IMA International Conference on Cryptography and Coding

Cryptography and Coding pp 277-294 | Cite as

Continuous After-the-Fact Leakage-Resilient eCK-Secure Key Exchange

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9496)

Abstract

Security models for two-party authenticated key exchange (AKE) protocols have developed over time to capture the security of AKE protocols even when the adversary learns certain secret values. Increased granularity of security can be modelled by considering partial leakage of secrets in the manner of models for leakage-resilient cryptography, designed to capture side-channel attacks. In this work, we use the strongest known partial-leakage-based security model for key exchange protocols, namely continuous after-the-fact leakage \(\mathrm {eCK}\) (\(\mathrm {CAFL\text {-}eCK}\)) model. We resolve an open problem by constructing the first concrete two-pass leakage-resilient key exchange protocol that is secure in the \(\mathrm {CAFL\text {-}eCK}\) model.

Keywords

Key exchange protocols Side-channel attacks Security models Leakage-resilience After-the-fact leakage 

References

  1. 1.
    Akavia, A., Goldwasser, S., Vaikuntanathan, V.: Simultaneous hardcore bits and cryptography against memory attacks. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 474–495. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  2. 2.
    Alawatugoda, J., Boyd, C., Stebila, D.: Continuous after-the-fact leakage-resilient eck-secure key exchange. IACR Cryptology ePrint Archive 2015:335 (2015)Google Scholar
  3. 3.
    Alawatugoda, J., Stebila, D., Boyd, C.: Modelling after-the-fact leakage for key exchange. In: ASIACCS (2014)Google Scholar
  4. 4.
    Alwen, J., Dodis, Y., Wichs, D.: Leakage-resilient public-key cryptography in the bounded-retrieval model. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 36–54. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  6. 6.
    Bernstein, D.J.: Cache-timing attacks on AES. Technical report (2005). http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
  7. 7.
    Brakerski, Z., Kalai, Y.T., Katz, J., Vaikuntanathan, V.: Overcoming the hole in the bucket: public-key cryptography resilient to continual memory leakage. IACR Cryptology ePrint Archive, Report 2010/278 (2010)Google Scholar
  8. 8.
    Brumley, D., Boneh, D.: Remote timing attacks are practical. In: USENIX Security Symposium, pp. 1–14 (2003)Google Scholar
  9. 9.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  10. 10.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22, 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Dodis, Y., Haralambiev, K., López-Alt, A., Wichs, D.: Efficient public-key cryptography in the presence of key leakage. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 613–631. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  12. 12.
    Dziembowski, S., Faust, S.: Leakage-resilient cryptography from the inner-product extractor. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 702–721. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  13. 13.
    Dziembowski, S., Pietrzak, K.: Leakage-resilient cryptography. In: IEEE Symposium on Foundations of Computer Science, pp. 293–302 (2008)Google Scholar
  14. 14.
    Faust, S., Kiltz, E., Pietrzak, K., Rothblum, G.N.: Leakage-resilient signatures. IACR Cryptology ePrint Archive, Report 2009/282 (2009)Google Scholar
  15. 15.
    Hutter, M., Mangard, S., Feldhofer, M.: Power and EM attacks on passive 13.56 MHz RFID devices. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 320–333. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  16. 16.
    Katz, J., Vaikuntanathan, V.: Signature schemes with bounded leakage resilience. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 703–720. Springer, Heidelberg (2009) CrossRefGoogle Scholar
  17. 17.
    Kiltz, E., Pietrzak, K.: Leakage resilient ElGamal encryption. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 595–612. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  18. 18.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996) Google Scholar
  19. 19.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007) CrossRefGoogle Scholar
  20. 20.
    Malkin, T., Teranishi, I., Vahlis, Y., Yung, M.: Signatures resilient to continual leakage on memory and computation. In: Ishai, Y. (ed.) TCC 2011. LNCS, vol. 6597, pp. 89–106. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  21. 21.
    Messerges, T., Dabbish, E., Sloan, R.: Examining smart-card security under the threat of power analysis attacks. IEEE Trans. Comput. 51, 541–552 (2002)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Moriyama, D., Okamoto, T.: Leakage resilient eCK-secure key exchange protocol without random oracles. In: ASIACCS, pp. 441–447 (2011)Google Scholar
  23. 23.
    Yang, G., Mu, Y., Susilo, W., Wong, D.S.: Leakage resilient authenticated key exchange secure in the auxiliary input model. In: Deng, R.H., Feng, T. (eds.) ISPEC 2013. LNCS, vol. 7863, pp. 204–217. Springer, Heidelberg (2013) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Janaka Alawatugoda
    • 1
    • 4
  • Douglas Stebila
    • 1
    • 2
  • Colin Boyd
    • 3
  1. 1.School of Electrical Engineering and Computer ScienceQueensland University of TechnologyBrisbaneAustralia
  2. 2.School of Mathematical SciencesQueensland University of TechnologyBrisbaneAustralia
  3. 3.Department of TelematicsNorwegian University of Science and TechnologyTrondheimNorway
  4. 4.Department of Computer EngineeringUniversity of PeradeniyaPeradeniyaSri Lanka

Personalised recommendations