Continuous After-the-Fact Leakage-Resilient Key Exchange

Alawatugoda, Janaka; Boyd, Colin; Stebila, Douglas

doi:10.1007/978-3-319-08344-5_17

Cited by 25 publications

(18 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In the CAFL model [1], each party U i where i ∈ [1, N P ], has a pair of long-term public and secret keys, (pk U i , sk U i ). Each party may run multiple instances of the protocol concurrently or sequentially.…”

Section: The Cafl Modelmentioning

confidence: 99%

“…It is claimed in [1] that the CAFL model addresses "most real world attack scenarios" including active adversarial capabilities (via the Send query), cold-boot attacks (via the Corrupt query), weak random number generators (through the EphemeralKeyReveal query), known key attacks (via the SessionKeyReveal query), and malware attacks (via the EphemeralKeyReveal or the Corrupt queries). It has also been claimed that the CAFL model addresses all the attack scenarios which are addressed by the ASB model, except weak forward secrecy.…”

Section: Comments On the Cafl Modelmentioning

confidence: 99%

“…Adversary reveals the ephemeral secret keys of both parties, and tries to learn the session key" [13]. Figure 1 depicts the generic protocol π [1]. The protocol must be instantiated using a CCLA2-secure public-key encryption scheme, e.g.…”

Section: Comments On the Cafl Modelmentioning

confidence: 99%

“…Furthermore, we present counterproofs for the security of protocol π in the CAFL model. This invalidates the formal security proofs in [1]. We present an attack to the protocol π, and show that it is insecure in the CAFL, ABS, MO and eCK security models.…”

mentioning

confidence: 91%

“…They did not propose any protocol for the ASB continuous leakage model, and left it as an open problem. In an attempt to solve the mentioned open problem, they introduced the Continuous After-the-Fact Leakage (CAFL) model [1] which is a weaker variant of the ASB continuous leakage model. The CAFL is weaker in terms of the freshness condition, and aims to capture the continuous leakage, even after the test session is activated.…”

mentioning

confidence: 99%

See 4 more Smart Citations

On Continuous After-the-Fact Leakage-Resilient Key Exchange

Toorani

2015

Proceedings of the Second Workshop on Cryptography and Security in Computing Systems

View full text Add to dashboard Cite

Side-channel attacks are severe type of attack against implementation of cryptographic primitives. Leakage-resilient cryptography is a new theoretical approach to formally address the problem of side-channel attacks. Recently, the Continuous After-the-Fact Leakage (CAFL) security model has been introduced for two-party authenticated key exchange (AKE) protocols. In the CAFL model, an adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated. It supports continuous leakage even when the adversary learns certain ephemeral secrets or session keys. The amount of leakage is limited per query, but there is no bound on the total leakage. A generic leakage-resilient key exchange protocol π has also been introduced that is formally proved to be secure in the CAFL model. In this paper, we comment on the CAFL model, and show that it does not capture its claimed security. Furthermore, we present an attack and counterproofs for the security of protocol π which invalidates the formal security proofs of protocol π in the CAFL model.

show abstract

Section: The Cafl Modelmentioning

confidence: 99%

Section: Comments On the Cafl Modelmentioning

confidence: 99%

Section: Comments On the Cafl Modelmentioning

confidence: 99%

mentioning

confidence: 91%

mentioning

confidence: 99%

See 3 more Smart Citations

On Continuous After-the-Fact Leakage-Resilient Key Exchange

Toorani

2015

Proceedings of the Second Workshop on Cryptography and Security in Computing Systems

View full text Add to dashboard Cite

show abstract

A resilient identity-based authenticated key exchange protocol

Elashry

Susilo

2015

Security Comm. Networks

View full text Add to dashboard Cite

This paper presents a new security notion for key exchange (KE) protocols called resiliency. That is, if a shared secret between a group of parties is compromised or leaked, they can generate another completely new shared secret without the need to set up a new KE session. We present an identity‐based authenticated KE protocol that satisfies the resiliency security property. We prove that if an l‐bit shared secret key (SSK) is leaked, then two parties P1 and P2 can safely generate another shared secret SSK1 without the need to establish a new session. We adjust the unauthenticated adversarial model of the Canetti–Krawczyk to meet this security property and prove the security of the proposed protocol using the Canetti–Krawczyk model based on the quadratic residuosity assumption. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Provably secure identity-based encryption resilient to post-challenge continuous auxiliary input leakage

Guo

et al. 2015

Security Comm. Networks

View full text Add to dashboard Cite

The situation for post‐challenge continuous auxiliary input leakage has not been considered in the cryptography schemes for previous literature. We present a semantic‐security model with post‐challenge continuous auxiliary inputs for identity‐based encryption. In this model, the adversary is permitted to obtain some information of the private keys constantly and to query more information after seeing the challenge ciphertext through the side‐channel attacks. Furthermore, we present an identity‐based encryption scheme resilient to leakage under composite order groups. Our scheme is secure against post‐challenge continuous auxiliary input, adaptive chosen‐identity, and adaptive chosen plaintext attacks under three static assumptions in the standard model. Compared with existing identity‐based encryption schemes under security properties and performance, our scheme is practical. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Continuous After-the-Fact Leakage-Resilient Key Exchange

Cited by 25 publications

References 22 publications

On Continuous After-the-Fact Leakage-Resilient Key Exchange

On Continuous After-the-Fact Leakage-Resilient Key Exchange

A resilient identity-based authenticated key exchange protocol

Provably secure identity-based encryption resilient to post-challenge continuous auxiliary input leakage

Contact Info

Product

Resources

About