CONFIDENTIALITY BASED ON THREE PARTY QUANTUM KEY DISTRIBUTION PROTOCOL

shoulderslyricalΤεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 4 χρόνια και 1 μήνα)

97 εμφανίσεις


4

CONFIDENTIALITY BASED ON THREE PARTY QUANTUM KEY
DISTRIBUTION PROTOCOL
USING
ENTANGLEMENT SWAPPING


Mr.

J.VEL MURUGAN
a



Mr.

M
.
S
.
DU
R
AI RAJAN

b


Dr.

G.MURUGABOOPATHI
c





a. Asst.Prof. Department

o
f

I
nformation

Tec
h
no
l
o
g
y,

VelTech HighTech Engineeri
ng College



Chennai


b.
Asst.Prof. Department

o
f

I
nformation

Tec
h
no
l
o
g
y
,

VelTech

HighTech Engineering College



Chennai


c.

Head of Research & Development,
VelTech

MultiTech Engineering College



Chennai


Abstract


This work presents
Q
uantum
K
ey
D
istrib
ution
P
rotocols (QKDPs) to safeguard security in large
networks, ushering in new directions in classical
cryptography and quantum cryptography. Two three
-
party QKDPs, one with implicit user authentication
and the other with explicit mutual authentication,
are
proposed to demonstrate the merits of the new
combination, which include the following:

1)
Security

against such attacks as man
-
in
-
the
-
middle, eavesdropping and replay,

2)
Efficiency

is improved as the proposed protocols
contain the fewest number of c
ommunication rounds
among existing QKDPs, and

3)
Two

parties can share and use a long
-
term secret
(repeatedly). To prove the security of the proposed
schemes, this work also presents a new primitive
called the Unbiased
-
Chosen

Basis (UCB)
assumption.


Quan
tum
K
ey
D
istribution

(QKD) is a method of
securely distributing cryptographic key material for
subsequent cryptographic use. In particular, it is the
sharing of random classical bit strings using quantum
states. Its use of a set of non
-
orthogonal quantum
s
tates then requires this key material to be considered
quantum

information. The quantum encoding of
cryptographic keys for distribution is valuable
because the no
-
cloning theorem and the superposition
principle governing quantum states confer a uniquely
po
werful form of information security during
transmission of key bits. For maximal security, it can
be followed by one
-
time pad message encryption,
which is the only cryptographic method that has been
proven to be unbreakable once a random key has
been secur
ely shared.


Quantum key distribution

the creation of secret
keys from quantum mechanical
correlations

is an
example of how physical methods can be used to
solve problems in classical information theory.





Quantum
C
ryptography, or
Q
uantum
K
ey
D
istributi
on (QKD), uses quantum mechanics to
guarantee secure communication. It enables two

parties to produce a shared random bit string known
only to them, which can be used as a key to encrypt
and decrypt messages.



An important and unique property of quantum
cryptography is the ability of the two communicating
users to detect the presence of any third party trying
to gain knowledge of the key. This result from a
fundamental part of quantum mechanics: the process
of measuring a quantum system in general disturb
s
the system. A third party trying to eavesdrop on the
key must in some way measure it, thus introducing
detectable anomalies. By using quantum
superpositions or quantum entanglement and
transmitting information in quantum states, a
communication system ca
n be implemented which
detects eavesdropping. If the level of eavesdropping
is below a certain threshold a key can be produced
which is guaranteed as secure (i.e. the eavesdropper
has no information about), otherwise no secure key is
possible and communica
tion is aborted.

The security of quantum cryptography relies on the
foundations of quantum mechanics, in contrast to
traditional public key cryptography which relies on
the computational difficulty of certain mathematical
functions, and cannot provide any
indication of
eavesdropping or guarantee of key security.


Quantum cryptography is only used to produce and
distribute a key, not to transmit any message data.
This key can then be used with any chosen
encryption algorithm to encrypt (and decrypt) a
messag
e, which can then be transmitted over a
standard communication channel. The algorithm
most commonly associated with QKD is the one
-
time
pad, as it is provably unbreakable when used with a
secret, random key.




