http://iet.metastore.ingenta.com
1887

Group key exchange protocols withstanding ephemeral-key reveals

Group key exchange protocols withstanding ephemeral-key reveals

For access to this article, please select a purchase option:

Buy article PDF
£12.50
(plus tax if applicable)
Buy Knowledge Pack
10 articles for £75.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend to library

You must fill out fields marked with: *

Librarian details
Name:*
Email:*
Your details
Name:*
Email:*
Department:*
Why are you recommending this title?
Select reason:
 
 
 
 
 
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

When a group key exchange protocol is executed, the session key is typically extracted from two types of secrets: long-term keys (for authentication) and freshly generated (often random) values. The leakage of this latter so-called ephemeral keys has been extensively analysed in the 2-party case, yet very few works are concerned with it in the group setting. The authors provide a generic group key exchange construction that is strongly secure, meaning that the attacker is allowed to learn both long-term and ephemeral keys (but not both from the same participant, as this would trivially disclose the session key). Their design can be seen as a compiler, in the sense that it builds on a 2-party key exchange protocol which is strongly secure and transforms it into a strongly secure group key exchange protocol by adding only one extra round of communication. When applied to an existing 2-party protocol from Bergsma et al., the result is a 2-round group key exchange protocol which is strongly secure in the standard model, thus yielding the first construction with this property.

