Your browser does not support JavaScript!
http://iet.metastore.ingenta.com
1887

access icon free Group key exchange protocols withstanding ephemeral-key reveals

© The Institution of Engineering and Technology
Received 17/03/2017, Accepted 04/09/2017, Revised 15/08/2017, Published 05/09/2017

When a group key exchange protocol is executed, the session key is typically extracted from two types of secrets: long-term keys (for authentication) and freshly generated (often random) values. The leakage of this latter so-called ephemeral keys has been extensively analysed in the 2-party case, yet very few works are concerned with it in the group setting. The authors provide a generic group key exchange construction that is strongly secure, meaning that the attacker is allowed to learn both long-term and ephemeral keys (but not both from the same participant, as this would trivially disclose the session key). Their design can be seen as a compiler, in the sense that it builds on a 2-party key exchange protocol which is strongly secure and transforms it into a strongly secure group key exchange protocol by adding only one extra round of communication. When applied to an existing 2-party protocol from Bergsma et al., the result is a 2-round group key exchange protocol which is strongly secure in the standard model, thus yielding the first construction with this property.

Inspec keywords: cryptographic protocols

Other keywords: freshly generated values; 2-party key exchange protocol; long-term keys; generic group key exchange construction; ephemeral keys; group key exchange protocols

Subjects: Protocols; Cryptography; Data security

References

    1. 1)
      • 22. Gorantla, M.C., Boyd, C., Nieto, J.M.G., et al: ‘Modeling key compromise impersonation attacks on group key exchange protocols’, ACM Trans. Inf. Syst. Secur., 2011, 14, (4), p. 28.
    2. 2)
      • 8. Manulis, M., Suzuki, K., Ustaoglu, B.: ‘Modeling leakage of ephemeral secrets in tripartite/group key exchange’, IEICE Trans., 2013, 96-A, (1), pp. 101110.
    3. 3)
      • 33. Hofheinz, D., Kiltz, E.: ‘Programmable hash functions and their applications’, J. Cryptol., 2012, 25, (3), pp. 484527.
    4. 4)
      • 4. Gorantla, M.C., Boyd, C., González Nieto, J.M., et al: ‘Generic one round group key exchange in the standard model’. Information, Security and Cryptology – ICISC 2009, 12th Int. Conf., Seoul, Korea, 2–4 December 2009 (LNCS, 5984), pp. 115.
    5. 5)
      • 13. Tseng, Y.-M., Tsai, T.-T., Huang, S.-S.: ‘Enhancement on strongly secure group key agreement’, Sec. Commun. Netw., 2015, 8, (2), pp. 126135, SCN-13-0353.R1.
    6. 6)
      • 23. Diffie, W., van Oorschot, P.C., Wiener, M.J.: ‘Authentication and authenticated key exchanges’, Des. Codes Cryptogr., 1992, 2, (2), pp. 107125.
    7. 7)
      • 35. Hohenberger, S., Waters, B.: ‘Short and stateless signatures from the RSA assumption’. Advances in Cryptology – CRYPTO 2009, 29th Annual Int. Cryptology Conf. Proc., Santa Barbara, CA, USA, 16–20 August 2009 (LNCS, 5677), pp. 654670.
    8. 8)
      • 19. Bellare, M., Rogaway, P.: ‘Entity authentication and key distribution’. Advances in Cryptology – CRYPTO ‘93, 1994 (LNCS, 773), pp. 232249.
    9. 9)
      • 24. Günther, C.G.: ‘An identity-based key-exchange protocol’. Advances in Cryptology – EUROCRYPT ‘89, Workshop on the Theory and Application of Cryptographic Techniques Proc., Houthalen, Belgium, 10–13 April 1989 (LNCS, 434), pp. 2937.
    10. 10)
      • 26. Schäge, S.: ‘Strong security from probabilistic signature schemes’. Public Key Cryptography – PKC 2012 – 15th Int. Conf. Practice and Theory in Public Key Cryptography Proc., Darmstadt, Germany, 21–23 May 2012 (LNCS, 7293), pp. 84101.
    11. 11)
      • 42. Katz, J., Lindell, Y.: ‘Introduction to modern cryptography Chapman & Hall/Crc cryptography and network security series’ (Chapman & Hall/CRC, 2007).
    12. 12)
      • 31. Fischlin, M.: ‘The Cramer–Shoup strong-RSA signature scheme revisited’. IACR Cryptology ePrint Archive, 2002, 2002, vol. 17.
