Modeling key compromise impersonation attacks on group key exchange protocols

Gorantla, M. Choudary; Boyd, Colin; Nieto, Juan Manuel González; Manulis, Mark

doi:10.1145/2043628.2043629

Cited by 27 publications

(36 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This model extends strongly-authenticated key exchange model for two-party protocols from [32] to the group setting and it is described using notations and terminology of the state-of-the-art GKE model [19].…”

Section: The Model and Security Definitionsmentioning

confidence: 99%

“…[14,24,15,25,32,37,16], and group KE (GKE), e.g. [10,29,22,12,31,19], reaching out to other flavors such as password-based solutions [8,6,9,3] or flexible combinations of GKE and 2KE [30,1]. The security notion, shared by most KE flavors, takes its roots in [7] and is called authenticated key exchange (AKE) security.…”

Section: Introductionmentioning

confidence: 99%

“…as to add authentication (without ephemeral key leakage-resilience) to unauthenticated KE protocols [22,13] or to obtain optional insider security [21,11,19] in GKE protocols. Yet another interesting direction is to search for sufficient conditions for achieving a security goal.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange

Fujioka

Manulis

Suzuki

et al. 2012

Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

Abstract. Tripartite (Diffie-Hellman) Key Exchange (3KE), introduced by Joux (ANTS-IV 2000), represents today the only known class of group key exchange protocols, in which computation of unauthenticated session keys requires one round and proceeds with minimal computation and communication overhead. The first one-round authenticated 3KE version that preserved the unique efficiency properties of the original protocol and strengthened its security towards resilience against leakage of ephemeral (session-dependent) secrets was proposed recently by Manulis, Suzuki, and Ustaoglu (ICISC 2009).In this work we explore sufficient conditions for building such protocols. We define a set of admissible polynomials and show how their construction generically implies 3KE protocols with the desired security and efficiency properties. Our result generalizes the previous 3KE protocol and gives rise to many new authenticated constructions, all of which enjoy forward secrecy and resilience to ephemeral key-leakage under the gap Bilinear Diffie-Hellman assumption in the random oracle model.

show abstract

Section: The Model and Security Definitionsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange

Fujioka

Manulis

Suzuki

et al. 2012

Information Security and Privacy

Self Cite

View full text Add to dashboard Cite

show abstract

“…Security of key exchange protocols is usually defined with the requirement of Authenticated Key Exchange (AKE) security; see [3,14,15,26] for the 2KE case and [8,10,18,21,22] for the GKE case. AKE-security models the indistinguishability of the established session group key with respect to an active adversary treated as an external entity from the perspective of the attacked session.…”

Section: Related Workmentioning

confidence: 99%

“…Besides AKE-security some security models for GKE protocols (e.g. [10,11,18,21]) define optional security against insider attacks.…”

Section: Related Workmentioning

confidence: 99%

Flexible Group Key Exchange with On-demand Computation of Subgroup Keys

Abdalla

Chevalier

Manulis

et al. 2010

Progress in Cryptology – AFRICACRYPT 2010

Self Cite

View full text Add to dashboard Cite

Abstract. Modern multi-user communication systems, including popular instant messaging tools, social network platforms, and cooperative-work applications, offer flexible forms of communication and exchange of data. At any time point concurrent communication sessions involving different subsets of users can be invoked. The traditional tool for achieving security in a multi-party communication environment are group key exchange (GKE) protocols that provide participants with a secure group key for their subsequent communication. Yet, in communication scenarios where various user subsets may be involved in different sessions the deployment of classical GKE protocols has clear performance and scalability limitations as each new session should be preceded by a separate execution of the protocol. The motivation of this work is to study the possibility of designing more flexible GKE protocols allowing not only the computation of a group key for some initial set of users but also efficient derivation of independent secret keys for all potential subsets. In particular we improve and generalize the recently introduced GKE protocols enabling on-demand derivation of peer-to-peer keys (so called GKE+P protocols). We show how a group of users can agree on a secret group key while obtaining some additional information that they can use on-demand to efficiently compute independent secret keys for any possible subgroup. Our security analysis relies on the Gap Diffie-Hellman assumption and uses random oracles.

show abstract

Enhancement on strongly secure group key agreement

Tseng

Tsai

Huang

2014

Security Comm Networks

View full text Add to dashboard Cite

In 2011, Zhao et al. presented a new security model of group key agreement (GKA) by considering ephemeral secret leakage (ESL) attacks. Meanwhile, they proposed a strongly secure GKA protocol under the new model. In this paper, two security weaknesses on their protocol are pointed out and remedied, in which, their GKA protocol must rely on a signature scheme with existential unforgeability under adaptive chosen message attacks (UF‐ACMA) to achieve the security goals of authenticated key exchange and mutual authentication in the new model. We argue and illustrate that a UF‐ACMA secure signature scheme is insufficient to promise the security goals because the employed signature scheme does not consider the ESL attacks. For providing authentication functionality of some future cryptographic mechanisms (e.g., authenticated GKA protocols, authenticated key agreement protocols, and authentication schemes) resistant to the ESL attacks, we define a novel security notion for digital signature schemes, termed existential UF‐ACM and ephemeral secret leakage attacks. On the basis of Schnorr's signature scheme, we propose the first UF‐ACM and ephemeral secret leakage attacks secure signature scheme. We demonstrate that the proposed scheme is provably secure under the hardness of computing discrete logarithms in the random oracle model. Copyright © 2014 John Wiley & Sons, Ltd.

show abstract

Modeling key compromise impersonation attacks on group key exchange protocols

Cited by 27 publications

References 26 publications

Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange

Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange

Flexible Group Key Exchange with On-demand Computation of Subgroup Keys

Enhancement on strongly secure group key agreement

Contact Info

Product

Resources

About