References

    1. 1)
      • C.J.F. Cremers .
        1. Cremers, C.J.F.: ‘Session-state reveal is stronger than ephemeral key reveal: attacking the NAXOS authenticated key exchange protocol’. Applied Cryptography and Network Security, Seventh Int. Conf., ACNS 2009 Proc., Paris-Rocquencourt, France, 2–5 June 2009 (LNCS, 5536), pp. 2033.
        . Applied Cryptography and Network Security, Seventh Int. Conf., ACNS 2009 Proc. , 20 - 33
    2. 2)
      • E. Bresson , M. Manulis .
        2. Bresson, E., Manulis, M.: ‘Securing group key exchange against strong corruptions’. Proc. 2008 ACM Symp. Information, Computer and Communications Security, ASIACCS 2008, Tokyo, Japan, 18–20 March 2008, pp. 249260.
        . Proc. 2008 ACM Symp. Information, Computer and Communications Security, ASIACCS 2008 , 249 - 260
    3. 3)
      • T. Brecher , E. Bresson , M. Manulis .
        3. Brecher, T., Bresson, E., Manulis, M.: ‘Fully robust tree-Diffie–Hellman group key exchange’. Cryptology and Network Security, Eighth Int. Conf., CANS 2009 Proc., Kanazawa, Japan, 12–14 December 2009 (LNCS, 5888), pp. 478497.
        . Cryptology and Network Security, Eighth Int. Conf., CANS 2009 Proc. , 478 - 497
    4. 4)
      • M.C. Gorantla , C. Boyd , J.M. González Nieto .
        4. Gorantla, M.C., Boyd, C., González Nieto, J.M., et al: ‘Generic one round group key exchange in the standard model’. Information, Security and Cryptology – ICISC 2009, 12th Int. Conf., Seoul, Korea, 2–4 December 2009 (LNCS, 5984), pp. 115.
        . Information, Security and Cryptology – ICISC 2009, 12th Int. Conf. , 1 - 15
    5. 5)
      • M.C. Gorantla , C. Boyd , J.M.G. Nieto .
        5. Gorantla, M.C., Boyd, C., Nieto, J.M.G.: ‘Modeling key compromise impersonation attacks on group key exchange protocols’. Public Key Cryptography – PKC, 2009 (LNCS, 5443), pp. 105123.
        . Public Key Cryptography – PKC , 105 - 123
    6. 6)
      • B.A. LaMacchia , K.E. Lauter , A. Mityagin .
        6. LaMacchia, B.A., Lauter, K.E., Mityagin, A.: ‘Stronger security of authenticated key exchange’. Provable Security, First Int. Conf., ProvSec 2007 Proc., Wollongong, Australia, 1–2 November 2007 (LNCS, 4784), pp. 116.
        . Provable Security, First Int. Conf., ProvSec 2007 Proc. , 1 - 16
    7. 7)
      • A. Fujioka , M. Manulis , K. Suzuki .
        7. Fujioka, A., Manulis, M., Suzuki, K., et al: ‘Sufficient condition for ephemeral key-leakage resilient tripartite key exchange’. Information Security and Privacy – 17th Australasian Conf., ACISP 2012 Proc., Wollongong, NSW, Australia, 9–11 July 2012 (LNCS, 7372), pp. 1528.
        . Information Security and Privacy – 17th Australasian Conf., ACISP 2012 Proc. , 15 - 28
    8. 8)
      • M. Manulis , K. Suzuki , B. Ustaoglu .
        8. Manulis, M., Suzuki, K., Ustaoglu, B.: ‘Modeling leakage of ephemeral secrets in tripartite/group key exchange’, IEICE Trans., 2013, 96-A, (1), pp. 101110.
        . IEICE Trans. , 1 , 101 - 110
    9. 9)
      • J. Zhao , D. Gu , M.C. Gorantla .
        9. Zhao, J., Gu, D., Gorantla, M.C.: ‘Stronger security model of group key agreement’. Proc. Sixth ACM Symp. Information, Computer and Communications Security, ASIACCS 2011, Hong Kong, China, 22–24 March 2011, pp. 435440.
        . Proc. Sixth ACM Symp. Information, Computer and Communications Security, ASIACCS 2011 , 435 - 440
    10. 10)
      • J.-M. Bohli , M.I.G. Vasco , R. Steinwandt .
        10. Bohli, J.-M., Vasco, M.I.G., Steinwandt, R.: ‘Secure group key establishment revisited’, Int. J. Inf. Secur., 2007, 6, (4), pp. 243254.
        . Int. J. Inf. Secur. , 4 , 243 - 254
    11. 11)
      • C. Chen , Y. Guo , R. Zhang .
        11. Chen, C., Guo, Y., Zhang, R.: ‘Group key exchange resilient to leakage of ephemeral secret keys with strong contributiveness’. Public Key Infrastructures, Services and Applications – Ninth European Workshop, EuroPKI 2012, Pisa, Italy, 13–14 September 2012 (LNCS, 7868), pp. 1736.
