Upgrading the S-NCI Key Establishment Protocol Scheme to be Secure and Applicable

There are currently a number of key establishment protocols that have been developed with server-based as trusted third parties. However, there are still some attacks that may occur in the protocols are man-in-the-middle attack, replay attack, typing attack, and modification attack. Following this, S-NCI’s key establishment protocol has been developed which claims to be immune to man-in-the-middle attacks, replay attacks, typing attacks, and modification attacks. However, the protocol has not been through formal analysis. Then, based on experiments that have been done in this study, S-NCI has not met the formal analysis criteria of Alive and Weakaggree. In addition, S-NCI also has not provided an applicable supporting procedure for the utilization of Key Translation Center that is realized until now no one has applied. The research method used in this research is a research library supported by experimenting formal analysis of protocols using Scyther Tool. This research has produced a procedure supporting the application of S-NCI protocol along with the result of modification of the protocol so that it can fulfill Alive and Weakagree criteria.


Introduction
Key establishment is any process whereby a shared secret key becomes available to two or more parties, for subsequent cryptographic use [1]. The key establishment technique is divided into Key Transport and Key Agreement as illustrated in Figure 1. In practice, key establishment protocols can involve trusted third-parties as initial system setup and online actions [1] [2][3] [4][5] [6] [7]. Meanwhile, there are still some possible attacks on the current key establishment protocols that are man-in-the-middle attacks [1] [2], replay attacks [1][2] [3][4] [5], typing attacks [1][2] [4], and modification attacks [1][2] [6] [7]. Based on these conditions, it has now developed a protocol key establishment called S-NCI [8], which claims to have been immune to manin-the-middle attack, replay attack, typing attack and modification attack. However, the protocol has not been through formal analysis that should be done [2]. Following this matter, then in this research will be conducted formal analysis of S-NCI protocol to be able to know weakness owned by protocol. In addition, the S-NCI protocol also does not provide an applicable implementation procedure for the utilization of Key Translation Center [1] which is realized that until now there has been no key establishment protocol to implement it. So this research aims to produce procedure of applying S-NCI protocol to be more applicable to modification of the protocol so that proven can fulfill all criteria of formal analysis using Scyther Tool [9][10] [11] [12].

Research Method
The research method used is a research library supported by conducting protocol security test experiment. Then, step research flowchart is described in Figure 2. Step research flowchart Formal analysis was conducted to support the results of informal analysis that had previously been done on [8]. Formal analysis of the S-NCI protocol was performed using the Scyther Tool, and it was detected that the Alive and Weakagree criteria were not met. So, then modify the existing S-NCI protocol to meet the Alive and Weakaggree criteria by adding the IDT (identity T) and NT (Nonce from T) attributes and one additional step as Step 5. After all criteria on formal analysis are met, then proceed with making supporting procedures in applying the S-NCI protocol to make it easier to apply.

S-NCI Key Establishment Protocol
The notation used in the S-NCI key establishment protocol is described in Table 1. While the stages are described in Table 2.  Table 2. Stages in S-NCI protocol Step 2 Step 3 Step 4 The explanation of Table 2 is as follows: Step 1: A generates a session key ( s) and then sends the session key to T along with A, B, and 1 encrypted using KAT. Besides that A also sends the hash value from s || A || B || 1. T receives messages from A which are then decrypted using KAT and proceeds with hashing of received messages to check the integrity of received messages.
Step 2: T encrypt messages containing s|| A || 2 using KBT, and doing hashing against s|| A || 2, then the message and hash value are sent to B.

1234567890''""
Step 3: B decrypts the message received from T to get the value of the session key ( s) and calculates the hash value to check the integrity of the message. Then B generates random numbers ( B) and timestamp values ( 3). B will also calculate the MAC value of B. In addition, B and 3 are then encrypted using s and sent to A.
Step 4: A decrypt KS ( B|| 3) by using s. Then A will calculate the MAC value with the s key from B and send it to B. When B receives the MAC value sent by A, B has previously calculated the MAC value of B. Thus, B will compare the MAC value to the one received in A. If the two hash values are the same, the protocol is successfully executed and A and B have a valid session key, s.

