Key agreement protocols are of fundamental importance for ensuring the confidentiality of communications between two (or more) parties over an insecure network. In this paper we review existing two-party protocols whose security rests upon the intractability of Diffie-Hellmann and Discrete Logarithm problems over elliptic curve groups. In addition, we propose a new two-party mutual authenticated key agreement protocol and collectively evaluate the security and performance of all the schemes considered. Elliptic curve techniques are used to minimise the computational workload on resource-constrained devices and to afford security levels with possibly fewer bits.
Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. This paper focuses on key agreement protocols in the asymmetric authentication model, wherein parties hold a public/private key pair. In particular, we consider a type of known key attack called key compromise impersonation that may occur once the adversary has obtained the private key of an honest party. This attack represents a subtle threat that is often underestimated and difficult to counter. Several protocols are shown vulnerable to this attack despite their authors claiming the opposite. We also consider in more detail how three formal (complexity-theoretic based) models of distributed computing found in the literature cover such attacks.
Abstract. In SAC'05, Strangio proposed protocol ECKE-1 as an efficient elliptic curve Diffie-Hellman two-party key agreement protocol using public key authentication. In this letter, we show that despite the author's claims protocol ECKE-1 is vulnerable to key-compromise impersonation attacks.We also present an improved protocol -ECKE-1N, which can withstand such attacks. The improved protocol's performance is comparable to the well-known MQV protocol and maintains the same remarkable list of security properties.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.