Authenticated Trusted Server Controlled Key Establishment

The trusted server based key establishment protocols are well received by the research community. In this thesis we have discussed the benefits of asymmetric key based authentication scheme mediated by a trusted server which is known to all the users in a system. We have proposed a new trusted server based key establishment protocol (and named it AK-protocol) that makes use of well known certificate based authentication scheme (or ID based scheme when medium level of security is required), and the session key generation requires equal contribution of the trusted server and the participating clients. That is, the generation of ephemeral keys exclusively lies with the trusted server and the generation of a session key is completed only after clients have exchanged their ephemeral keys. We have analysed the AK-protocol for various properties, e.g., Perfect Forward Secrecy, Known Session-Key Security, Unknown Key Share Resilience, Key Control, Key Freshness, Key Compromise, Bandwidth Required, Scalability, Key Distribution, Central Directory Service, Non-Repudiation, Key Escrow, Desired properties from Three Party Authenticated Key Establishment (3PAKE) protocols and the Message Flow of the AK-protocol. We have also scrutinized the resilience of the AK-protocol when under different attack situations like Replay, Impersonation, DDoS attacks, including a specific situation where an attacker can craft protocol messages to mislead the clients. We have computed its Bit Complexity and evaluated the efforts required to carry out its Cryptanalysis. We have illustrated its practicability in different arenas. We executed a proof-of-concept implementation of the AK-protocol using Java on TCP, which showed us comparable results with SSL when the trusted server and v the participating clients were in the same network. We substantiated that it can be integrated with the existing 3-D Secure Protocol of Visa and MasterCard for online payment systems which when applied offers more reliable communication, cryptographically. We have also corroborated that the AK-protocol can be implemented with mobile payment systems with worked out examples of cryptographic mathematics involved in the protocol. Additionally, we have also suggested the use of AK-protocol in securing real-time mobile communications where the session key is generated using our protocol and a stream cipher algorithm, RC4 is used for encryption/decryption. We present three examples that illustrate the data flow, cryptographic mathematics involved in the AK-protocol