access icon free Unified security model of authenticated key exchange with specific adversarial capabilities

© The Institution of Engineering and Technology
Received 04/01/2014, Accepted 14/04/2015, Revised 30/03/2015, Published 01/01/2016

The most widely accepted models in the security proofs of authenticated key exchange protocols are the Canetti–Krawczyk (CK) and extended CK models that admit different adversarial queries with ambiguities and incomparable strength. It is desirable to incorporate specific and powerful adversarial queries into a single unified security model and establish a more practical oriented security notion. Concerning the security of one-round implicitly authenticated Diffie–Hellman (DH) key exchange protocols, the authors present a unified security model that has many advantages over the previous ones. In the model, a system environment is set up, all of adversarial queries are practically interpreted and definitely characterised through physical environment, and some rigorous rules of secret leakage are also specified. To demonstrate usability of their model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented strong security notion and attains high efficiency. The protocol is proven secure in random oracle model under gap DH assumption.

Inspec keywords: cryptographic protocols

Other keywords: authenticated key exchange protocols; extended CK model; adversarial capabilities; unified security model; Canetti-Krawczyk model; secret leakage; security proofs; random oracle model; gap DH assumption; one-round implicitly authenticated Diffie-Hellman key exchange protocols; OAKE protocol

Subjects: Cryptography; Protocols; Data security

References

    1. 1)
      • 2. Canetti, R., Krawczyk, H.: ‘Analysis of key-exchange protocols and their use for building secure channels’. Proc. Int. Conf. Theory and Application of Cryptographic Techniques (EUROCRYPT 2001), 2001, (LNCS, 2045), pp. 453474.
    2. 2)
      • 14. Sarr, A.P., Elbaz-Vincent, P., Bajard, J.: ‘A secure and efficient authenticated Diffie–Hellman protocol’. Proc. European Workshop on Public key Infrastructures, Services and Applications (EuroPKI 2010), 2010, (LNCS, 6391), pp. 8398.
    3. 3)
      • 6. Cremers, C.J.F.: ‘Formally and practically relating the CK, CK-HMQV, and eCK security models for authenticated key exchange’, IACR Cryptology ePrint Archiveb, Report 2009/253, 2009.
    4. 4)
      • 22. Moriyama, D., Okamoto, T.: ‘An eCK-secure authenticated key exchange protocol without random oracles’. Proc. Int. Conf. Provable Security (ProvSec 2009), 2009, (LNCS, 5848), pp. 154167.
    5. 5)
      • 9. Okamoto, T.: ‘Authenticated key exchange and key encapsulation in the standard model’. Proc. Int. Conf. Theory and Application of Cryptology and Information Security (ASIACRYPT 2007), 2007 (LNCS, 4833), pp. 474484.
    6. 6)
      • 23. Okamoto, T., Pointcheval, D.: ‘The gap-problems: a new class of problems for the security of cryptographic schemes’. Proc. Int. Conf. Practice and Theory in Public-Key Cryptography (PKC 2001), 2001, (LNCS, 1992), pp. 104118.
    7. 7)
    8. 8)
      • 24. Boyd, C., Cliff, Y., Nieto, J.G., et al: ‘Efficient one-round key exchange in the standard model’. ‘mtInformation Security and Privacy’|, 2008, (LNCS, 5107), pp. 6983.
    9. 9)
    10. 10)
      • 19. Benoît, O., Peyrin, T.: ‘Side-channel analysis of six SHA-3 candidates’. Proc. Int. Conf. Cryptographic Hardware and Embedded Systems (CHES 2010), 2010, (LNCS, 6225), pp. 140157.
    11. 11)
      • 16. Fujioka, A., Suzuki, K., Xagawa, K., et al: ‘Strongly secure authenticated key exchange from factoring, codes, and lattices’. Proc. Int. Conf. Practice and Theory in Public-Key Cryptography (PKC 2012), 2012, (LNCS, 7293), pp. 467484.
    12. 12)
      • 13. Yoneyama, K., Zhao, Y.: ‘Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage’. Proc. Int. Conf. Provable Security (ProvSec 2011), 2011, (LNCS, 6980), pp. 348365.
    13. 13)
    14. 14)
      • 26. Blum, M., Feldman, P., Micali, S.: ‘Non-interactive zero-knowledge and its applications’. ACM Symp. on Theory of Computing (STOC 1988), pp. 103112.
    15. 15)
      • 1. Bellare, M., Rogaway, P.: ‘Entity authentication and key distribution’. Proc. Int. Conf. Cryptology (CRYPTO 1993), 1993, (LNCS, 773), pp. 232249.
    16. 16)
      • 17. Sarr, A.P., Elbaz-Vincent, P.: ‘A complementary analysis of the (s)YZ and DIKE protocols’. Proc. Int. Conf. Cryptology (AFRICACRYPT 2012), 2012, (LNCS, 7374), pp. 203220.
    17. 17)
      • 12. Cremers, C.J.F., Feltz, M.: ‘Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal’. European Symp. on Research in Computer Security (ESORICS 2012), 2012, (LNCS, 7459), pp. 734751.
    18. 18)
      • 5. Cremers, C.J.F.: ‘Session-state reveal is stronger than ephemeral key reveal: attacking the NAXOS key exchange protocol’. Proc. Int. Conf. Applied Cryptography and Network Security (ACNS 2009), 2009, (LNCS, 5536), pp. 2033.
    19. 19)
      • 15. Yao, A.C., Zhao, Y.: ‘A new family of practical non-malleable protocols’. IACR Cryptology ePrint Archive, Report 2011/035, 2011.
    20. 20)
      • 10. Yao, A.C., Zhao, Y.: ‘OAKE: a new family of implicitly authenticated Diffie–Hellman protocols’. Proc. ACM Conf. Computer and Communications Security (CCS 2013), pp. 11131128.
    21. 21)
      • 3. LaMacchia, B., Lauter, K., Mityagin, A.: ‘Stronger security of authenticated key exchange’. Proc. Int. Conf. Provable Security (ProvSec 2007), 2007, (LNCS, 4784), pp. 116.
    22. 22)
      • 25. Cremers, C.: ‘Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK’. Proc. Sixth ACM Symp. on Information, Computer and Communications Security, (ASIACCS 2011), pp. 8091.
    23. 23)
      • 18. Bellare, M., Brakerski, Z., Naor, M., et al: ‘Hedged public-key encryption: how to protect against bad randomness’. IACR Cryptology ePrint Archive, Report 2012/220, 2012.
    24. 24)
      • 4. Sarr, A.P., Elbaz-Vincent, P., Bajard, J.: ‘A new security model for authenticated key agreement’. Proc. Int. Conf. Security and Cryptography for Networks (SCN 2010), 2010, (LNCS, 6280), pp. 219234.
    25. 25)
      • 7. Ustaoglu, B.: ‘Comparing SessionStateReveal and EphemeralKeyReveal for Diffie–Hellman protocols’. Proc. Int. Conf. Provable Security (ProvSec 2009), 2009 (LNCS, 5848), pp. 183197.
    26. 26)
      • 21. Cremers, C.J.F., Feltz, M.: ‘One-round strongly secure key exchange with perfect forward secrecy and deniability’. IACR Cryptology ePrint Archive, Report 2011/300, 2011.
    27. 27)
      • 11. Krawczyk, H.: ‘HMQV: a high-performance secure Diffie–Hellman protocol’. Proc. Int. Conf. Cryptology (CRYPTO 2005), 2005 (LNCS, 3621), pp. 546566.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2014.0234
Loading

Related content

content/journals/10.1049/iet-ifs.2014.0234
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading