchical-ID-NIKE (H-ID-NIKE) protocol) in the literature.

Mobile Ad-hoc Networks (MANETs) are decentralized networks of mobile devices with limited resources in terms of storage, power, computation, communication, etc. They encounter some serious security issues due to their high mobility and hierarchical structure. H-ID-NIKE can be used to establish shared secret keys in MANETs using minimal resources. Secure H-ID-NIKE protocols are highly appreciated for security-sensitive applications in MANETs such as in military or tactical networks.

In particular, key exchange protocols with the four functional properties (as posed by Gennaro et al. in [16]) are considered well-suited for the MANET environment i.e., the protocol should be non-interactive, identity-based, hierarchical and fully resilient against arbitrary number of node compromises at any level. However, the proposed solution for this problem in [16] does not really satisfy all four properties. Their protocol is neither fully resilient nor allows a secure key exchange at any non-leaf level. Later in 2017, Tiwari proposed another H-ID-NIKE construction (named BIOS-SOK) [27] as a possible solution for this problem. BIOS-SOK is a non-interactive, identity-based and hierarchical key exchange protocol which allows multi-level shared key computations. However, it is shown secure under a restricted security model and is not fully resilient in practical scenarios. There are few more constructions available in the literature ([24, 11, 5, 23, 20, 25]) which contain three of these four properties. However, there is no fully secure and practical key exchange protocol with all four properties.

In this thesis, we have proposed a key exchange protocol (named α-BSOK) as a possible solution for this open problem. α-BSOK is non-interactive, identity-based, hierarchical, efficient and fully resilient against arbitrary number of node corruptions. α-BSOK is based on the idea of BIOS-SOK hybrid[27]. It is a hybrid of two non-hierarchical protocols BIOS[20] and SOK[25]. Both of these protocols are non-interactive, identity-based and fully resilient. In our work, we have made a hybrid of these protocols which is hierarchical in nature. We have provided a rigorous security analysis for α-BSOK in a stronger security model (compared to [12, 27, 16]). We have discussed two variants of the α-BSOK protocol (named as β-BSOK and β-BSOK-KWT) that slightly traded efficiency for better security. We have also done an implementation and simulation data analysis of α-BSOK with other existing protocols to compare its efficiency.