Cryptanalysis of a robust key agreement based on public key authentication

Toorani, Mohsen

doi:10.1002/sec.1373

Cited by 6 publications

(10 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We describe some desirable security properties of AKA protocol; for further details in the security properties of AKA, see previous studies 25,26, 28, 36, 40–47 PFS Resilience (PFS‐R) : If an eavesdropper might reveal any possible pairs of secret information without both private keys (static and ephemeral secret keys) owned by the party, it should not have any effect on the secrecy of previously established session keys. UKS : If party

\overset{A}{true}

wants to establish a secret key with

\overset{B}{true}

, it should not be possible that

\overset{B}{true}

is tricked into sharing a key with party

\overset{C}{true}

. Key control (KC) : Both of the parties should not be able to force the session key to a preselected value of their choice. Private key security : An adversary cannot learn the initiator's static private key even if she or he is able to learn all transient secrets in any of the initiator's session. Key confirmation : It is a guarantee exactly that the responder party

\overset{B}{true}

owns the same computed session key of the initiator party

\overset{A}{true}

in the same session.…”

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

“…As a consequence, the total computation cost of the improved YAK protocol is five exponentiations as the original YAK protocol. However, the YAK protocol cannot withstand SSA attacks, 28 therefore making our proposed protocol more efficient than the original YAK protocol.…”

Section: The Improvement Of the Yak Protocolmentioning

confidence: 99%

“…The YAK protocol has a comparable performance with the proposed protocol as shown in Table 1. However, the YAK protocol cannot withstand SSA attacks 28 ; thus, it needs to validate the ephemeral public keys in order to prevent SSA attacks, therefore making its computational complexity higher than that of the improved YAK protocol.…”

Section: Security and Performance Comparisonsmentioning

confidence: 99%

“…However, Toorani analyzed the security of the YAK protocol and presented security flaws in that protocol. He showed that the YAK protocol cannot withstand Perfect Forward Secrecy (PFS), UKS, key‐replication, and key control attacks 28 …”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad

2020

Int J Communication

View full text Add to dashboard Cite

Hao proposed the YAK as a robust key agreement based on public-key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two-party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie-Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols. K E Y W O R D Sauthenticated key agreement, cryptanalysis, eCK, formal security model, key compromise impersonation, known key security, Scyther tool | INTRODUCTIONAs a result of the rapid development in the Internet of Things (IoT)-related applications in daily life, which uses diverse communication devices, securing data has become a more challenging task. Due to a diverse powerful adversary for revealing secret information from a party's participation via the open communication model, many formal security models and automated verification tools have been developed for finding security flaws in proposed new protocols before implementing them in applications. Consequently, secret key distribution and user authentication became the most important security issues in IoT. Nowadays, the security proof and verification process of an Authenticated Key Agreement (AKA) protocol in the formal security model is important for successful IoT applications.Diffie-Hellman (DH) key exchange protocol is a fundamental building block to distribute a shared secret key over an insecure communication model, 1 which is based on the concept of asymmetric cryptography. The shared secret key is used to provide confidentiality, integrity, nonrepudiation, and authenticity for data during transmission over an untrusted communication model. An AKA protocol is based on a public key, wherein the two intended participating parties exchange static and ephemeral ...

show abstract

\overset{A}{true}

wants to establish a secret key with

\overset{B}{true}

, it should not be possible that

\overset{B}{true}

is tricked into sharing a key with party

\overset{C}{true}

\overset{B}{true}

owns the same computed session key of the initiator party

\overset{A}{true}

in the same session.…”

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

Section: The Improvement Of the Yak Protocolmentioning

confidence: 99%

Section: Security and Performance Comparisonsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad

2020

Int J Communication

View full text Add to dashboard Cite

show abstract

“…Desired security attributes and valid attacks are typically defined through the security models. Many protocols have been proposed over the years, and many of those protocols have security problems [24][25][26].…”

Section: Introductionmentioning

confidence: 99%

Security analysis of the IEEE 802.15.6 standard

Toorani

2016

Int J Communication

Self Cite

View full text Add to dashboard Cite

A wireless body area network (WBAN) consists of low-power devices that are capable of sensing, processing, and wireless communication. WBANs can be used in many applications such as military, ubiquitous health care, entertainment, and sport. The IEEE Std 802.15.6-2012 is the latest international standard for WBAN. In this paper, we scrutinize the security structure of the IEEE 802.15.6-2012 standard and perform a security analysis on the cryptographic protocols in the standard. We show that some protocols have subtle security problems and are vulnerable to different attacks. Such vulnerabilities neutralize the security provisions in the standard specifically for medical applications that deal with sensitive information and security problems can be life-threatening.

show abstract

An authenticated, secure, and mutable multiple‐session‐keys protocol based on elliptic curve cryptography and text‐to‐image encryption algorithm

Abusukhon

Mohammad

Al-Thaher

2021

Concurrency and Computation

View full text Add to dashboard Cite

Summary Most of the key agreement protocols (e.g., Menezes–Qu–Vanstone [MQV] family) generate one common key per session. This leaves the session key vulnerable against various attacks. This article proposed an enhanced multiple session key (EMSK) protocol which is based on the elliptic curve Diffie–Hellman (ECDH), HMQV, and the YAK protocols. The EMSK generates multiple session keys per session. Unlike the MQV protocol, the EMSK needs only two messages to be exchanged in order to create nine session keys. However, the MQV requires 18 messages to be exchanged in order to produce these nine session keys. In EMSK, one of the session keys is used to encrypt the plaintext using the one‐time pad cipher. The encrypted message is then embedded in an RGB‐image in order to provide confidentiality service of communication. The EMSK is evaluated theoretically against various types of attacks and practically using the Scyther simulator. The results from the simulator showed that the EMSK protocol withstand various types of attacks on the MQV, HMQV, and the YAK protocols, and provided perfect forward secrecy. In addition, the EMSK provides a digital signature feature which validates the authenticity and integrity of a digital message using the zero knowledge prove.

show abstract

Cryptanalysis of a robust key agreement based on public key authentication

Cited by 6 publications

References 34 publications

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Security analysis of the IEEE 802.15.6 standard

An authenticated, secure, and mutable multiple‐session‐keys protocol based on elliptic curve cryptography and text‐to‐image encryption algorithm

Contact Info

Product

Resources

About