Security model and modular design of fair authentication key exchange protocols
It is traditionally assumed that the legal two parties in authentication key exchange (AKE) communications are both credible. However, in more and more network applications nowadays, it is often required that such protocols be run under the circumstances where ones do not trust in each other. Therefore, in this paper we propose the idea of fair authentication key exchange (FAKE), which has not only the basic properties of AKE protocols, but also some new properties: the “session proof” embedded in the input of protocols by the customer; and if not revealed, the protocols have the deniability, otherwise the transcript of protocol is binding for the identifications. Such a method is capable of solving the contradiction between protecting privacy and the dissension on network service. Then the security model of FAKE protocols is formulated systematically and a flaw of the security model of current signature schemes proposed by Kudla is also corrected. Finally, a kind of FAKE protocol based on current signature schemes is designed and the mBJM-AK security, conditional deniability and fairness of FAKE protocols are proved in the random oracle model.
Keywordsauthentication key exchange protocols deniability fairness concurrent signature provable security
Unable to display preview. Download preview PDF.
- 3.Chor B, Goldreich O, Kushilevitz E, et al. Private information retrieval. In: Proc. of 36th FOCS, Milwaukee, 1995. 41–50Google Scholar
- 4.Jakobsson M, Sako K, Impagliazzo R. Designated verifier proofs and their applications. In: Maurer U M, ed. Advances in Cryptology—Proc. of EUROCRYPT’96, LNCS 1070. Berlin: Springer-Verlag, 1996. 143–154Google Scholar
- 5.Dwork C, Naor M, Sahai A. Concurrent zero-knowledge. In: Kleinberg J M, ed. In: Proc. of 30th Sysposium on Theory of Computing (STOC). New York: ACM Press, 1998. 409–418Google Scholar
- 6.Naor M. Deniable ring authentication. In: Stinson D R, ed. Advances in Cryptology—Proc. of CRYPTO02, LNCS 2442. Berlin: Springer-Verlag, 2002. 481–498Google Scholar
- 7.Raimondo M D, Gennaro R. New approaches for deniable authentication. In: Atluri V, ed. Proc. of 12th ACM Conference on Computer and Communications Security (CCS’05). New York: ACM Press, 2005. 81–89Google Scholar
- 8.Rivest R, Shamir R, Tauman Y. How to leak a secret. In: Boyd C, ed. Advances in Cryptology—Proc. of ASIACRYPT’ 01, LNCS 2248. Berlin: Springer-Verlag, 2001. 552–565Google Scholar
- 10.Kudla C. Special signature scheme and key agreement protocols. Thesis for the Degree of Doctor of Philosophy. London: Information Security Group Department of Mathematics Royal Hollway, University of London, 2006Google Scholar
- 13.Okamoto T, Pointcheval D. The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim K, ed. Public Key Cryptography-PKC 2001,volume 1992 of Lecture Notes in Computer Science. Berlin: Springer-Verlag, 2001. 104–118Google Scholar