.svg){kind=logo}
POST-QUANTUM CRYPTOGRAPHY FOR HEALTHCARE: A NUMBER THEORY BASED TWO-FACTOR MUTUAL AUTHENTICATION AND KEY EXCHANGE PROTOCOL OVER LATTICES FOR TMIS
Keywords:
lattices, number theory, healthcare, security, RLWE, authentication and key exchange, post quantum cryptography.DOI:
https://doi.org/10.17654/0974165824001Abstract
The telecare medical information system (TMIS) allows patients to access health services from their homes. It is therefore necessary to preserve privacy of the patient and to secure the communications between the patient/user and the gateway/server for TMIS (Gw, briefly).
We propose a new ring learning with error (RLWE) based on two-factor authentication and key exchange protocol, post-quantum secure, for healthcare platform by using a similar protocol of Ding et al. at Cryptographers’ Track at the RSA Conference in 2017 [32]. Our protocol involves four phases: user registration phase, login phase, mutual authentication and key agreement phase, and user’s password change phase.
Gw has a long-term public key $\left(p_s\right)$ and a private key $\left(x_s\right)$. The user has a password $p w d$. The user's personal device/smartphone (PD, briefly) has a long-term secret key $x_u$. This secret key $x_u$ is encrypted by $p w d$ and stored on $\mathrm{PD}$. The $\mathrm{PD}$ and the $\mathrm{Gw}$ share a long-term password $S$. This shared password $S$ is calculated by Gw from its secret $x_s$ and the hash of the user's id $\left(H_1\left(\ldots, i d, x_u\right)\right)$. Gw sends $S$ to PD through a secure channel. At user's side, $S$ is encrypted (stored on PD) with $p w d$ and the PD's long-term secret key $x_u$. Note that $S$ and id are not stored on $\mathrm{Gw}$. For privacy, all the information required for user's authentication are securely stored on PD and no information of the user is stored on $\mathrm{Gw}$. $p w d$ can be frequently changed offline (inside the PD).
Received: January 7, 2023
Accepted: February 25, 2023
References
M. Abdalla and M. Bellare, Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques, International Conference on the Theory and Application of Cryptology and Information Security, Springer, Berlin, Heidelberg, 2000, pp. 546-559.
Victor Boyko, Philip MacKenzie and Sarvar Patel, Provably secure password-authenticated key exchange using Diffie-Hellman, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2000, pp. 156-171.
J. W. Bos, C. Costello, M. Naehrig and D. Stebila, Post-quantum key exchange for the TLS protocol from the ring learning with errors problem, 2015 IEEE Symposium on Security and Privacy, 2015, pp. 553-570.
J. Zhang, Z. Zhang, J. Ding, M. Snook and O. Dagdelen, Authenticated key exchange from ideal lattices, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2015, pp. 719-751.
S. Fluhrer, Cryptanalysis of ring-LWE Based key exchange with key share reuse, Cryptology ePrint Archive, 2016.
D. Jost, U. Maurer and M. Mularczyk, Efficient ratcheting: almost-optimal guarantees for secure messaging, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Cham, 2019, pp. 159-188.
E. Eaton, D. Jao, C. Komlo and Y. Mokrani, Towards post-quantum key-updatable public-key encryption via supersingular isogenies, International Conference on Selected Areas in Cryptography, Springer, Cham, 2022, pp. 461 482.
J. Ding, S. Fluhrer and S. Rv, Complete attack on RLWE key exchange with reused keys, without signal leakage, Australasian Conference on Information Security and Privacy, Springer, Cham, 2018, pp. 467-486.
N. Bindel, D. Stebila and S. Veitch, Improved attacks against key reuse in learning with errors key exchange, International Conference on Cryptology and Information Security in Latin America, Springer, Cham, 2021, pp. 168-188.
Y. Qin, C. Cheng and J. Ding, An efficient key mismatch attack on the NIST second round candidate Kyber, Cryptology ePrint Archive, 2019.
S. Blake-Wilson and A. Menezes, Authenticated Diffie-Hellman key agreement protocols, International Workshop on Selected Areas in Cryptography, Springer, Berlin, Heidelberg, 1998, pp. 339-361.
H. Krawczyk, HMQV: a high-performance secure Diffie-Hellman protocol, Annual International Cryptology Conference, Springer, Berlin, Heidelberg, 2005, pp. 546-566.
P. W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Rev. 41(2) (1999), 303-332.
O. Regev, On lattices, learning with errors, random linear codes, and cryptography, Journal of the ACM (JACM) 56(6) (2009), 1-40.
D. Micciancio and O. Regev, Lattice-based cryptography, Post-quantum Cryptography, Springer, Berlin, Heidelberg, 2009, pp. 147-191.
O. Regev, The learning with errors problem, Invited Survey in CCC 7(30) (2010), 11.
L. Ducas and A. Durmus, Ring-LWE in polynomial rings, International Workshop on Public Key Cryptography, Springer, Berlin, Heidelberg, 2012, pp. 34-51.
D. Dachman-Soled, L. Ducas, H. Gong and M. Rossi, LWE with side information: attacks and concrete security estimation, Annual International Cryptology Conference, Springer, Cham, 2020, pp. 329-358.
J. Bos, C. Costello, L. Ducas, I. Mironov, M. Naehrig, V. Nikolaenko and D. Stebila, Frodo: take off the ring! practical, quantum-secure key exchange from LWE, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 1006-1018. 10.1145/2976749.2978425.
