Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols

Mohammad, Zeyad; Chen, Yaw-Chung; Hsu, Chien Lung; Lo, Chun-Chih

doi:10.4103/0256-4602.62786

Cited by 10 publications

(12 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They showed that it is possible to achieve PFS in two‐pass key exchange protocols even in the presence of very strong active adversaries that can reveal random values of sessions and compromise long‐term secret keys of parties 9 . Mohammad et al proposed a new two‐pass AKA with key confirmation protocol which uses a verification mechanism in its block in order to provide entity authentication, assurance for key reception in an indirect way, and PFS 15 ; therefore, it can provide security properties as the three‐pass AKA protocol 36 . Feltz and Cremers analyzed the security of AKA protocols against strong adversaries that can perform chosen‐randomness attacks 17 …”

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

“…We describe some desirable security properties of AKA protocol; for further details in the security properties of AKA, see previous studies 25,26, 28, 36, 40–47 PFS Resilience (PFS‐R) : If an eavesdropper might reveal any possible pairs of secret information without both private keys (static and ephemeral secret keys) owned by the party, it should not have any effect on the secrecy of previously established session keys. UKS : If party

\overset{A}{true}

wants to establish a secret key with

\overset{B}{true}

, it should not be possible that

\overset{B}{true}

is tricked into sharing a key with party

\overset{C}{true}

. Key control (KC) : Both of the parties should not be able to force the session key to a preselected value of their choice. Private key security : An adversary cannot learn the initiator's static private key even if she or he is able to learn all transient secrets in any of the initiator's session. Key confirmation : It is a guarantee exactly that the responder party

\overset{B}{true}

owns the same computed session key of the initiator party

\overset{A}{true}

in the same session.…”

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

“…The proposed protocol is depicted in Figure 3. It verifies the identities of participating parties as in Mohammad et al 36 It can provide entity authentication as a result of the session identifiers matching concept 30 …”

Section: The Improvement Of the Yak Protocolmentioning

confidence: 99%

See 2 more Smart Citations

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad

2020

Int J Communication

Self Cite

View full text Add to dashboard Cite

Hao proposed the YAK as a robust key agreement based on public-key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two-party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie-Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols. K E Y W O R D Sauthenticated key agreement, cryptanalysis, eCK, formal security model, key compromise impersonation, known key security, Scyther tool | INTRODUCTIONAs a result of the rapid development in the Internet of Things (IoT)-related applications in daily life, which uses diverse communication devices, securing data has become a more challenging task. Due to a diverse powerful adversary for revealing secret information from a party's participation via the open communication model, many formal security models and automated verification tools have been developed for finding security flaws in proposed new protocols before implementing them in applications. Consequently, secret key distribution and user authentication became the most important security issues in IoT. Nowadays, the security proof and verification process of an Authenticated Key Agreement (AKA) protocol in the formal security model is important for successful IoT applications.Diffie-Hellman (DH) key exchange protocol is a fundamental building block to distribute a shared secret key over an insecure communication model, 1 which is based on the concept of asymmetric cryptography. The shared secret key is used to provide confidentiality, integrity, nonrepudiation, and authenticity for data during transmission over an untrusted communication model. An AKA protocol is based on a public key, wherein the two intended participating parties exchange static and ephemeral ...

show abstract

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

\overset{A}{true}

wants to establish a secret key with

\overset{B}{true}

, it should not be possible that

\overset{B}{true}

is tricked into sharing a key with party

\overset{C}{true}

\overset{B}{true}

owns the same computed session key of the initiator party

\overset{A}{true}

in the same session.…”

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

See 1 more Smart Citation

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad

2020

Int J Communication

Self Cite

View full text Add to dashboard Cite

show abstract

“…Even though their scheme is the strongest against the general key-compromise impersonation (K-CI) attack compared to one-pass versions of MQV, HMQV and CMQV, the use of bilinear pairings, makes this scheme less efficient [6]. Work in [19] proposes a two-pass authenticated key agreement protocol with key confirmation (2P-AKACP) and the one-pass version of this protocol (1P-AKACP) for one-way communications. Both protocols are based on the discrete logarithm problem (DLP) and have three phases: the registration, the transfer and verification, and the key generation.…”

Section: Related Workmentioning

confidence: 99%

“…The key agreement protocols we selected for comparison are the Key Exchange Algorithm (KEA) [20], the one-pass version (KEA1) and the version with key confirmation (KEAA), the Unified Model (UM) [1], the one-pass version (UM1) and the version with key confirmation (UMA), the Menezes-Qu-Vanstone (MQV) [18], the one-pass version (MQV1) and the version with key confirmation (MQVA), the Revised Nyberg-Rueppel protocol (RNR) [21], the one-pass Authenticated Key Agreement with key confirmation protocol (1P-AKACP) and the two-pass version (2P-AKACP) [19], the Chalkias-Hristou-Stephanides-Alexiadis protocol (CHHSA) [5] and the Horster-Michels-Petersen protocol (HMP) [12]. From the above protocols the Nyberg-Rueppel (but not the revised version) and the Horster-Michels-Petersen protocol supports message recovery.…”

Section: Preliminaries Goals and Requirementsmentioning

confidence: 99%

Authenticated Key Exchange (AKE) in Delay Tolerant Networks

Menesidou

Katos

2012

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Key exchange is considered to be a challenging problem in Delay Tolerant Networks (DTNs) operating in space environments. In this paper we investigate the options for integrating key exchange protocols with the Bundle Protocol. We demonstrate this by using a one-pass key establishment protocol. In doing so, we also highlight the peculiarities, issues and opportunities a DTN network maintains, which heavily influences the underlying security solution.

show abstract

An authenticated, secure, and mutable multiple‐session‐keys protocol based on elliptic curve cryptography and text‐to‐image encryption algorithm

Abusukhon

Mohammad

Al-Thaher

2021

Concurrency and Computation

Self Cite

View full text Add to dashboard Cite

Summary Most of the key agreement protocols (e.g., Menezes–Qu–Vanstone [MQV] family) generate one common key per session. This leaves the session key vulnerable against various attacks. This article proposed an enhanced multiple session key (EMSK) protocol which is based on the elliptic curve Diffie–Hellman (ECDH), HMQV, and the YAK protocols. The EMSK generates multiple session keys per session. Unlike the MQV protocol, the EMSK needs only two messages to be exchanged in order to create nine session keys. However, the MQV requires 18 messages to be exchanged in order to produce these nine session keys. In EMSK, one of the session keys is used to encrypt the plaintext using the one‐time pad cipher. The encrypted message is then embedded in an RGB‐image in order to provide confidentiality service of communication. The EMSK is evaluated theoretically against various types of attacks and practically using the Scyther simulator. The results from the simulator showed that the EMSK protocol withstand various types of attacks on the MQV, HMQV, and the YAK protocols, and provided perfect forward secrecy. In addition, the EMSK provides a digital signature feature which validates the authenticity and integrity of a digital message using the zero knowledge prove.

show abstract

Cryptanalysis and enhancement of two-pass authenticated key agreement with key confirmation protocols

Cited by 10 publications

References 16 publications

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Authenticated Key Exchange (AKE) in Delay Tolerant Networks

An authenticated, secure, and mutable multiple‐session‐keys protocol based on elliptic curve cryptography and text‐to‐image encryption algorithm

Contact Info

Product

Resources

About