        . Public Key Infrastructures, Services and Applications – Ninth European Workshop, EuroPKI 2012 , 17 - 36
    12. 12)
      • F. Bergsma , T. Jager , J. Schwenk .
        12. Bergsma, F., Jager, T., Schwenk, J.: ‘One-round key exchange with strong security: an efficient and generic construction in the standard model’. Public-Key Cryptography – PKC 2015 – 18th IACR Int. Conf. Practice and Theory in Public-Key Cryptography Proc., Gaithersburg, MD, USA, 30 March–1 April 2015 (LNCS, 9020), pp. 477494.
        . Public-Key Cryptography – PKC 2015 – 18th IACR Int. Conf. Practice and Theory in Public-Key Cryptography Proc. , 477 - 494
    13. 13)
      • Y.-M. Tseng , T.-T. Tsai , S.-S. Huang .
        13. Tseng, Y.-M., Tsai, T.-T., Huang, S.-S.: ‘Enhancement on strongly secure group key agreement’, Sec. Commun. Netw., 2015, 8, (2), pp. 126135, SCN-13-0353.R1.
        . Sec. Commun. Netw. , 2 , 126 - 135
    14. 14)
      • M.I. González-Vasco , Á.L.P. del Pozo , A. Suárez-Corona .
        14. González-Vasco, M.I., del Pozo, Á.L.P., Suárez-Corona, A.: ‘Thwarting randomness reveals in group key agreement’. Proc. 16th Int. Conf. Computational and Mathematical Methods in Science and Engineering, CMMSE, 2016 (LNCS, 2), pp. 606614.
        . Proc. 16th Int. Conf. Computational and Mathematical Methods in Science and Engineering, CMMSE , 606 - 614
    15. 15)
      • M. Abdalla , J.-M. Bohli , M.I.G. Vasco .
        15. Abdalla, M., Bohli, J.-M., Vasco, M.I.G., et al: ‘(Password) authenticated key establishment: from 2-party to group’. Theory of Cryptography, Fourth Theory of Cryptography Conf., TCC 2007, Proc., Amsterdam, The Netherlands, 21–24 February 2007 (LNCS, 4392), pp. 499514.
        . Theory of Cryptography, Fourth Theory of Cryptography Conf., TCC 2007, Proc. , 499 - 514
    16. 16)
      • M. Burmester , Y.G. Desmedt .
        16. Burmester, M., Desmedt, Y.G.: ‘Efficient and secure conference-key distribution’. Security Protocols: Int. Workshop Cambridge Proc., UK, 10–12 April 1996, pp. 119129.
        . Security Protocols: Int. Workshop Cambridge Proc. , 119 - 129
    17. 17)
      • A. Mayer , M. Yung .
        17. Mayer, A., Yung, M.: ‘Secure protocol transformation via ‘expansion’: from two-party to groups’. Proc. Sixth ACM Conf. Computer and Communications Security, CCS ‘99ACM, New York, NY, USA, 1999, pp. 8392.
        . Proc. Sixth ACM Conf. Computer and Communications Security, CCS ‘99ACM , 83 - 92
    18. 18)
      • M. Bellare , D. Pointcheval , P. Rogaway .
        18. Bellare, M., Pointcheval, D., Rogaway, P.: ‘Authenticated Key exchange secure against dictionary attacks’. Advances in Cryptology – EUROCRYPT, 2000 (LNCS, 1807), pp. 139155.
        . Advances in Cryptology – EUROCRYPT , 139 - 155
    19. 19)
      • M. Bellare , P. Rogaway .
        19. Bellare, M., Rogaway, P.: ‘Entity authentication and key distribution’. Advances in Cryptology – CRYPTO ‘93, 1994 (LNCS, 773), pp. 232249.
        . Advances in Cryptology – CRYPTO ‘93 , 232 - 249
    20. 20)
      • J. Katz , M. Yung .
        20. Katz, J., Yung, M.: ‘Scalable protocols for authenticated group key exchange’. Advances in Cryptology — CRYPTO'03, 2003 (LNCS, 2729), pp. 110125.
        . Advances in Cryptology — CRYPTO'03 , 110 - 125
    21. 21)
      • M. Abdalla , P.-A. Fouque , D. Pointcheval .
        21. Abdalla, M., Fouque, P.-A., Pointcheval, D.: ‘Password-based authenticated key exchange in the three-party setting’. Public Key Cryptography – PKC 2005, Eighth Int. Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets Proc., Switzerland, 23–26 January 2005 (LNCS, 3386) pp. 6584.
        . Public Key Cryptography – PKC 2005, Eighth Int. Workshop on Theory and Practice in Public Key Cryptography, Les Diablerets Proc. , 65 - 84
    22. 22)
      • M.C. Gorantla , C. Boyd , J.M.G. Nieto .
