On the Resilience of Key Agreement Protocols to Key Compromise Impersonation
نویسنده
چکیده
Key agreement protocols are a fundamental building block for ensuring authenticated and private communications between two parties over an insecure network. This paper focuses on key agreement protocols in the asymmetric authentication model, wherein parties hold a public/private key pair. In particular, we consider a type of known key attack called key compromise impersonation that may occur once the adversary has obtained the private key of an honest party. This attack represents a subtle threat that is often underestimated and difficult to counter. Several protocols are shown vulnerable to this attack despite their authors claiming the opposite. We also consider in more detail how three formal (complexity-theoretic based) models of distributed computing found in the literature cover such attacks.
منابع مشابه
Cryptanalysis of Two ID-based Authenticated Key Agreement Protocols from Pairings
Recently, a number of ID-based two-party authenticated key agreement protocols which make of bilinear pairings have been proposed [3, 8, 12, 11, 14]. In this paper, we show that the Xie’s protocol [14] does not provide implicit key authentication and key-compromise impersonation resilience. Also, we point out the vulnerability of the Choi et al’s protocol [3] against signature forgery attacks.
متن کاملCryptanalysis and improvement of two certificateless three-party authenticated key agreement protocols
Recently, two certificateless three-party authenticated key agreement protocols were proposed, and both protocols were claimed they can meet the desirable security properties including forward security, key compromise impersonation resistance and so on. Through cryptanalysis, we show that one neither meets forward security and key compromise impersonation resistance nor resists an attack by an ...
متن کاملCryptanalysis of an Identity-Based Multiple Key Agreement Scheme
Multiple key agreement (MKA) protocols allow two parties to generate two or more session keys in one session, which will be used for future secure communications in public network. In recent years, many MKA protocols have been proposed. However, most of them do not consider ephemeral key compromise resilience, and some of them still exists security flaws. In this paper, we analyze the scheme pr...
متن کاملA Suite of Enhanced Security Models for Key Compromise Impersonation Resilience and ID-based Key Exchange
Canetti and Krawczyk proposed a security model (CK-model) for authentication and key exchange protocols in 2001 based on a modeling approach proposed by Bellare et al. in 1998. The model not only reasonably captures the power of practical attackers but also provides a modular approach to the design of secure key exchange protocols. However, the model does not capture the property of Key Comprom...
متن کاملEnhancing CK-Model for Key Compromise Impersonation Resilience and Identity-based Key Exchange
In 2001, Canetti and Krawczyk proposed a security model (CKmodel) for authentication protocols. They also gave an indistinguishabilitybased definition for key exchange protocols. Since then the model has almost exclusively been used for analyzing key exchange protocols, although it can be applied to authentication protocols in general. The model not only captures a large class of attacks but al...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2006 شماره
صفحات -
تاریخ انتشار 2006