Formal Analysis uses Scyther Tool
Formal analysis of S-NCI key establishment protocols are performed using the Scyther Tool. The explanation of the source code and the results are described in sequence in Table 3 and Figure 3.

Upgrading the S-NCI Key Establishment Protocol
After performing a formal analysis of the S-NCI protocol using the Scyther Tool, it was found that the security characteristics of Alive and Weakagree on entity T are not owned by the protocol. So it is necessary to modify the S-NCI protocol by adding IDT (identity T) and NT (Nonce from T), and adding a step as a Step 5. Before and after modification of the S-NCI protocol is described in Table 4. Efforts to utilize and modify related protocols in various fields are also implemented on research [13][14] [15].  3) Step 3

→ ∶ Ks ( B ||IDT)
Step 4 Step 5 The explanation of Table 4 (after modification) is as follows: Step 1: A generates a session key ( s) and then sends the session key to T along with A, B, IDT and 1 encrypted using KAT. Besides that A also sends the hash value from s || A || B || IDT || 1. T receives messages from A which are then decrypted using KAT and proceeds with hashing of received messages to check the integrity of received messages.
Step 2: T encrypt messages containing s|| A ||IDT ||NT || 2 using KBT, and doing hashing against s|| A ||IDT ||NT || 2, then the message and hash value are sent to B. T will also calculate the MAC value of T.
Step 3: B decrypts the message received from T to get the value of the session key ( s) and calculates the hash value to check the integrity of the message. Then B generates random numbers ( B) and timestamp values ( 3). B will also calculate the MAC value of B ||IDT. In addition, B ,IDT and 3 are then encrypted using s and sent to A.
Step 4: A decrypt Ks ( B ||IDT || 3) by using s. Then A will calculate the MAC value with the s key from B ||IDT and send it to B. When B receives the MAC value sent by A, B has previously calculated the MAC value of B ||IDT. Thus, B will compare the MAC value to the one received in A. If the two hash values are the same, the protocol is successfully executed and A and B have a valid session key, s.
Step 5: Next, B will calculate the MAC value with the key s to NT and send it to T. When T receives the MAC value sent by B, T has previously calculated the MAC value of NT. Then, T will compare the MAC value, so if both are equal, then B and T have succeeded in authenticating each other.

Formal Analysis after Modified
Formal analysis of the modified S-NCI key establishment protocol, source code and results are described in sequence in Table 5 and Figure 4.  Based on the results of a formal analysis carried out on the modified S-NCI protocol, it is evident that Alive and Weakagree criteria have been met, so that the modification has succeeded in eliminating the weaknesses of the previous S-NCI protocol.

Procedure of Applying S-NCI Protocol
The supporting procedures that need to be applied in the application of the S-NCI key establishment protocol is as follows: a. KTC can be as a cloud service provider or a Cloud application provider specified. KTC is recognized as a trusted entity to provide remote data storage and remote counting services, which in this case is more specifically functioned as a party that translates inter-party keys with an agreed KTC, such as the key between A with KTC and B with KTC. b. KTC specifies the random number (RandT). After that will be determined the ID of each entity involved, in this case entities A and B, in the following way: -IDT = H(RandT) -IDA = H(RandT || RandA) -IDB = H(RandT || RandB) c. Once the ID of each entity is obtained, the S-NCI key supply protocol is ready to be applied.

Conclusion
This study has the following conclusions : a. This protocol can be used applicable and securely for the various functions of the key establishment protocol that is the function of providing session keys, challenge response, mutual authentication, data integrity, and data encryption. b. This protocol is proven to meet the Alive and Weakagree security criteria for previously unachieved entity T, after adding a new step as a fifth step by adding IDT and NT notation. c. The procedure of applying KTC in the S-NCI protocol requires the identities (ID) of each entity involved, which can be generated from the hash random number (Rand) between the entities involved.