Abstract
This paper presents some new unknown key-share attacks on STS-MAC, the version of the STS key agreement protocol which uses a MAC algorithm to provide key confirmation. Various methods are considered for preventing the attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
ANSI X9.30 (Part 1), Public Key Cryptography Using Irreversible Algorithms for the Financial Services Industry-Part 1: The Digital Signature Algorithm (DSA), 1995.
ANSI X9.31, Digital Signatures Using Reversible Public Key Cryptography for the Financial Services Industry (rDSA), working draft, March 1998.
ANSI X9.62, The Elliptic Curve Digital Signature Algorithm (ECDSA), working draft, August 1998.
ANSI X9.63, Elliptic Curve Key Agreement and Key Transport Protocols, working draft, October 1998.
M. Bellare, R. Canetti and H. Krawczyk, “A modular approach to the design and analysis of authentication and key exchange protocols”, Proceedings of the 30th Annual Symposium on the Theory of Computing, 1998. A full version of this paper is available at http://www-cse.ucsd.edu/users/mihir
M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols”, 1st ACM Conference on Computer and Communications Security, 1993, 62–73. A full version of this paper is available at http://www-cse.ucsd.edu/users/mihir
M. Bellare and P. Rogaway, “Entity authentication and key distribution”, Advances in Cryptology-Crypto’ 93, LNCS 773, 1993, 232–249. A full version of this paper is available athttp://www-cse.ucsd.edu/users/mihir
M. Bellare and P. Rogaway, “The exact security of digital signatures—how to sign with RSA and Rabin”, Advances in Cryptology-Eurocrypt’ 96, LNCS 1070, 1996, 399–416.
S. Blake-Wilson, D. Johnson and A. Menezes, “Key agreement protocols and their security analysis”, Proceedings of the sixth IMA International Conference on Cryptography and Coding, LNCS 1355, 1997, 30–45. A full version of this paper is available at http://www.cacr.math.uwaterloo.ca/
S. Blake-Wilson and A. Menezes, “Authenticated Diffie-Hellman key agreement protocols”, Proceedings of SAC’ 98, LNCS, to appear.
W. Diffie, P. vanOorschot and M. Wiener, “Authentication and authenticated key exchanges”, Designs, Codes and Cryptography, 2 (1992), 107–125.
T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, IEEE Transactions on Information Theory, 31 (1985), 469–472.
S. Goldwasser, S. Micali, and R. Rivest, “A digital signature scheme secure against adaptive chosen message attacks”, SIAM Journal on Computing, 17 (1988), 281–308.
IPSEC Working Group, The OAKLEY Key Determination Protocol, Internet Draft, Internet Engineering Task Force, available from http://www.ietf.cnri.reston.va.us/
ISO/IEC 8824-1, Information Technology-Open Systems Interconnection-Abstract Syntax Notation One (ANS.1)-Part 1: Specification of Basic Notation.
ISO/IEC 8825-3, Information Technology-Open Systems Interconnection-Specification of ASN.1 Encoding Rules-Part 3: Distinguished Canonical Encoding Rules.
ISO/IEC 9798-3, Information Technology-Security Techniques-Entity Authentication Mechanisms-Part 3: Entity Authentication Using a Public-Key Algorithm 1993.
ISO/IEC 11770-3, Information Technology-Security Techniques-Key Management-Part 3: Mechanisms Using Asymmetric Techniques, draft, (DIS), 1996.
D. Johnson, Contribution to ANSI X9F1 working group, 1997.
B. Kaliski, Contribution to ANSI X9F1 and IEEE P1363 working groups, June 17 1998.
L. Law, A. Menezes, M. Qu, J. Solinas, S. Vanstone, “An efficient protocol for authenticated key agreement”, Technical report CORR 98-05, Department of C&O, University of Waterloo, 1998. Also available at http://www.cacr.math.uwaterloo.ca/
H.W. Lenstra, “Factoring integers with elliptic curves”, Annals of Mathematics, 126 (1987), 649–673.
C. Lim and P. Lee, “A key recovery attack on discrete log-based schemes using a prime order subgroup”, Advances in Cryptology-Crypto’ 97, LNCS 1294, 1997, 249–263.
A. Menezes, M. Qu and S. Vanstone, “Some new key agreement protocols providing mutual implicit authentication”, Workshop on Selected Areas in Cryptography (SAC’ 95), 22–32, 1995.
A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
C. Mitchell and A. Thomas, “Standardising authentication protocols based on public key techniques”, Journal of Computer Security, 2 (1993), 23–36.
National Institute of Standards and Technology, Digital Signature Standard, FIPS Publication 186, 1994.
National Institute of Standards and Technology, Secure Hash Standard (SHS), FIPS Publication 180-1, 1995.
S. Pohlig and M. Hellman, “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance”, IEEE Transactions on Information Theory, 24 (1978), 106–110.
M.O. Rabin, “Digitalized signatures and public-key functions as intractable as factorization”, MIT/LCS/TR-212, MIT Laboratory for Computer Science, 1979.
R.L. Rivest, A. Shamir and L.M. Adleman, “A method for obtaining digital signatures and public-key cryptosystems”, Communications of the ACM, 21 (1978), 120–126.
P. van Oorschot, “Extending cryptographic logics of belief to key agreement protocols”, 1st ACM Conference on Computer and Communications Security, ACM Press, 1993, 232–243.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Blake-Wilson, S., Menezes, A. (1999). Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol. In: Public Key Cryptography. PKC 1999. Lecture Notes in Computer Science, vol 1560. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-49162-7_12
Download citation
DOI: https://doi.org/10.1007/3-540-49162-7_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-65644-9
Online ISBN: 978-3-540-49162-0
eBook Packages: Springer Book Archive