L. Huguenin-Dumittan and S. Vaudenay, Classical misuse attacks on NIST round 2 PQC, International Conference on Applied Cryptography and Network Security, Springer, Cham, 2020, pp. 208-227.
D. Kirkwood, B. C. Lackey, J. McVey, M. Motley, J. A. Solinas and D. Tuller, Failure is not an option: standardization issues for post-quantum key agreement, Workshop on Cybersecurity in a Post-quantum World, 2015, p. 21.
C. Baetu, F. B. Durak, L. Huguenin-Dumittan, A. Talayhan and S. Vaudenay, Misuse attacks on post-quantum cryptosystems, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Cham, 2019, pp. 747-776.
E. Fujisaki and T. Okamoto, Secure integration of asymmetric and symmetric encryption schemes, Annual International Cryptology Conference, Springer, Berlin, Heidelberg, 1999, pp. 537-554.
D. Stehle and R. Steinfeld, Making NTRU as secure as worst-case problems over ideal lattices, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2011, pp. 27-47.
BlueKrypt Cryptographic Key Recommendation, accessed: 2021-04-07.
Project Crystal: NIST Post-quantum Cryptography, accessed: 2021-04-07.
https://pq-crystals.org/kyber/index.shtml.
NTRU: NIST Post-quantum Cryptography, accessed: 2021-04-07.
Classic McEliece: NIST Post-quantum Cryptography, accessed: 2021-04-07. http://classic.mceliece.org.
J. P. D’Anvers, A. Karmakar, S. Sinha Roy and F. Vercauteren, Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM, International Conference on Cryptology in Africa, Springer, Cham, 2018, pp. 282-305.
L. Fan, J. H. Li and H. W. Zhu, An enhancement of timestamp-based password authentication scheme, Computers and Security 21(7) (2002), 665-667.
N. Radhakrishnan and M. Karuppiah, An efficient and secure remote user mutual authentication scheme using smart cards for telecare medical information systems, Informatics in Medicine Unlocked 16 (2019), 100092.
J. Ding, S. Alsayigh, J. Lancrenon, S. RV and M. Snook, Provably secure password authenticated key exchange based on RLWE for the post-quantum world, Cryptographers’ Track at the RSA Conference, Springer, Cham, 2017, pp. 183-204.
X. Gao, L. Li, J. Ding, J. Liu, R. V. Saraswathy and Z. Liu, Fast discretized Gaussian sampling and post-quantum TLS ciphersuite, International Conference on Information Security Practice and Experience, Springer, Cham, 2017, pp. 551-565.
S. M. Bellovin and M. Merritt, Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks, IEEE, 1992.
M. Abdalla, F. Benhamouda and D. Pointcheval, Corrigendum: public-key encryption indistinguishable under plaintext-checkable attacks, IET Information Security 14(3) (2020), 365-366.
M. Abdalla, D. Catalano, C. Chevalier and D. Pointcheval, Efficient two-party password-based key exchange protocols in the UC framework, Cryptographers’ Track at the RSA Conference, Springer, Berlin, Heidelberg, 2008, pp. 335-351.
M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2000, pp. 139-155.
B. Kang and J. Han, Cryptanalysis and improvement on three-party protocols for password authenticated key exchange, Proceedings of the 2010 2nd International Conference on Education Technology and Computer, China, Vol. 5, 2010, pp. 5197-5201.
T. Kwon, Authentication and key agreement via memorable password, Cryptology ePrint Archive, 2000.
J. Katz, R. Ostrovsky and M. Yung, Efficient password-authenticated key exchange using human-memorable passwords, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2001, pp. 475-494.
R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie, Universally composable password-based key exchange, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2005, pp. 404-421.
A. Fujioka, K. Suzuki, K. Xagawa and K. Yoneyama, Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism, Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, 2013, pp. 83-94.
R. Gennaro, Faster and shorter password-authenticated key exchange, Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2008, pp. 589-606.
A. Groce and J. Katz, A new framework for efficient password-based authenticated key exchange, Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010, pp. 516-525.
O. Goldreich and Y. Lindell, Session-key generation using human passwords only, Journal of Cryptology 19(3) (2006), 241-340.
M. H. Nguyen and S. Vadhan, Simpler session-key generation from short random passwords, Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2004, pp. 428-445.
D. P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review 26(5) (1996), 5-26.
J. Ding, X. Xie and X. Lin, A simple provably secure key exchange scheme based on the learning with errors problem, Cryptology ePrint Archive, 2012.
C. Peikert, Lattice cryptography for the Internet, International Workshop on Post-quantum Cryptography, Springer, Cham, 2014, pp. 197-219.
E. Alkim, L. Ducas, T. Poppelmann and P. Schwabe, Post-quantum key exchange - a new hope, 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 327-343.
J. Ding, P. Branco and K. Schmitt, Key exchange and authenticated key exchange with reusable keys based on RLWE assumption, Cryptology ePrint Archive, 2019.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 PUSHPA PUBLISHING HOUSE, PRAYAGRAJ, INDIA
This work is licensed under a Creative Commons Attribution 4.0 International License.
_________________________
Attribution: Credit Pushpa Publishing House as the original publisher, including title and author(s) if applicable.
Contact Pushpa Publishing House for more info or permissions.
Journal Impact Factor: 