5

Chapter
-

1

Introduction


In quantum cryptogra
phy, Quantum Key Distribution
Protocols (QKDPs) employ quantum mechanisms to
distribute session keys and public discussions to
check for eavesdroppers and verify the correctness of
a session key. However, public discussions require
additional communication

rounds between a sender
and receiver and cost precious qubits. By contrast,
classical cryptography provides convenient
techniques that enable efficient key verification and
user authentication.


KEY distribution protocols are used to facilitate
sharing se
cret session keys between users on
communication networks. By using these shared
session keys, secure communication is possible on
insecure public networks. However, various security
problems exist in poorly designed key distribution
protocols; for example
, a malicious attacker may
derive the session key from the key distribution
process. A legitimate participant cannot ensure that
the received session key is correct or fresh and a
legitimate participant cannot confirm the identity of
the other participant.

Designing secure key
distribution protocols in communication security is a
top priority.


1.1

Existing System


In classical Cryptography
Challenge
-
Response
Authentication Mechanism (CRAM) was used. In
Challenge
-
Response Authentication Mechanism

is
the two
-
lev
el (basic authentication and digest
authentication) scheme for authenticating network
users that is used as part of the Web's Hypertext
Transfer Protocol (HTTP).

1.1.1 Basic Authentication Scheme


The "basic" authentication scheme is based on the
model tha
t the client must authenticate itself with a
user
-
ID and a password for each realm. The realm
value should be considered an opaque string which
can only be compared for equality with other realms
on that server. The server will service the request
o
nly if it can validate the user
-
ID and password for
the protection space of the Request
-
URI. There are
no optional authentication parameters.






Disadvantages of Basic Scheme




Web Browser or other client Program
provides credentials in the form of
username
and Password.



Although the scheme is easily implemented,
it relies on the assumption that the
connection between the client and server
computers is secure and can be trusted



The credentials are passed as plaintext and
could be intercepted easily.
The scheme also
provides no protection for the information
passed back from the server.


1.1.2 Digest Authentication Scheme


HTTP Digest access authentication is one of the
agreed methods a web page can use to negotiate
credentials with a web user (using t
he HTTP
protocol). Digest authentication is intended to
obsolete unencrypted use of the Basic access
authentication, allowing user identity to be
established securely without having to send a
password in plaintext over the network. Digest
authentication is

basically an application of
cryptographic hashing with usage of nonce values to
prevent cryptanalysis.


Disadvantages of Digest Scheme


Digest access authentication is intended as a security
trade
-
off; it is intended to replace unencrypted HTTP
Basic acce
ss authentication which is extremely weak.
However it is not intended to replace strong
authentication protocols, such as Public key or
Kerberos (protocol) authentication.


Security wise, there are few drawbacks with Digest
access authentication.




Much of
the security options are optional. If
quality
-
of
-
protection (qop) is not specified
by server, the client will operate in a
security reduced legacy mode.



Digest access authentication is vulnerable to
Man
-
in
-
the
-
middle attack; a Man
-
in
-
the
-
middle attack (Mi
tM) attacker could tell
clients to use Basic access authentication or
legacy Digest access authentication mode.



Internet Explorer does not comply with the
digest access authentication standard.






6

1.1.3 Timestamps


A timestamp is a sequence of characters,

denoting the
date and/or time at which a certain event occurred.
This data is usually presented in a consistent format,
allowing for easy comparison of two different records
and tracking progress over time; the practice of
recording timestamps in a consis
tent manner along
with the actual data is called time stamping.


Internet Control Message Protocol (ICMP) is a
maintenance protocol that allows routers and host
computers to swap basic control information when
data is sent from one computer to another. It
is
generally considered a part of the IP layer. It allows
the computers on a network to share error and status
information. An ICMP message, which is
encapsulated within an IP datagram, is very useful to
troubleshoot the network connectivity and can be
rou
ted throughout the Internet.


