Anonymity and one-way authentication in key exchange protocols

Goldberg, Ian; Stebila, Douglas; Ustaoğlu, Berkant

doi:10.1007/s10623-011-9604-z

Cited by 45 publications

(60 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…3. An additional query is added specifically to set up a user with a new key chosen by the adversary [16,25,46]. This query is typically called establishparty and takes as input the user name and its long-term public key.…”

Section: Related Workmentioning

confidence: 99%

ASICS: authenticated key exchange security incorporating certification systems

Boyd

Cremers

Feltz³

et al. 2016

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

Abstract. Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.

show abstract

Section: Related Workmentioning

confidence: 99%

ASICS: authenticated key exchange security incorporating certification systems

Boyd

Cremers

Feltz³

et al. 2016

Int. J. Inf. Secur.

Self Cite

View full text Add to dashboard Cite

show abstract

“…In response to this, the Tor Project released a modified version (0.2.4.17-rc) that prioritizes processing of onionskins using the more efficient ntor [8] key exchange protocol. Adoption of this release has helped the situation: as Figure 1 shows, measured download 50 KiB times as of late September decreased to roughly 2.0 seconds.…”

Section: Work Done While On Sabbatical With the Tor Projectmentioning

confidence: 99%

Challenges in Protecting Tor Hidden Services from Botnet Abuse

Hopper

2014

Financial Cryptography and Data Security

View full text Add to dashboard Cite

Abstract. In August 2013, the Tor network experienced a sudden, drastic reduction in performance due to the Mevade/Sefnit botnet. This botnet ran its command and control server as a Tor hidden service, so that all infected nodes contacted the command and control through Tor. In this paper, we consider several protocol changes to protect Tor against future incidents of this nature, describing the research challenges that must be solved in order to evaluate and deploy each of these methods. In particular, we consider four technical approaches: resource-based throttling, guard node throttling, reuse of failed partial circuits, and hidden service circuit isolation.

show abstract

“…Starting with v0.2.4.8-alpha (released in January 2013), Tor supports a new circuit extension handshake protocol, ntor, designed by Goldberg et al [10]. ntor improves upon the original protocol we described in Sect.…”

Section: B Ntor Handshakementioning

confidence: 99%

CellFlood: Attacking Tor Onion Routers on the Cheap

Barbera

Kemerlis

Pappas

et al. 2013

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. In this paper, we introduce a new Denial-of-Service attack against Tor Onion Routers and we study its feasibility and implications. In particular, we exploit a design flaw in the way Tor software builds virtual circuits and demonstrate that an attacker needs only a fraction of the resources required by a network DoS attack for achieving similar damage. We evaluate the effects of our attack on real Tor routers and we propose an estimation methodology for assessing the resources needed to attack any publicly accessible Tor node. Finally, we present the design and implementation of an effective solution to the problem that relies on cryptographic client puzzles, and we present results from its performance and effectiveness evaluation.

show abstract

Anonymity and one-way authentication in key exchange protocols

Cited by 45 publications

References 25 publications

ASICS: authenticated key exchange security incorporating certification systems

ASICS: authenticated key exchange security incorporating certification systems

Challenges in Protecting Tor Hidden Services from Botnet Abuse

CellFlood: Attacking Tor Onion Routers on the Cheap

Contact Info

Product

Resources

About