A Suite of Enhanced Security Models for Key Compromise Impersonation Resilience and ID-based Key Exchange

Canetti and Krawczyk proposed a security model (CK-model) for authentication and key exchange protocols in 2001 based on a modeling approach proposed by Bellare et al. in 1998. The model not only reasonably captures the power of practical attackers but also provides a modular approach to the design of secure key exchange protocols. However, the model does not capture the property of Key Compromise Impersonation (KCI) Resilience, which has been studied elaborately with respect to key exchange protocols. Until now, analysis concerning this property has mostly been performed heuristically and it has been difficult to apply existing security models and formal analysis methods to the study of KCI attacks. In this paper, we solve this problem by proposing an enhancement of the CK-model for capturing KCI attacks. With the revival of interest in identity-based (ID-based) cryptography, there have been many new ID-based key exchange protocols proposed. Despite the fact that some of them have been proven in some restricted versions of a model proposed by Bellare and Rogaway in 1993 and some others have been proven in the CK-model, there is no security model specifically formalized for ID-based key exchange protocols. In particular, Forward Secrecy against compromised Key Generation Server (KGS-FS) has never been captured even though this notion is more important and also stronger than the perfect forward secrecy in ID-based cryptography. For this, we further extend our model to the ID-based cryptographic setting and capture the KGS-FS. Finally, we provide some formal security analyses for several identity-based key exchange protocols under our models.