Proposed Protocol Clause Examples

Proposed Protocol. This section describes that initially how n numbers of members agreed up on a common session key under ini- tialization operation followed by the the join and leave procedures. of Algorithm 2 started from Ki+1 which is equivalent to the following calculations: U = U1, U2, , Un be the set of mobile nodes. Secondly, each group at beginning must know the identity of Ki+1 R = X others group members by some sort of other mechanism. Thirdly the protocol assumes a trusted server which is responsible for private key generation for the users, called key generation centre (KGC) in the system. The subscript notation for the participants are must be considers in logical ring fashion e.g. Un+1 = U1 and U0 = Un in entire paper.

Proposed Protocol. “Mobile Ad-Hoc Agreement Protocol” (MAHAP) collect the messages, the decision-making phase is used to compute a common agreement value for The message-exchange phase is used to The BA protocol involves making each fault-free node agree on a common value transmitted by the source node. Therefore, there are three phases in the MAHAP: message-exchange phase, decision-making phase and extension-agreement phase. the BA problem and the extension-agreement phase is used to allow return nodes to compute a common agreement value that is the same as that of other fault-free nodes’ agreement value. In addition, the number of rounds required for executing MAHAP is t+1 (t≤⎣(n-1)/3⎦). The MAHAP protocol can tolerate fm malicious faulty nodes, and fa away nodes, where n>3fm+fa.

Proposed Protocol. ‌ The basic architecture of proposed DRM system is similar to Xxx et al. [10] system. Here, the content provider handles the content packing (encryption) work. Once the content encryption is over, it provides the content key with usage rules to the license server and protected content with content information to the distributor. License server authenticates the user, receives the payment, and generates the license. While, Distributor works as a service provider and facilitates the protected content distribution in the system. Parties involved in our DRM model are: – Private key generator (PKG) – Content provider (C) – Distributor (D) – License server (L) – DRM User (U ) Content provider keeps the original unprotected digital contents and provides these contents for business use after their encryption. If it has r contents, namely, M1, M2,..., Mr with their unique identity idM1 , idM2 ,..., idMr . Then, he gener- ates r symmetric keys K1, K2, K3,... , Kr and encrypts each content with an unique symmetric key and gets Esym(Mi|Ki), i = 1, 2, 3,..., r. Content provider provides content decryption keys (key seeds) with usage rules and permissions to the license server through a secure channel. Distributor achieves encrypted contents Esym(Mi Ki), for all i = 1, 2, 3,..., r with con- tent information from the Packager. Distributors keep protected contents over the media server and display content details over the website. To communicate securely in the system, entities achieve their secret partial keys with the help of packager and generates their public and private keys. In this process system usages five algorithms: Setup, Partial private key extract, Set secret value, Set private key and Set public key. Description of key generation process is as follows: Setup: Private key generator (PKG) chooses an arbitrary generator P ∈ G1, selects a master key mk ∈ Zq∗ and sets PK = mkP . It chooses hash functions H1 : {0, 1}∗ → G1∗ , H2 : {0, 1}k × {0, 1}∗ × {0, 1}∗ → {0, 1}n, and H : {0, 1}∗ × {0, 1}∗ × G1 × G1 × G2 → {0, 1}k. Then, PKG publishes system parameters X0, X0, x(., .), x, X, XX, X0, X0,X and Keep master key mk secret. Partial Private key extraction: License server (L) and user U submit their public identities IDL and IDU to the PKG. Then, PKG verifies the proof of identities. If verification succeeds, then generates the partial private keys in the following way: – Compute QL = H1(IDL) andQU = H1(IDU ) G∗1 . – By using its master key mk, PKG generates the par...

