Efficient Leakage-Resilient Authenticated Key Agreement Protocol in the Continual Leakage eCK Model

Wu, Jui-Di; Tseng, Yuh‐Min; Huang, Sen–Shan

doi:10.1109/access.2018.2799298

Cited by 13 publications

(16 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Continual leakage security models emerged prominently due to the side‐channel attacks; therefore, many security models are developed to cope with continually revealing long‐term and short‐term secrets in the case of establishing a session key during the cryptographic protocol run 18–24 . There are four properties of the continual leakage models, namely, the only computation leakage, bounded leakage of single computation round, independent leakage between computation rounds, and overall unbounded leakage 24 …”

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

“…The ephemeral‐key reveal query was introduced in the extended CK (eCK) model instead of the session‐state reveal query in the original model 10 therefore, many security models have been proposed to clarify what kinds of information could be revealed from session state 11–17 . The continual leakage security models emerged prominently due to side‐channel attacks; therefore, many security models are developed to cope with continually revealing long‐term and short‐term secrets in the case of establishing a session key during the cryptographic protocol run 18–24 …”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad

2020

Int J Communication

View full text Add to dashboard Cite

Hao proposed the YAK as a robust key agreement based on public-key authentication, and the author claimed that the YAK protocol withstands all known attacks and therefore is secure against an extremely strong adversary. However, Toorani showed the security flaws in the YAK protocol. This paper shows that the YAK protocol cannot withstand the known key security attack, and its consequences lead us to introduce a new key compromise impersonation attack, where an adversary is allowed to reveal both the shared static secret key between two-party participation and the ephemeral private key of the initiator party in order to mount this attack. In addition, we present a new security model that covers these attacks against an extremely strong adversary. Moreover, we propose an improved YAK protocol to remedy these attacks and the previous attacks mentioned by Toorani on the YAK protocol, and the proposed protocol uses a verification mechanism in its block design that provides entity authentication and key confirmation. Meanwhile, we show that the proposed protocol is secure in the proposed formal security model under the gap Diffie-Hellman assumption and the random oracle assumption. Moreover, we verify the security of the proposed protocol and YAK protocol by using an automatic verification method such as the Scyther tool, and the verification result shows that the security claims of the proposed protocol are proven, in contrast to those of the YAK protocol, which are not proven. The security and performance comparisons show that the improved YAK protocol outperforms previous related protocols. K E Y W O R D Sauthenticated key agreement, cryptanalysis, eCK, formal security model, key compromise impersonation, known key security, Scyther tool | INTRODUCTIONAs a result of the rapid development in the Internet of Things (IoT)-related applications in daily life, which uses diverse communication devices, securing data has become a more challenging task. Due to a diverse powerful adversary for revealing secret information from a party's participation via the open communication model, many formal security models and automated verification tools have been developed for finding security flaws in proposed new protocols before implementing them in applications. Consequently, secret key distribution and user authentication became the most important security issues in IoT. Nowadays, the security proof and verification process of an Authenticated Key Agreement (AKA) protocol in the formal security model is important for successful IoT applications.Diffie-Hellman (DH) key exchange protocol is a fundamental building block to distribute a shared secret key over an insecure communication model, 1 which is based on the concept of asymmetric cryptography. The shared secret key is used to provide confidentiality, integrity, nonrepudiation, and authenticity for data during transmission over an untrusted communication model. An AKA protocol is based on a public key, wherein the two intended participating parties exchange static and ephemeral ...

show abstract

Section: The Security Models and The Proposed Ecke Modelmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Mohammad

2020

Int J Communication

View full text Add to dashboard Cite

show abstract

“…However, the key update technique is time-consuming. Recently, Wu et al [42] proposed an efficient LR-AKE protocol in the CLReCK model. In Wu et al's protocol, they employed the multiplicative blinding method [23], [24], [25] to reduce the computation cost of the key update procedure.…”

