Symmetric-Key Authenticated Key Exchange (SAKE) with Perfect Forward Secrecy

Avoine, Gildas; Canard, Sébastien; Ferreira, Loïc

doi:10.1007/978-3-030-40186-3_10

Cited by 28 publications

(17 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…[SP4] Perfect forward secrecy: It is a very strong form of long-term security which guarantees that future disclosures of some long-term secret keys do not compromise past session keys [ 49 ]. It is widely accepted that the perfect forward secrecy can only be provided by asymmetric schemes.…”

Section: Security and Privacy Resultsmentioning

confidence: 99%

Privacy-Preserving Authentication Protocol for Wireless Body Area Networks in Healthcare Applications

Ryu

Kim

2021

Healthcare

View full text Add to dashboard Cite

Mobile healthcare service has become increasingly popular thanks to the significant advances in the wireless body area networks (WBANs). It helps medical professionals to collect patient’s healthcare data remotely and provides remote medical diagnosis. Since the health data are privacy-related, they should provide services with privacy-preserving, which should consider security and privacy at the same time. Recently, some lightweight patient healthcare authentication protocols were proposed for WBANs. However, we observed that they are vulnerable to tracing attacks because the patient uses the same identifier in each session, which could leak privacy-related information on the patient. To defeat the weakness, this paper proposes a privacy-preserving authentication protocol for WBANs in healthcare service. The proposed protocol is only based on one-way hash function and with exclusive-or operation, which are lightweight operations than asymmetric cryptosystem operations. We performed two rigorous formal security proofs based on BAN logic and ProVerif tool. Furthermore, comparison results with the relevant protocols show that the proposed protocol achieves more privacy and security features than the other protocols and has suitable efficiency in computational and communicational concerns.

show abstract

Section: Security and Privacy Resultsmentioning

confidence: 99%

Privacy-Preserving Authentication Protocol for Wireless Body Area Networks in Healthcare Applications

Ryu

Kim

2021

Healthcare

View full text Add to dashboard Cite

show abstract

“…More precisely, we would let π = π ′ fpr(pk A ) fpr(pk B ), where π ′ denotes the original user provided secrets, and we would compute the tags as τ a ← MAC(k a MAC , sid), where the session identifier sid is defined as the transcript of conversation between A and B, with τ b computed similarly. The IETF documents for SPAKE2 4 and J-PAKE 5 provide similar one round KC methods.…”

Section: An Instantiation Based On Spake2mentioning

confidence: 99%

“…Several PAKE constructions provide PFS by default, some of which are listed in Table 1; moreover, PFS can be obtained by adding explicit authentication via a KC step to constructions that do not have this property [8]. Alternatively, to improve efficiency we could resort to symmetric-key schemes that provide PFS, e.g., SAKE [5]. In this case, a PAKE can be used once to bootstrap authentication via a low-entropy secret and to generate the initial symmetric master key required by SAKE.…”

Section: Cryptographic Properties Enabled By Pakementioning

confidence: 99%

“…see Table 1). Moreover, the recent symmetric-key authenticated key exchange (SAKE) by Avoine et al [5] is conjectured to be PQ-secure due to its use of symmetric-key primitives. Thus, a quantum-resistant PAKE can be combined with SAKE, to obtain a low cost and efficient PQ-AKE with PFS suitable for settings with limited computational power, e.g., the IoT.…”

Section: Cryptographic Properties Enabled By Pakementioning

confidence: 99%

See 1 more Smart Citation

PakeMail: authentication and key management in decentralized secure email and messaging via PAKE

Sandoval¹,

Atashpendar²,

Lenzini³

et al. 2021

Preprint

View full text Add to dashboard Cite

We propose the use of password-authenticated key exchange (PAKE) for achieving and enhancing entity authentication (EA) and key management (KM) in the context of decentralized end-to-end encrypted email and secure messaging, i.e., where neither a public key infrastructure nor trusted third parties are used. This approach not only simplifies the EA process by requiring users to share only a low-entropy secret, e.g., a memorable word, but it also allows us to establish a high-entropy secret key; this key enables a series of cryptographic enhancements and security properties, which are hard to achieve using out-of-band (OOB) authentication. We first study a few vulnerabilities in voice-based OOB authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. We then propose tackling public key authentication by solving the problem of secure equality test using PAKE, and discuss various protocols and their properties. This method enables the automation of important KM tasks such as key renewal and future key pair authentications, reduces the impact of human errors, and lends itself to the asynchronous nature of email and modern messaging. It also provides cryptographic enhancements including multi-device synchronization and secure secret storage/retrieval, and paves the path for forward secrecy, deniability and post-quantum security. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols. To demonstrate the feasibility of our proposal, we present PakeMail, an implementation of the core idea, and discuss some of its cryptographic details, implemented features and efficiency aspects. We conclude with some design and security considerations, followed by future lines of work.

show abstract

“…However, in the schemes where the feature is addressed [6,21], there is no protection against synchronization attacks. Note that recently, in [33], a symmetric key based authentication scheme has been proposed which satisfies at the same time complete perfect forward secrecy and a solution for potential desynchronization problems. However, this scheme does not provide anonymity and consists of five phases with multiple hash functions.…”

Section: Session Specific Temporary Informationmentioning

confidence: 99%

Highly Efficient Symmetric Key Based Authentication and Key Agreement Protocol Using Keccak

Braeken

2020

Sensors

View full text Add to dashboard Cite

Efficient authentication and key agreement protocols between two entities are required in many application areas. In particular, for client–server type of architectures, the client is mostly represented by a constrained device and thus highly efficient protocols are needed. We propose in this paper two protocols enabling the construction of a mutual authenticated key ensuring anonymity and unlinkability of the client and resisting the most well known attacks. The main difference between the two proposed protocols is in the storage requirements on the server side. The innovation of our protocols relies on the fact that, thanks to the usage of the sponge construction, available in the newly proposed SHA3 standard with underlying Keccak design, the computation cost can be reduced to only one hash operation on the client side in case of the protocol with storage and two hash operations for the protocol without storage and thus leads to a very efficient solution.

show abstract

Symmetric-Key Authenticated Key Exchange (SAKE) with Perfect Forward Secrecy

Cited by 28 publications

References 18 publications

Privacy-Preserving Authentication Protocol for Wireless Body Area Networks in Healthcare Applications

Privacy-Preserving Authentication Protocol for Wireless Body Area Networks in Healthcare Applications

PakeMail: authentication and key management in decentralized secure email and messaging via PAKE

Highly Efficient Symmetric Key Based Authentication and Key Agreement Protocol Using Keccak

Contact Info

Product

Resources

About