Strongly Secure Authenticated Key Exchange without NAXOS’ Approach

Kim, Minkyu; Fujioka, Atsushi; Ustaoğlu, Berkant

doi:10.1007/978-3-642-04846-3_12

Cited by 31 publications

(16 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…6, 12] (shown eCK-secure) fail in authentication when leakages one the intermediate results are considered. Indeed an attacker, which learns the ephemeral secret exponents s 1 = x + a 1 and s 2 = x + a 2 in a session atÂ (see the steps 2 and 3 of the protocols 1 and 2 [12]), can indefinitely impersonateÂ to any party. Notice that the attacker cannot computeÂ's static key from s 1 and s 2 , while it is not difficult to see that leakages on s 1 (or s 2 ) and the ephemeral key, in the same session implyÂ's static key disclosure.…”

Section: Proposition 1 Any Seck-secure Protocol Is Also An Eck-securmentioning

confidence: 99%

A New Security Model for Authenticated Key Agreement

Sarr

Elbaz-Vincent

Bajard

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The Canetti-Krawczyk (CK) and extended Canetti-Krawczyk (eCK) security models, are widely used to provide security arguments for key agreement protocols. We discuss security shades in the (e)CK models, and some practical attacks unconsidered in (e)CK-security arguments. We propose a strong security model which encompasses the eCK one. We also propose a new protocol, called Strengthened MQV (SMQV), which in addition to provide the same efficiency as the (H)MQV protocols, is particularly suited for distributed implementations wherein a tamper-proof device is used to store long-lived keys, while session keys are used on an untrusted host machine. The SMQV protocol meets our security definition under the Gap DiffieHellman assumption and the Random Oracle model.

show abstract

Section: Proposition 1 Any Seck-secure Protocol Is Also An Eck-securmentioning

confidence: 99%

A New Security Model for Authenticated Key Agreement

Sarr

Elbaz-Vincent

Bajard

2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…While there have already been some two-pass AKE protocols [9,15,6,11,7] provably secure in the eCK model, none of them achieve perfect forward security against active adversary. Although it is possible to transform a two-pass AKE protocol provably secure in eCK model into a three-pass AKE protocol with perfect forward security against active adversary by adding two messages [2,8], the resulting protocol have a higher round-complexity.…”

Section: Our Contributionsmentioning

confidence: 99%

“…On the other hand, constructing the authenticated key exchange protocol secure in eCK model without NAXOS transformation has its advantages. For example, it can reduce the risk of leakage of the static private key and use of the random oracle [7].…”

Section: Introductionmentioning

confidence: 99%

Strongly Secure One Round Authenticated Key Exchange Protocol with Perfect Forward Security

Huang

2011

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. This paper investigates the two-pass authenticated key exchange protocol in the enhanced Canetti-Krawczyk (eCK) with perfect forward security. Currently, there exist no authenticated key exchange protocols which are provably secure in eCK model and meanwhile achieve perfect forward security against active adversary in one round. We propose a new two-pass authenticated key exchange protocol which enjoys following desirable properties. First, our protocol is shown secure in the eCK model under the gap Diffie-Hellman (GDH) assumption. Moreover, our protocol does not use the NAXOS transformation, the drawback of which will be discussed in the introduction. Second, under the same assumption, we prove that our protocol achieves perfect forward security against active adversary in one round. To the best of our knowledge, our proposal is first two-pass (one round) AKE protocol provably secure in the eCK model and achieving perfect forward security against active adversary.

show abstract

“…Many general AKE schemes have been proposed so far; see, for example, MQV [3], HMQV [4], SIGMA [5], KEA+ [6], NAXOS [7], CMQV [8], SMQV [9], E-NAXOS [10], Huang [11], or Kim et al [12] with numerous additional modifications. Their security has been analyzed in many models, for example, CK [13], eCK [7], and seCK [9], under various attack scenarios.…”

Section: Introductionmentioning

confidence: 99%

Deniable Key Establishment Resistance against eKCI Attacks

Krzywiecki

Wlisłocki

2017

Security and Communication Networks

View full text Add to dashboard Cite

In extended Key Compromise Impersonation (eKCI) attack against authenticated key establishment (AKE) protocols the adversary impersonates one party, having the long term key and the ephemeral key of the other peer party. Such an attack can be mounted against variety of AKE protocols, including 3-pass HMQV. An intuitive countermeasure, based on BLS (Boneh-Lynn-Shacham) signatures, for strengthening HMQV was proposed in literature. The original HMQV protocol fulfills the deniability property: a party can deny its participation in the protocol execution, as the peer party can create a fake protocol transcript indistinguishable from the real one. Unfortunately, the modified BLS based version of HMQV is not deniable. In this paper we propose a method for converting HMQV (and similar AKE protocols) into a protocol resistant to eKCI attacks but without losing the original deniability property. For that purpose, instead of the undeniable BLS, we use a modification of Schnorr authentication protocol, which is deniable and immune to ephemeral key leakages.

show abstract

Strongly Secure Authenticated Key Exchange without NAXOS’ Approach

Cited by 31 publications

References 22 publications

A New Security Model for Authenticated Key Agreement

A New Security Model for Authenticated Key Agreement

Strongly Secure One Round Authenticated Key Exchange Protocol with Perfect Forward Security

Deniable Key Establishment Resistance against eKCI Attacks

Contact Info

Product

Resources

About