KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

One-round Secure Key Exchange Protocol With Strong Forward Secrecy

  • Li, Xiaowei (Department of Mathematics and Computer Science, Dali University) ;
  • Yang, Dengqi (Department of Mathematics and Computer Science, Dali University) ;
  • Chen, Benhui (Department of Mathematics and Computer Science, Dali University) ;
  • Zhang, Yuqing (National Computer Network Intrusion Protection Center, University of the Chinese Academy of Sciences)
  • Received : 2016.05.22
  • Accepted : 2016.10.19
  • Published : 2016.11.30
Download PDF
⟨ Previous Next ⟩

Abstract

Security models for key exchange protocols have been researched for years, however, lots of them only focus on what secret can be compromised but they do not differentiate the timing of secrets compromise, such as the extended Canetti-Krawczyk (eCK) model. In this paper, we propose a new security model for key exchange protocols which can not only consider what keys can be compromised as well as when they are compromised. The proposed security model is important to the security proof of the key exchange protocols with forward secrecy (either weak forward secrecy (wFS) or strong forward secrecy (sFS)). In addition, a new kind of key compromise impersonation (KCI) attacks which is called strong key compromise impersonation (sKCI) attack is proposed. Finally, we provide a new one-round key exchange protocol called mOT+ based on mOT protocol. The security of the mOT+ is given in the new model. It can provide the properties of sKCI-resilience and sFS and it is secure even if the ephemeral key reveal query is considered.

Keywords

References

  1. R. Canetti and H. Krawczyk, "Analysis of key-exchange protocols and their use for building secure channels," Advances in Cryptology-EUROCRYPT, pp. 451-472, 2001.
  2. B. LaMacchia, K. Lauter and A. Mityagin, "Stronger security of authenticated key exchange," in Proc. of Provable Security, pp. 1-16, 2007.
  3. W. Diffie, P.V. Oorschot and M. Wiener, "Authentication and authenticated key exchange," Designs, Codes and Cryptography, vol. 2, no. 2, pp. 107-125, 1992. https://doi.org/10.1007/BF00124891
  4. N.T.T. Huyen, M. Jo, T.D. Nguyen, and E.N. Huh, "A beneficial analysis of deployment knowledge for key distribution in wireless sensor networks," Security and Communication Network, vol.5, no.5, pp.485-495, 2011. https://doi.org/10.1002/sec.337
  5. H.T.T. Nguyen, M. Guizani, M. Jo, and E.N. Huh, "An efficient signal-range-based probabilistic key pre-distribution scheme in a wireless sensor network," IEEE Transactions on Vehicular Technology, vol. 58, no.5, pp.2482-2497, 2009. https://doi.org/10.1109/TVT.2008.2008191
  6. H. Krawczyk, "HMQV: A high-performance secure Diffie-Hellman protocol," Advances in Cryptology -CRYPTO, pp. 546-566, 2005.
  7. D. Mishra, A.K. Das, A. Chaturvedi, and S. Mukhopadhyay, "A secure password-based authentication and key agreement scheme using smart cards," Journal of Information Security and Applications, vol. 23, pp. 28-43, 2015. https://doi.org/10.1016/j.jisa.2015.06.003
  8. D. Mishra and S. Mukhopadhyay, "Cryptanalysis of pairing-free identity-based authenticated key agreement protocols," in Proc. of International Conference on Information Systems Security, pp.247-254, 2013.
  9. Z. Yang, W. Yang, L. Zhu, and D. Zhang, "Towards modelling perfect forward secrecy in two-message authenticated key exchange under ephemeral-key revelation," Security and Communication Networks, vol. 8, no. 18, pp. 3356-3371, 2015. https://doi.org/10.1002/sec.1263
  10. G. Barthe, J.M. Crespo, Y. Lakhnech, and B. Schmidt, "Mind the gap: modular machine-checked proofs of one-round key exchange protocols," Advances in Cryptology-EUROCRYPT, pp. 689-718, 2015.
  11. W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644-654, 1976. https://doi.org/10.1109/TIT.1976.1055638
  12. L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone, "An efficient protocol for authenticated key agreement," Designs, Codes and Cryptography, vol. 28, no. 2, pp. 119-134, 2008. https://doi.org/10.1023/A:1022595222606
  13. S. Chow and K. Choo, "Strongly-secure identity-based key agreement and anonymous extension," in Proc. of Information Security, pp.203-220, 2007.
  14. R. Gennaro, H. Krawczyk and T. Rabin, "Okamoto-Tanaka revisited: fully authenticated Diffie-Hellman with minimal overhead," in Proc. of Applied Cryptography and Network Security, pp. 309-328, 2010.
  15. E. Okamoto and K. Tanaka, "Key distribution system based on identification information," IEEE Journal on Selected Areas in Communications, vol. 7, no. 4, pp. 481-485, 1989. https://doi.org/10.1109/49.17711
  16. C. Boyd and J. Nieto, "On forward secrecy in one-round key exchange," in Proc. of Cryptography and Coding, pp. 451-468, 2011.
  17. C. Cremers and M. Feltz, "Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal," Designs, Codes and Cryptography, vol. 74, no. 1, pp.183-218, 2015. https://doi.org/10.1007/s10623-013-9852-1
  18. F. Bergsma, T. Jager and J. Schwenk, "One-round key exchange with strong security: an efficient and generic construction in the standard model," in Proc. of PKC 2015, pp. 477-494, 2015.
  19. M. Just and S. Vaudenay, "Authenticated multi-party key agreement," Advances in Cryptology-ASIACRYPT, pp. 36-49, 1996.
  20. M.A. Strangio, "On the resilience of key agreement protocols to key compromise impersonation," in Proc. of European PKI Workshop on Public Key Infrastructure, pp. 233-247, 2006.