    13. 13)
      • 14. González-Vasco, M.I., del Pozo, Á.L.P., Suárez-Corona, A.: ‘Thwarting randomness reveals in group key agreement’. Proc. 16th Int. Conf. Computational and Mathematical Methods in Science and Engineering, CMMSE, 2016 (LNCS, 2), pp. 606614.
    14. 14)
      • 10. Bohli, J.-M., Vasco, M.I.G., Steinwandt, R.: ‘Secure group key establishment revisited’, Int. J. Inf. Secur., 2007, 6, (4), pp. 243254.
    15. 15)
      • 34. Hohenberger, S., Waters, B.: ‘Realizing hash-and-sign signatures under standard assumptions’. Advances in Cryptology – EUROCRYPT 2009, 28th Annual Int. Conf. Theory and Applications of Cryptographic Techniques Proc., Cologne, Germany, 26–30 April 2009 (LNCS, 5479), pp. 333350.
    16. 16)
      • 20. Katz, J., Yung, M.: ‘Scalable protocols for authenticated group key exchange’. Advances in Cryptology — CRYPTO'03, 2003 (LNCS, 2729), pp. 110125.
    17. 17)
      • 1. Cremers, C.J.F.: ‘Session-state reveal is stronger than ephemeral key reveal: attacking the NAXOS authenticated key exchange protocol’. Applied Cryptography and Network Security, Seventh Int. Conf., ACNS 2009 Proc., Paris-Rocquencourt, France, 2–5 June 2009 (LNCS, 5536), pp. 2033.
    18. 18)
      • 6. LaMacchia, B.A., Lauter, K.E., Mityagin, A.: ‘Stronger security of authenticated key exchange’. Provable Security, First Int. Conf., ProvSec 2007 Proc., Wollongong, Australia, 1–2 November 2007 (LNCS, 4784), pp. 116.
    19. 19)
      • 30. Cramer, R., Shoup, V.: ‘Signature schemes based on the strong RSA assumption’, ACM Trans. Inf. Syst. Secur., 2000, 3, (3), pp. 161185.
    20. 20)
      • 32. Gennaro, R., Halevi, S., Rabin, T.: ‘Secure hash-and-sign signatures without the random oracle’. Advances in Cryptology – EUROCRYPT ‘99, Int. Conf. Theory and Application of Cryptographic Techniques Proc., Prague, Czech Republic, 2–6 May 1999 (LNCS, 1592), pp. 123139.
    21. 21)
      • 36. Naccache, D., Pointcheval, D., Stern, J.: ‘Twin signatures: an alternative to the hash-and-sign paradigm’. CCS 2001, Proc. Eighth ACM Conf. Computer and Communications Security, Philadelphia, PA, USA, 6–8 November 2001, pp. 2027.
    22. 22)
      • 44. Cremers, C.J.F., Feltz, M.: ‘One-round strongly secure key exchange with perfect forward secrecy and deniability’, IACR Cryptology ePrint Archive, 2011, 2011, vol. 300.
    23. 23)
      • 37. Schäge, S.: ‘Twin signature schemes, revisited’. Provable Security, Third Int. Conf., ProvSec 2009 Proc., Guangzhou, China, 11–13 November 2009 (LNCS, 5848), pp. 104117.
    24. 24)
      • 7. Fujioka, A., Manulis, M., Suzuki, K., et al: ‘Sufficient condition for ephemeral key-leakage resilient tripartite key exchange’. Information Security and Privacy – 17th Australasian Conf., ACISP 2012 Proc., Wollongong, NSW, Australia, 9–11 July 2012 (LNCS, 7372), pp. 1528.
    25. 25)
      • 18. Bellare, M., Pointcheval, D., Rogaway, P.: ‘Authenticated Key exchange secure against dictionary attacks’. Advances in Cryptology – EUROCRYPT, 2000 (LNCS, 1807), pp. 139155.
    26. 26)
      • 15. Abdalla, M., Bohli, J.-M., Vasco, M.I.G., et al: ‘(Password) authenticated key establishment: from 2-party to group’. Theory of Cryptography, Fourth Theory of Cryptography Conf., TCC 2007, Proc., Amsterdam, The Netherlands, 21–24 February 2007 (LNCS, 4392), pp. 499514.
    27. 27)
      • 2. Bresson, E., Manulis, M.: ‘Securing group key exchange against strong corruptions’. Proc. 2008 ACM Symp. Information, Computer and Communications Security, ASIACCS 2008, Tokyo, Japan, 18–20 March 2008, pp. 249260.
    28. 28)
      • 28. Camenisch, J., Lysyanskaya, A.: ‘A signature scheme with efficient protocols’. Security in Communication Networks, Third Int. Conf., SCN 2002, Amalfi, Italy, 11–13 September 2002 (LNCS, 2576), pp. 268289.
    29. 29)
      • 12. Bergsma, F., Jager, T., Schwenk, J.: ‘One-round key exchange with strong security: an efficient and generic construction in the standard model’. Public-Key Cryptography – PKC 2015 – 18th IACR Int. Conf. Practice and Theory in Public-Key Cryptography Proc., Gaithersburg, MD, USA, 30 March–1 April 2015 (LNCS, 9020), pp. 477494.