        22. Gorantla, M.C., Boyd, C., Nieto, J.M.G., et al: ‘Modeling key compromise impersonation attacks on group key exchange protocols’, ACM Trans. Inf. Syst. Secur., 2011, 14, (4), p. 28.
        . ACM Trans. Inf. Syst. Secur. , 4 , 28
    23. 23)
      • W. Diffie , P.C. van Oorschot , M.J. Wiener .
        23. Diffie, W., van Oorschot, P.C., Wiener, M.J.: ‘Authentication and authenticated key exchanges’, Des. Codes Cryptogr., 1992, 2, (2), pp. 107125.
        . Des. Codes Cryptogr. , 2 , 107 - 125
    24. 24)
      • C.G. Günther .
        24. Günther, C.G.: ‘An identity-based key-exchange protocol’. Advances in Cryptology – EUROCRYPT ‘89, Workshop on the Theory and Application of Cryptographic Techniques Proc., Houthalen, Belgium, 10–13 April 1989 (LNCS, 434), pp. 2937.
        . Advances in Cryptology – EUROCRYPT ‘89 , 29 - 37
    25. 25)
      • E. Bresson , M. Manulis , J. Schwenk .
        25. Bresson, E., Manulis, M., Schwenk, J.: ‘On security models and compilers for group key exchange protocols’. Advances in Information and Computer Security, Second Int. Workshop on Security, IWSEC 2007 Proc., Nara, Japan, 29–31 October 2007 (LNCS, 4752), pp. 292307.
        . Advances in Information and Computer Security, Second Int. Workshop on Security, IWSEC 2007 Proc. , 292 - 307
    26. 26)
      • S. Schäge .
        26. Schäge, S.: ‘Strong security from probabilistic signature schemes’. Public Key Cryptography – PKC 2012 – 15th Int. Conf. Practice and Theory in Public Key Cryptography Proc., Darmstadt, Germany, 21–23 May 2012 (LNCS, 7293), pp. 84101.
        . Public Key Cryptography – PKC 2012 – 15th Int. Conf. Practice and Theory in Public Key Cryptography Proc. , 84 - 101
    27. 27)
      • D. Boneh , X. Boyen .
        27. Boneh, D., Boyen, X.: ‘Short signatures without random oracles and the SDH assumption in bilinear groups’, J. Cryptol., 2008, 21, (2), pp. 149177.
        . J. Cryptol. , 2 , 149 - 177
    28. 28)
      • J. Camenisch , A. Lysyanskaya .
        28. Camenisch, J., Lysyanskaya, A.: ‘A signature scheme with efficient protocols’. Security in Communication Networks, Third Int. Conf., SCN 2002, Amalfi, Italy, 11–13 September 2002 (LNCS, 2576), pp. 268289.
        . Security in Communication Networks, Third Int. Conf., SCN 2002 , 268 - 289
    29. 29)
      • J. Camenisch , A. Lysyanskaya .
        29. Camenisch, J., Lysyanskaya, A.: ‘Signature schemes and anonymous credentials from bilinear maps’. Advances in Cryptology – CRYPTO 2004, 24th Annual Int. Cryptology Conf. Proc., Santa Barbara, CA, USA, 15–19 August 2004 (LNCS, 3152), pp. 5672.
        . Advances in Cryptology – CRYPTO 2004, 24th Annual Int. Cryptology Conf. Proc. , 56 - 72
    30. 30)
      • R. Cramer , V. Shoup .
        30. Cramer, R., Shoup, V.: ‘Signature schemes based on the strong RSA assumption’, ACM Trans. Inf. Syst. Secur., 2000, 3, (3), pp. 161185.
        . ACM Trans. Inf. Syst. Secur. , 3 , 161 - 185
    31. 31)
      • M. Fischlin .
        31. Fischlin, M.: ‘The Cramer–Shoup strong-RSA signature scheme revisited’. IACR Cryptology ePrint Archive, 2002, 2002, vol. 17.
        . IACR Cryptology ePrint Archive, 2002
    32. 32)
      • R. Gennaro , S. Halevi , T. Rabin .
        32. Gennaro, R., Halevi, S., Rabin, T.: ‘Secure hash-and-sign signatures without the random oracle’. Advances in Cryptology – EUROCRYPT ‘99, Int. Conf. Theory and Application of Cryptographic Techniques Proc., Prague, Czech Republic, 2–6 May 1999 (LNCS, 1592), pp. 123139.
        . Advances in Cryptology – EUROCRYPT ‘99, Int. Conf. Theory and Application of Cryptographic Techniques Proc. , 123 - 139
    33. 33)
      • D. Hofheinz , E. Kiltz .
        33. Hofheinz, D., Kiltz, E.: ‘Programmable hash functions and their applications’, J. Cryptol., 2012, 25, (3), pp. 484527.
        . J. Cryptol. , 3 , 484 - 527
    34. 34)
      • S. Hohenberger , B. Waters .