Proposed Protocol. Based on the need for key generation at reduced energy consumption with low computing and communication costs, we have proposed a protocol that satisfies the NIST framework for cryptographic key management. where each αi is randomly chosen and belongs to the set. Sequences of random values are generated by both the transmitter and the receiver nodes and are exchanged. If the generated random values are matched, corresponding bits from MSK are extracted and concatenated to form SRK. The key that is shared between the transmitter and receiver nodes if random can further be used for secured transmission of data. The SRK is encrypted using the random key generated by PUF and its randomness is tested using NIST tests for randomness. The transmitter can be either SNs or CHs and the receiver can be either CHs or BSs. SRK is generated once from MSK. This process helps in minimizing energy consumption during key generation. SRK remains the shared secret since it gets generated implicitly. Since our proposed protocol is designed for WSN which needs low energy consumption, SRK can itself be used as the key for encrypting the data transmitted and decrypting the data received. Transmitted packets are encrypted and decrypted with SRK using the bitXOR operation. MSK is encrypted with PK using bitXOR and sent to the receiver node. It gets decrypted with the PK of the transmitter node at the receiver using bitXOR operation. PK is piggybacked in the WSN frame packet. The receiver takes the PK from the WSN frame packet and decrypts it. CH generates MSK using GR and transmits it to the SN, after which both SNs and CH generate SRK. Generated SRK is encrypted using PUF and stored in both SN and CH. MSK gets regenerated when the CH changes. • Assumptions 1. CHs are powerful enough to generate MSKs, generate RSs, and receive RSs from all nodes. 2. Each node is equipped with a PUF. The energy (E) is calculated using, MSK gets generated using (GR(p,n,r)), where p,n,r are computed from WSN parameters as follows: • p is the number of ones in the PK. 𝐸 = 𝑉 ∗ 𝐼 ∗ 𝑇 (3) where, • V denotes voltage. • I denote current. In our experiment, we have taken V as 3 volts and I as 19.7mA to calculate the energy consumed in joules. The flow of operations in our proposed protocol for WSN is illustrated in Figure 1. In this protocol, GR is used for the formation of MSK and the generation of SRK by taking the parameters of SNs as input. The processes involved in the confidential data transmission...

Proposed Protocol. “Mobile Ad-Hoc Fault Diagnosis Agreement Protocol” (MAHFDA) The FDA protocol is used to detect/locate the faulty components in the network. The proposed MAHFDA is an evidence-based FDA protocol which is used to solve the FDA problem in the MANET. MAHFDA uses the evidence gathered from the BA protocol MAHAP. order to ensure that the fault diagnosis result from each fault-free node is the same, each fault-free The message-collection phase is used to collect ic-trees of all nodes. In There are three phases in the MAHFDA: message-collection phase, fault-diagnosis phase and re-configuration phase. node should collect the same evidence. Thus, MAHFDA collects ic-trees of all nodes by using

Proposed Protocol. In this subsection, we describe the steps involved in detail. i. A chooses a random number ra and generates R = g ra (mod p) then encrypts RA with H (PA ) . After calculating the values sends it to server along with IDs of participating entities. A → S XXX , IDB , H (PA )[RA ] ii. After receiving the values sent by A, server S decrypts the packet to get RA by previously distributed one way hash of password of A. server randomly chooses rs1 and rs2 and computes ephemeral key with A as follows K = (R )rs1(mod p) = (gra )rs1 mod p g rs1 (mod p) and grs2 (mod p) and encrypts with H (PA ) and H (PB ) respectively. Using these quantities server establishes ephemeral keys with A and B respectively and server authentication is done. S sends the values to A iii. A decrypts this packet with H (PA ) to get g rs1 (mod p) and establishes ephemeral key with S as KAS = (grs1)ra mod p .A calculates one way function FA (PA , KAS ) using which server authenticates A, since only A knows PA it can compute this function. As this is a commutative one way hash function [14], server need not know host password to evaluate this function. Using one way hash of host password server can calculate predicate function and authenticate host. A sends the following values to B FA (PA , KAS ), H (P )(grs2 mod p) iv. After receiving the values B decrypts it with H (PB ) to get (grs2 mod p) .B chooses randomly rb and generates RB = g rb (mod p) .Then computes ephemeral key for authenticating server as KBS = (grs2 )rb mod p . B calculates one way function FB (PB , KBS ) , using which server authenticates B. Password of B and ephemeral session key KBS are seeds for this function. Since only B knows PB it can compute this function and sends the values to S. B → S FA (PA , KAS ), FB (PB , KBS ), H (PB )[RB ] v. server decrypts it with H (PB ) to get RB and computes ephemeral key K = (grb )rs2 mod p . For authentication of A and B server evaluates one way functions FA (...), FB (...) . server need not know host passwords to evaluate these functions. Using one way hash of host password it can evaluate this function as it is a commutative one way hash function. If it results into true then it confirms that host is genuine. It defines a predicate as T (H (P), F (P, K ), K ) . This evaluates to true if and only if the genuine password P was used to create both H (P) and F (P, K ) . K can be KAS , KBS for A and B respectively. S encrypts RB and RA with KAS , KBS respectively and computes one way hash f...

