2012
DOI: 10.1007/978-3-642-27576-0_10
|View full text |Cite
|
Sign up to set email alerts
|

Authenticated Key Exchange under Bad Randomness

Abstract: Abstract. We initiate the formal study on authenticated key exchange (AKE) under bad randomness. This could happen when (1) an adversary compromises the randomness source and hence directly controls the randomness of each AKE session; and (2) the randomness repeats in different AKE sessions due to reset attacks. We construct two formal security models, Reset-1 and Reset-2, to capture these two bad randomness situations respectively, and investigate the security of some widely used AKE protocols in these models… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
5

Citation Types

1
38
0

Year Published

2013
2013
2021
2021

Publication Types

Select...
3
2

Relationship

1
4

Authors

Journals

citations
Cited by 8 publications
(39 citation statements)
references
References 29 publications
1
38
0
Order By: Relevance
“…Over the past few years, a number of security properties have been seen to be important in key agreement protocols, and different protocols have been implemented to solve the problem. An example of these protocols is . A comprehensive survey of KE protocols is presented in .…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation
“…Over the past few years, a number of security properties have been seen to be important in key agreement protocols, and different protocols have been implemented to solve the problem. An example of these protocols is . A comprehensive survey of KE protocols is presented in .…”
Section: Introductionmentioning
confidence: 99%
“…Many practical AKE protocols, such as the internet KE (SIGMA) protocol were proven secure using the CK model. Yang et al ., proposed a variant of the CK model that takes into account AKE under bad randomness. Some generic systems were also proposed for improving the security of current AKE protocols.…”
Section: Introductionmentioning
confidence: 99%
“…The design and analysis of AKE protocols have been extensively studied in the last three decades for different network settings (e.g. [6,7,5,11,1,24,27,10,29,28]). The first formal security model for AKE was proposed by Bellare and Rogaway [6].…”
Section: Introductionmentioning
confidence: 99%
“…In particular, the Canetti-Krawczyk (CK) model [11], which can be considered as a combination of the BR model and the Bellare-Canetti-Krawczyk (BCK) model [4], has been used to prove the security of many practical AKE protocols such as the ISO protocol [20] (named SIG-DH in [11]) and the Internet Key Exchange (or SIGMA) protocol [12,23]. In FC'11, Yang et al [28] extended the CK model to consider AKE under bad randomness. Two new models were proposed in [28], one formalized the reset attacks, and the other one formalized the bad randomness attacks.…”
Section: Introductionmentioning
confidence: 99%
See 1 more Smart Citation