    30. 30)
      • 43. Krawczyk, H.: ‘HMQV: a high-performance secure Diffie–Hellman protocol’. Advances in Cryptology – CRYPTO 2005: 25th Annual Int. Cryptology Conf. Proc., Santa Barbara, CA, USA, 14–18 August 2005 (LNCS, 3621), pp. 546566.
    31. 31)
      • 25. Bresson, E., Manulis, M., Schwenk, J.: ‘On security models and compilers for group key exchange protocols’. Advances in Information and Computer Security, Second Int. Workshop on Security, IWSEC 2007 Proc., Nara, Japan, 29–31 October 2007 (LNCS, 4752), pp. 292307.
    32. 32)
      • 11. Chen, C., Guo, Y., Zhang, R.: ‘Group key exchange resilient to leakage of ephemeral secret keys with strong contributiveness’. Public Key Infrastructures, Services and Applications – Ninth European Workshop, EuroPKI 2012, Pisa, Italy, 13–14 September 2012 (LNCS, 7868), pp. 1736.
    33. 33)
      • 21. Abdalla, M., Fouque, P.-A., Pointcheval, D.: ‘Password-based authenticated key exchange in the three-party setting’. Public Key Cryptography – PKC 2005, Eighth Int. Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets Proc., Switzerland, 23–26 January 2005 (LNCS, 3386) pp. 6584.
    34. 34)
      • 40. Naor, M., Yung, M.: ‘Universal one-way hash functions and their cryptographic applications’. Proc. 21st Annual ACM Symp. Theory of Computing, 14–17 May 1989, Seattle, WA, DC, USA, pp. 3343.
    35. 35)
      • 17. Mayer, A., Yung, M.: ‘Secure protocol transformation via ‘expansion’: from two-party to groups’. Proc. Sixth ACM Conf. Computer and Communications Security, CCS ‘99ACM, New York, NY, USA, 1999, pp. 8392.
    36. 36)
      • 38. Zhu, H.-F.: ‘New digital signature scheme attaining immunity to adaptive chosen message attack’, Chin. J. Electron., 2001, 10, (4), pp. 484486.
    37. 37)
      • 9. Zhao, J., Gu, D., Gorantla, M.C.: ‘Stronger security model of group key agreement’. Proc. Sixth ACM Symp. Information, Computer and Communications Security, ASIACCS 2011, Hong Kong, China, 22–24 March 2011, pp. 435440.
    38. 38)
      • 45. Fujioka, A., Suzuki, K., Xagawa, K., et al: ‘Strongly secure authenticated key exchange from factoring, codes, and lattices’, Des. Codes Cryptogr., 2015, 76, (3), pp. 469504.
    39. 39)
      • 41. Burmester, M., Desmedt, Y.: ‘A secure and efficient conference key distribution system’. Advances in Cryptology – EUROCRYPT’ 94, 1995 (LNCS, 950), pp. 275286.
    40. 40)
      • 16. Burmester, M., Desmedt, Y.G.: ‘Efficient and secure conference-key distribution’. Security Protocols: Int. Workshop Cambridge Proc., UK, 10–12 April 1996, pp. 119129.
    41. 41)
      • 27. Boneh, D., Boyen, X.: ‘Short signatures without random oracles and the SDH assumption in bilinear groups’, J. Cryptol., 2008, 21, (2), pp. 149177.
    42. 42)
      • 29. Camenisch, J., Lysyanskaya, A.: ‘Signature schemes and anonymous credentials from bilinear maps’. Advances in Cryptology – CRYPTO 2004, 24th Annual Int. Cryptology Conf. Proc., Santa Barbara, CA, USA, 15–19 August 2004 (LNCS, 3152), pp. 5672.
    43. 43)
      • 3. Brecher, T., Bresson, E., Manulis, M.: ‘Fully robust tree-Diffie–Hellman group key exchange’. Cryptology and Network Security, Eighth Int. Conf., CANS 2009 Proc., Kanazawa, Japan, 12–14 December 2009 (LNCS, 5888), pp. 478497.
    44. 44)
      • 5. Gorantla, M.C., Boyd, C., Nieto, J.M.G.: ‘Modeling key compromise impersonation attacks on group key exchange protocols’. Public Key Cryptography – PKC, 2009 (LNCS, 5443), pp. 105123.
    45. 45)
      • 39. Katz, J., Shin, J.S.: ‘Modeling insider attacks on group key-exchange protocols’. IACR Cryptology ePrint Archive, 2005, 2005, vol. 163.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0131
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0131
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
Print this page
This is a required field
Please enter a valid email address