ASICS: Authenticated Key Exchange Security Incorporating Certification Systems

  • Colin Boyd
  • Cas Cremers
  • Michèle Feltz
  • Kenneth G. Paterson
  • Bertram Poettering
  • Douglas Stebila
Conference paper

DOI: 10.1007/978-3-642-40203-6_22

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8134)
Cite this paper as:
Boyd C., Cremers C., Feltz M., Paterson K.G., Poettering B., Stebila D. (2013) ASICS: Authenticated Key Exchange Security Incorporating Certification Systems. In: Crampton J., Jajodia S., Mayes K. (eds) Computer Security – ESORICS 2013. ESORICS 2013. Lecture Notes in Computer Science, vol 8134. Springer, Berlin, Heidelberg

Abstract

Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.

Keywords

authenticated key exchange (AKE) unknown key share (UKS) attacks certification authority (CA) invalid public keys PKI 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Colin Boyd
    • 1
  • Cas Cremers
    • 2
  • Michèle Feltz
    • 2
  • Kenneth G. Paterson
    • 3
  • Bertram Poettering
    • 3
  • Douglas Stebila
    • 1
  1. 1.Queensland University of TechnologyBrisbaneAustralia
  2. 2.Institute of Information SecurityETH ZurichSwitzerland
  3. 3.Royal Holloway, University of LondonEghamUnited Kingdom

Personalised recommendations