In Timestamp Ping Operation t
he source workstation
sends an ICMP Get Timestamp message and waits
for an ICMP Send Timestamp response.










Disadvantages of the ICMP Timestamp Ping


Although the ICMP timestamp ping uses li
ttle
network traffic, the timestamp message is not usually
found in normal network conversations. The function
itself is esoteric, and although it can provide a time
synchronization function for a workstation, most
environments rely on Network Time Protoco
l (NTP)
to provide clock synchronization.


The ICMP timestamp ping relies on ICMP, which is
often prevented from traversing firewalls or packet
filters. This ping is probably not the best choice for
scanning through firewalls.











1.2 Proposed System


In the proposed QKDPs, the
TC
and a participant
synchronize their polarization bases according to a
preshared secret key. During the session key
distribution, the preshared secret key together with a
random string are used to produce another key
encrypti
on key to encipher the session key.

A recipient will not receive the same polarization
qubits even if an identical session key is
retransmitted.


1.2.1 Methodology Used


Quantum cryptography, or quantum key distribution
(QKD), uses quantum me
chanics to guarantee secure
communication. It enables two parties to produce a
shared random bit string known only to them, which
can be used as a key to encrypt and decrypt
messages.


An important and unique property of quantum
cryptography is the ability

of the two communicating
users to detect the presence of any third party trying
to gain knowledge of the key. These results from a
fundamental part of quantum mechanics: the process
of measuring a quantum system in general disturbs
the system. A third par
ty trying to eavesdrop on the
key must in some way measure it, thus introducing
detectable anomalies. By using quantum
superposition or quantum entanglement and
transmitting information in quantum states, a
communication system can be implemented which
det
ects eavesdropping. If the level of eavesdropping
is below a certain threshold a key can be produced
which is guaranteed as secure (i.e. the eavesdropper
has no information about), otherwise no secure key is
possible and communication is aborted.


The secu
rity of quantum cryptography relies on the
foundations of quantum mechanics, in contrast to
traditional public key cryptography which relies on
the computational difficulty of certain mathematical
functions, and cannot provide any indication of
eavesdroppi
ng or guarantee of key security.


Quantum cryptography is only used to produce and
distribute a key, not to transmit any message data.
This key can then be used with any chosen
encryption algorithm to encrypt (and decrypt) a
message, which can then be tran
smitted over a
standard communication channel. The algorithm
most commonly associated with QKD is the one
-
time
pad, as it is provably unbreakable when used with a
secret, random key.




7

1.2.2 Working Principle of Quantum Bit


Quantum cryptographic devices t
ypically employ
individual photons of light and take advantage of
either the Heisenberg uncertainty principle or
quantum entanglement.


Uncertainty: Unlike in classical physics, the act of
measurement is an integral part of quantum
mechanics. So it is poss
ible to encode information
into quantum properties of a photon in such a way
that any effort to monitor them disturbs them in some
detectable way. The effect arises because in quantum
theory, certain pairs of physical properties are
complementary in the se
nse that measuring one
property necessarily disturbs the other. This
statement


is


known


as

the

Heisenberg


uncertainty

principle. The two complementary properties that are

often used in quantum cryptography, are tw
o types of
photon’s polarization, e.g. rectilinear (vertical and
horizontal) and diagonal (at 45° and 135°).


Entanglement: It is a state of two or more quantum
particles, e.g. photons, in which many of their
physical properties are strongly correlated. Th
e
entangled particles cannot be described by specifying
the states of individual particles and they may
together share information in a form which cannot be
accessed in any experiment performed on either of
the particles alone. This happens no matter how f
ar
apart the particles may be at the time.







1.2.3. Approaches


By using
uncertainty and entanglement two different
types of quantum cryptographic protocols are
applicable.


1.

Uncertainty principle type uses the polarization
of photons to encode the bits

of information and
relies on quantum randomness to keep Eve from
learning the secret key.

2.