Proposed Protocol. Step 1: Preparing user contribution and signa- ture Each user Ui with identity IDi chooses its con- tribution (xi) randomly. Let Ci be the current value of counter for user Xx. The values of (IDi||ID0||xi||Ci) are then encrypted with U0’s public key. Here || denotes the concatenation op- eration. ei = {IDi||ID0||xi||Ci}pu0 Ui also takes a signature sigi of (IDi||ID0||xi||Ci) using it’s private signature key. sigi = τ pri (IDi||ID0||xi||Ci) Each user then sends ei, sigi to the U0. Ui → U0 : ei, sigi All these operations can be performed offline. The advantage of using counter over timestamp is that the operations involving the counter can be per- formed offline. • Step 2: Receipt of user message and verification at U0 The U0 receives all the messages and decrypts them. It then verifies all the signatures of the cor- responding users. It also checks the validity of the counter Ci and accepts if the signatures are valid. • Step 3: Computation of secret by U0 The pair of identity and random value (IDi, xi) re- ceived from each user is taken as it’s contribution to construct the key. U0 also selects a random number x0 ∈ G p as its contribution. The secret is constructed by interpolating all the contributions into a polynomial. The n + 1 values of (IDi, xi) are taken as (n + 1) input points to the interpola- tion algorithm. As, all the identities of the users are distinct, a distinct polynomial will be obtained from the fresh input. Let the coefficients of the resulting polynomial be a0, a1, . . . , an. Thus the polynomial is as follows: A(x) = a0 + a1x + a2x2 + . . . + anxn The secret value is constructed as K = (a0||a1|| . . . ||an). • Step 4:Computation of reply message from U0 For each user Ui, U0 computes a one way hash H (IDi, ID0, xi,Ci) over the identity IDi, ID0, counter Ci and contribution xi. Then the secret value K is bitwise XORed with this hash value to

Proposed Protocol. To overcome the above-mentioned weaknesses, in this section, we propose a secure and efficient mutual au- thentication and key agreement protocol with smart cards for wireless communications, which consists of parameter-generation phase, registration phase, authenti- cation phase, key agreement phase, and password-change phase. 4.1 Parameter-generation Phase

Proposed Protocol. The proposed protocol chooses a k-bit prime p and determine following public parameters: {Fp, E/Fp, G, P}. where E/Fp: Elliptic curve over Fp. G: Cyclic additive points group formed by points on E/Fp. P: Generator of G. The protocol describes operation to generate common Session key among n members (it is not important whether n is equal to 3k or not) called Initialization operation along with others group operations like Join, Leave, Merge, etc. for dynamic group. 4.1 Initialization 1) In first round all members are arranged in subgroups having set of three members in each. (If n is not the multiple of 3 then remaining one or two members supposed to forward in next round and they does nothing in current round. The same condition is in every round) Member in every set form their own common EC points by using ECC based Three Parties Diffie Xxxxxxx key exchange as discussed in section 3.3. At the end of first round every subgroup has its own secret key (a point in EC group) in the form of (axi.ayi.azi.P) for i=1... Where axi, ayi & azi are private keys of first ,second and third member of i’th subgroup. One member from every subgroup comes forward as the group controller (GC) for the next round. In this way we treat every subgroup as a new node controlled by their GC. 2) In second round There are total nodes (along with the remaining node coming from previous round) form the subgroups having set of three participants of each and calculates their secrete subgroup key as in previous. This time GCs uses x- co-ordinate of their own subgroup keys as the private key. GC1 calculate (x1.P) and unicast to GC2. GC2 calculates (x2.P) and (x2. x1.P) and broadcast {(x1.P) ,( x2.P),( x2.x1.P)} to the all members of third subgroup. The members of third subgroup now can calculate common key as (x3. x2.x1.P) and keep it secret .GC3 additionally calculates {(x3.x1.P), (x3.x2.P)} and broadcast to the all members of its sibling groups. All sibling subgroup members calculates common key by multiplying their own private value. Note that GC1, GC2 and GC3 are group controllers and x1, x2 and x3 are their x co-ordinates of common points of first, second and third subgroups respectively. 3) Repeats the above process in subsequent rounds .In every round no. of nodes becomes (1/3) of the previous round. After rounds we have a single group which includes all the members, each sharing the group secret key. 4) If in last round the no of participants remains only two then instead of three ...