Security Analysis of KEA Authenticated Key Exchange Protocol

  • Kristin Lauter
  • Anton Mityagin
Conference paper

DOI: 10.1007/11745853_25

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3958)
Cite this paper as:
Lauter K., Mityagin A. (2006) Security Analysis of KEA Authenticated Key Exchange Protocol. In: Yung M., Dodis Y., Kiayias A., Malkin T. (eds) Public Key Cryptography - PKC 2006. PKC 2006. Lecture Notes in Computer Science, vol 3958. Springer, Berlin, Heidelberg


KEA is a Diffie-Hellman based key-exchange protocol developed by NSA which provides mutual authentication for the parties. It became publicly available in 1998 and since then it was neither attacked nor proved to be secure. We analyze the security of KEA and find that the original protocol is susceptible to a class of attacks. On the positive side, we present a simple modification of the protocol which makes KEA secure. We prove that the modified protocol, called KEA+, satisfies the strongest security requirements for authenticated key-exchange and that it retains some security even if a secret key of a party is leaked. Our security proof is in the random oracle model and uses the Gap Diffie-Hellman assumption. Finally, we show how to add a key confirmation feature to KEA+ (we call the version with key confirmation KEA+C) and discuss the security properties of KEA+C.

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Kristin Lauter
    • 1
  • Anton Mityagin
    • 2
  1. 1.Microsoft ResearchRedmondUSA
  2. 2.Department of Computer ScienceUniversity of CaliforniaSan DiegoUSA

Personalised recommendations