Entanglement type uses entangled photon states
to encode the bits and relies on the fact that the
information defining the key only "comes into
being" after measure
ments performed by Alice
and Bob.

1.2.4. Case Study of Proposed System

The first step is quantum transmission. Alice creates
a random bit (0 or 1) and then randomly selects one
of her two bases (rectilinear or diagonal in this case)
to transmit it in. She

then prepares a photon
polarization state depending both on the bit value and
basis, as shown in the table below. So for example a
0 is encoded in the rectilinear basis (+) as a vertical
polarization state, and a 1 is encoded in the diagonal
basis (x) as
a 135° state. Alice then transmits a single
photon in the state specified to Bob, using the
quantum channel. This process is then repeated from
the random bit stage, with Alice recording the state,
basis and time of each photon sent.


Basis

0

1

+





X






†††
Table 1.1


1.2.5. Eavesdrops Identification




Table 1.2


In this sample Alice and Bob are the two users. Alice
tries to start the communication and at that time Bob
acts as a listener.


To check for the presence of eavesdropping Alice
and Bo
b now compare a certain subset of their
remaining bit strings. If a third party has gained any
information about the photons polarization it will
have introduced errors in Bob’s measurements. If
more than p bits differ they abort the key and try
again, pos
sibly with a different quantum channel, as
the security of the key cannot be guaranteed. p is
chosen so that if the number of bits known to Eve is
less than this, privacy amplification can be used to
reduce Eve's knowledge of the key to an arbitrarily
smal
l amount, by reducing the length of the key.

Alice's
random bit

0

1

1

0

1

0

0

1

Alice's
random
sending basis

+

+

X

+

X

X

X

+

Photon
polarization
Alice sends



















Bob's r慮dom
m敡sur楮g
b慳楳

+

X

X

X

+

X

+

+

Pho瑯n
po污l楺慴楯n
Bob m敡sur敳




















P啂LIC
䑉千啓卉S丠
但⁂A卉S


卨慲敤 s散r整e
key

0


1



0


1


8


Conclusion


This study proposed two three
-
party QKDPs to
demonstrate the advantages of combining classical
cryptography with quantum cryptography. Compared
with classical three
-
party key distribution protocols,

the proposed QKDPs easily resist replay and passive
attacks. Compared with other QKDPs, the proposed
schemes efficiently achieve key verification and user
authentication and preserve a longterm secret key
between the TC and each user. Additionally, the
pr
oposed QKDPs have fewer communication rounds
than other protocols. Although the requirement of the
quantum channel can be costly in practice, it may not
be costly in the future. Moreover, the proposed
QKDPs have been shown secure under the random
oracle mo
del. By combining the advantages of
classical cryptography with quantum cryptography,
this work presents a new direction in designing
QKDPs.










References


[1]

G. Li, “Efficient Network Authentication

Protocols: Lower Bounds and Optimal

I
mplementations,” Distributed
Computing,

vol. 9, no. 3, pp. 131
-
145, 1995.


[2]
A. Kehne, J. Schonwalder, and H. Langendorfer,
“A Nonce
-
Based Protocol for Multiple
Authentications,” ACM Operating Systems Rev.,
vol. 26, no. 4, pp. 84
-
89, 1992.

[3]
M
. Bellare and P. Rogaway, “Provably Secure
Session Key Distribution: The Three Party
Case,” Proc. 27th ACM Symp. Theory of
Computing, pp. 57
-
66, 1995.


[4]
J. Nam, S. Cho, S. Kim, and D. Won, “Simple
and Efficient Group Key Agreement Based on
Factoring,”
Proc. Int’l Conf. Computational
Science and Its Applications (ICCSA ’04), pp.
645
-
654, 2004.


[5]
H.A. Wen, T.F. Lee, and T. Hwang, “A Provably
Secure

Three
-

Party Password
-
Based
Authenticated Key Exchange Protocol Using
Weil Pairing,” IEE Proc. Comm., vo
l. 152, no. 2,
pp. 138
-
143, 2005
.