        34. Hohenberger, S., Waters, B.: ‘Realizing hash-and-sign signatures under standard assumptions’. Advances in Cryptology – EUROCRYPT 2009, 28th Annual Int. Conf. Theory and Applications of Cryptographic Techniques Proc., Cologne, Germany, 26–30 April 2009 (LNCS, 5479), pp. 333350.
        . Advances in Cryptology – EUROCRYPT 2009, 28th Annual Int. Conf. Theory and Applications of Cryptographic Techniques Proc. , 333 - 350
    35. 35)
      • S. Hohenberger , B. Waters .
        35. Hohenberger, S., Waters, B.: ‘Short and stateless signatures from the RSA assumption’. Advances in Cryptology – CRYPTO 2009, 29th Annual Int. Cryptology Conf. Proc., Santa Barbara, CA, USA, 16–20 August 2009 (LNCS, 5677), pp. 654670.
        . Advances in Cryptology – CRYPTO 2009, 29th Annual Int. Cryptology Conf. Proc. , 654 - 670
    36. 36)
      • D. Naccache , D. Pointcheval , J. Stern .
        36. Naccache, D., Pointcheval, D., Stern, J.: ‘Twin signatures: an alternative to the hash-and-sign paradigm’. CCS 2001, Proc. Eighth ACM Conf. Computer and Communications Security, Philadelphia, PA, USA, 6–8 November 2001, pp. 2027.
        . CCS 2001, Proc. Eighth ACM Conf. Computer and Communications Security , 20 - 27
    37. 37)
      • S. Schäge .
        37. Schäge, S.: ‘Twin signature schemes, revisited’. Provable Security, Third Int. Conf., ProvSec 2009 Proc., Guangzhou, China, 11–13 November 2009 (LNCS, 5848), pp. 104117.
        . Provable Security, Third Int. Conf., ProvSec 2009 Proc. , 104 - 117
    38. 38)
      • H.-F. Zhu .
        38. Zhu, H.-F.: ‘New digital signature scheme attaining immunity to adaptive chosen message attack’, Chin. J. Electron., 2001, 10, (4), pp. 484486.
        . Chin. J. Electron. , 4 , 484 - 486
    39. 39)
      • J. Katz , J.S. Shin .
        39. Katz, J., Shin, J.S.: ‘Modeling insider attacks on group key-exchange protocols’. IACR Cryptology ePrint Archive, 2005, 2005, vol. 163.
        . IACR Cryptology ePrint Archive, 2005
    40. 40)
      • M. Naor , M. Yung .
        40. Naor, M., Yung, M.: ‘Universal one-way hash functions and their cryptographic applications’. Proc. 21st Annual ACM Symp. Theory of Computing, 14–17 May 1989, Seattle, WA, DC, USA, pp. 3343.
        . Proc. 21st Annual ACM Symp. Theory of Computing , 33 - 43
    41. 41)
      • M. Burmester , Y. Desmedt .
        41. Burmester, M., Desmedt, Y.: ‘A secure and efficient conference key distribution system’. Advances in Cryptology – EUROCRYPT’ 94, 1995 (LNCS, 950), pp. 275286.
        . Advances in Cryptology – EUROCRYPT’ 94 , 275 - 286
    42. 42)
      • J. Katz , Y. Lindell . (2007)
        42. Katz, J., Lindell, Y.: ‘Introduction to modern cryptography Chapman & Hall/Crc cryptography and network security series’ (Chapman & Hall/CRC, 2007).
        .
    43. 43)
      • H. Krawczyk .
        43. Krawczyk, H.: ‘HMQV: a high-performance secure Diffie–Hellman protocol’. Advances in Cryptology – CRYPTO 2005: 25th Annual Int. Cryptology Conf. Proc., Santa Barbara, CA, USA, 14–18 August 2005 (LNCS, 3621), pp. 546566.
        . Advances in Cryptology – CRYPTO 2005: 25th Annual Int. Cryptology Conf. Proc. , 546 - 566
    44. 44)
      • C.J.F. Cremers , M. Feltz .
        44. Cremers, C.J.F., Feltz, M.: ‘One-round strongly secure key exchange with perfect forward secrecy and deniability’, IACR Cryptology ePrint Archive, 2011, 2011, vol. 300.
        . IACR Cryptology ePrint Archive, 2011
    45. 45)
      • A. Fujioka , K. Suzuki , K. Xagawa .
        45. Fujioka, A., Suzuki, K., Xagawa, K., et al: ‘Strongly secure authenticated key exchange from factoring, codes, and lattices’, Des. Codes Cryptogr., 2015, 76, (3), pp. 469504.
        . Des. Codes Cryptogr. , 3 , 469 - 504
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2017.0131
Loading

Related content

content/journals/10.1049/iet-ifs.2017.0131
pub_keyword,iet_inspecKeyword,pub_concept
6
6
Loading
This is a required field
Please enter a valid email address