Authenticated Key Exchange under Bad Randomness

Yang, Guomin; Duan, Shanshan; Wong, Duncan S.; Tan, Chik How; Wang, Huaxiong

doi:10.1007/978-3-642-27576-0_10

Cited by 8 publications

(39 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Over the past few years, a number of security properties have been seen to be important in key agreement protocols, and different protocols have been implemented to solve the problem. An example of these protocols is . A comprehensive survey of KE protocols is presented in .…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A resilient identity-based authenticated key exchange protocol

Elashry

Susilo

2015

Security Comm. Networks

View full text Add to dashboard Cite

This paper presents a new security notion for key exchange (KE) protocols called resiliency. That is, if a shared secret between a group of parties is compromised or leaked, they can generate another completely new shared secret without the need to set up a new KE session. We present an identity‐based authenticated KE protocol that satisfies the resiliency security property. We prove that if an l‐bit shared secret key (SSK) is leaked, then two parties P1 and P2 can safely generate another shared secret SSK1 without the need to establish a new session. We adjust the unauthenticated adversarial model of the Canetti–Krawczyk to meet this security property and prove the security of the proposed protocol using the Canetti–Krawczyk model based on the quadratic residuosity assumption. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

Section: Introductionmentioning

confidence: 99%

“…Many practical AKE protocols, such as the internet KE (SIGMA) protocol were proven secure using the CK model. Yang et al ., proposed a variant of the CK model that takes into account AKE under bad randomness. Some generic systems were also proposed for improving the security of current AKE protocols.…”

Section: Introductionmentioning

confidence: 99%

A resilient identity-based authenticated key exchange protocol

Elashry

Susilo

2015

Security Comm. Networks

View full text Add to dashboard Cite

show abstract

“…The design and analysis of AKE protocols have been extensively studied in the last three decades for different network settings (e.g. [6,7,5,11,1,24,27,10,29,28]). The first formal security model for AKE was proposed by Bellare and Rogaway [6].…”

Section: Introductionmentioning

confidence: 99%

“…In particular, the Canetti-Krawczyk (CK) model [11], which can be considered as a combination of the BR model and the Bellare-Canetti-Krawczyk (BCK) model [4], has been used to prove the security of many practical AKE protocols such as the ISO protocol [20] (named SIG-DH in [11]) and the Internet Key Exchange (or SIGMA) protocol [12,23]. In FC'11, Yang et al [28] extended the CK model to consider AKE under bad randomness. Two new models were proposed in [28], one formalized the reset attacks, and the other one formalized the bad randomness attacks.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Leakage Resilient Authenticated Key Exchange Secure in the Auxiliary Input Model

Yang

Susilo

et al. 2013

Information Security Practice and Experience

Self Cite

View full text Add to dashboard Cite

Authenticated key exchange (AKE) protocols allow two parties communicating over an insecure network to establish a common secret key. They are among the most widely used cryptographic protocols in practice. In order to resist key-leakage attacks, several leakage resilient AKE protocols have been proposed recently in the bounded leakage model. In this paper, we initiate the study on leakage resilient AKE in the auxiliary input model. A promising way to construct such a protocol is to use a digital signature scheme that is entropicallyunforgeable under chosen message and auxiliary input attacks. However, to date we are not aware of any digital signature scheme that can satisfy this requirement. On the other hand, we show that in the random oracle model, it is sufficient to use a digital signature scheme that is secure under random message and auxiliary input attacks in order to build a secure AKE protocol in the auxiliary input model, while the existence of such a digital signature scheme has already been proven. We will also give a comparison between the existing public-key encryption based and digital signature based leakage resilient AKE protocols. We show that the latter can provide a higher level of security than the former. Abstract. Authenticated key exchange (AKE) protocols allow two parties communicating over an insecure network to establish a common secret key. They are among the most widely used cryptographic protocols in practice. In order to resist key-leakage attacks, several leakage resilient AKE protocols have been proposed recently in the bounded leakage model. In this paper, we initiate the study on leakage resilient AKE in the auxiliary input model. A promising way to construct such a protocol is to use a digital signature scheme that is entropically-unforgeable under chosen message and auxiliary input attacks. However, to date we are not aware of any digital signature scheme that can satisfy this requirement. On the other hand, we show that in the random oracle model, it is sufficient to use a digital signature scheme that is secure under random message and auxiliary input attacks in order to build a secure AKE protocol in the auxiliary input model, while the existence of such a digital signature scheme has already been proven. We will also give a comparison between the existing public-key encryption based and digital signature based leakage resilient AKE protocols. We show that the latter can provide a higher level of security than the former.

show abstract

Security of Public Key Encryption Against Resetting Attacks

Krämer

Struck

2020

Progress in Cryptology – INDOCRYPT 2020

View full text Add to dashboard Cite

Authenticated Key Exchange under Bad Randomness

Cited by 8 publications

References 29 publications

A resilient identity-based authenticated key exchange protocol

A resilient identity-based authenticated key exchange protocol

Leakage Resilient Authenticated Key Exchange Secure in the Auxiliary Input Model

Security of Public Key Encryption Against Resetting Attacks

Contact Info

Product

Resources

About