Section: Related Workmentioning

confidence: 99%

“…In the following, based on the CLReCK model in [42], [46], we define the associated CLReCK model of LR-CLAKE protocols to model the abilities of adversaries under the CL-PKC settings. As mentioned earlier, in a CL-PKC setting, the KGC has the long-term system secret key SSK.…”

Section: Security Notions (Adversary Model) Of Lr-clake Protocolsmentioning

confidence: 99%

A Leakage-Resilient Certificateless Authenticated Key Exchange Protocol Withstanding Side-Channel Attacks

2020

Self Cite

View full text Add to dashboard Cite

Certificateless public-key cryptography has conquered both the certificate management problem in the traditional public-key cryptography and the key escrow problem in the ID-based public-key cryptography. Certificateless authenticated key exchange (CLAKE) protocol is an important primitive of the certificateless public-key cryptography. A CLAKE protocol is employed to provide both mutual authentication and establishing a session key between two participators. Indeed, all conventional public-key cryptographies have encountered a new kind of attack, named "side-channel attacks". Fortunately, leakageresilient cryptography is a flexible approach to withstand such attacks. However, the design of leakageresilient CLAKE (LR-CLAKE) protocols is not studied. In the article, by extending the well-known extended-Canetti-Krawczyk (eCK) model, we present the security notions (adversary model) of LR-CLAKE protocols, called continual-leakage-resilient eCK (CLReCK) model. The first LR-CLAKE protocol withstanding side-channel attacks is proposed. By employing the proof technique of the generic bilinear group (GBG) model, we formally prove the security of our protocol in the CLReCK model.

show abstract

“…These leakage-resilient cryptographic schemes allow adversaries to gain partial information of private keys, secret keys and random values while keeping the security of these leakage-resilient cryptographic schemes. In the past decade, numerous leakage-resilient cryptographic primitives based on the traditional public-key settings have been proposed, such as leakage-resilient signature schemes [15], [16], [17], leakage-resilient authenticated key exchange protocols [18], [19], [20] and leakage-resilient encryption schemes [21], [22], [23], [24], [25], [26].…”

Section: Introductionmentioning

confidence: 99%

Leakage-Resilient Certificate-based Key Encapsulation Scheme Resistant to Continual Leakage

Tseng

Huang

et al. 2020

IEEE Open J. Comput. Soc.

Self Cite

View full text Add to dashboard Cite

In the past, the security of most public-key encryption or key encapsulation schemes is shown in an ideal model, where private keys, secret keys and random values are assumed to be absolutely secure to adversaries. However, this ideal model is not practical due to side-channel attacks in the sense that adversaries could gain partial information of these secret values involved in decryption operations by perceiving energy consumption or execution timing. In such a case, these schemes under the ideal model could suffer from side-channel attacks. Recently, leakage-resilient cryptography resistant to side-channel attacks is an emerging research topic. Certificatebased encryption (CBE) or certificate-based key encapsulation (CB-KE) schemes are a class of important public-key encryption. However, little work addresses the design of leakageresilient CBE (LR-CBE) or leakage-resilient CB-KE (LR-CB-KE) schemes. In this paper, we present the first LR-CB-KE scheme with overall unbounded leakage property which permits adversaries to continuously gain partial information of the system secret key of a trusted certificate authority (CA), the private keys and certificates of users, and random values. In the generic bilinear group model, formal security analysis is made to prove that the proposed LR-CB-KE scheme is secure against chosen ciphertext attacks.

show abstract

Efficient Leakage-Resilient Authenticated Key Agreement Protocol in the Continual Leakage eCK Model

Cited by 13 publications

References 40 publications

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

Cryptanalysis and improvement of the YAK protocol with formal security proof and security verification via Scyther

A Leakage-Resilient Certificateless Authenticated Key Exchange Protocol Withstanding Side-Channel Attacks

Leakage-Resilient Certificate-based Key Encapsulation Scheme Resistant to Continual Leakage

Contact Info

Product

Resources

About