The Fallout of Key Compromise in a Proxy-Mediated Key Agreement Protocol

  • David Nuñez
  • Isaac Agudo
  • Javier Lopez
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10359)


In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the corresponding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward security and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk.



This work was partly supported by the Junta de Andalucía through the project FISICCO (P11-TIC-07223) and by the Spanish Ministry of Economy and Competitiveness through the PERSIST project (TIN2013-41739-R). The first author is supported by a contract from the Regional Ministry of Economy and Knowledge of Andalucía.


  1. 1.
    Bertoni, G., Daemen, J., Peeters, M., Van Assche, G.: The Keccak SHA-3 submission. NIST (Round 3) 6(7), 16 (2011, to be submitted)Google Scholar
  2. 2.
    Boneh, D., Lewi, K., Montgomery, H., Raghunathan, A.: Key homomorphic PRFs and their applications. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 410–428. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-40041-4_23 CrossRefGoogle Scholar
  3. 3.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2013)zbMATHGoogle Scholar
  4. 4.
    Chalkias, K., Baldimtsi, F., Hristu-Varsakelis, D., Stephanides, G.: Two types of key-compromise impersonation attacks against one-pass key establishment protocols. In: Filipe, J., Obaidat, M.S. (eds.) ICETE 2007. CCIS, vol. 23, pp. 227–238. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-88653-2_17 CrossRefGoogle Scholar
  5. 5.
    Cook, D.L., Keromytis, A.D.: Conversion functions for symmetric key ciphers. J. Inf. Assur. Secur. 1(2), 119–128 (2006)MathSciNetGoogle Scholar
  6. 6.
    Denning, D.E., Sacco, G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981)CrossRefGoogle Scholar
  7. 7.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theor. 29(2), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Duong, T., Rizzo, J.: Flickr’s API signature forgery vulnerability (2009)Google Scholar
  10. 10.
    Garrison, W.C., Shull, A., Myers, S., Lee, A.J.: On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 819–838, May 2016Google Scholar
  11. 11.
    Krawczyk, D.H., Eronen, P.: HMAC-based extract-and-expand key derivation function (HKDF). RFC. 5869, October 2015Google Scholar
  12. 12.
    Liu, Z., Huang, X., Hu, Z., Khan, M.K., Seo, H., Zhou, L.: On emerging family of elliptic curves to secure internet of things: ECC comes of age. IEEE Trans. Dependable Secur. Comput. 14(3), 237–248 (2016). doi: 10.1109/TDSC.2016.2577022. ISSN: 1545-5971Google Scholar
  13. 13.
    Menezes, A.J., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefzbMATHGoogle Scholar
  14. 14.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)CrossRefzbMATHGoogle Scholar
  15. 15.
    Neuman, B.C., Ts’o, T.: Kerberos: an authentication service for computer networks. IEEE Commun. Mag. 32(9), 33–38 (1994)CrossRefGoogle Scholar
  16. 16.
    Nguyen, K.T., Oualha, N., Laurent, M.: Authenticated key agreement mediated by a proxy re-encryptor for the internet of things. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 339–358. Springer, Cham (2016). doi: 10.1007/978-3-319-45741-3_18 CrossRefGoogle Scholar
  17. 17.
    Nuñez, D., Agudo, I., Lopez, J.: A parametric family of attack models for proxy re-encryption. In: Proceedings of the 28th IEEE Computer Security Foundations Symposium, CSF 2015, pp. 290–301. IEEE Computer Society (2015)Google Scholar
  18. 18.
    Nuñez, D., Agudo, I., Lopez, J.: Proxy re-encryption: analysis of constructions and its application to secure access delegation. J. Netw. Comput. Appl. 87, 193–209 (2017)CrossRefGoogle Scholar
  19. 19.
    Sakazaki, H., Anzai, K., Hosoya, J.: Study of re-encryption scheme based on symmetric-key cryptography. In: 31st Symposium on Cryptography and Information Security (SCIS 2014) (2014)Google Scholar
  20. 20.
    Strangio, M.A.: On the resilience of key agreement protocols to key compromise impersonation. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 233–247. Springer, Heidelberg (2006). doi: 10.1007/11774716_19 CrossRefGoogle Scholar
  21. 21.
    Syalim, A., Nishide, T., Sakurai, K.: Realizing proxy re-encryption in the symmetric world. In: Abd Manaf, A., Zeki, A., Zamani, M., Chuprat, S., El-Qawasmeh, E. (eds.) ICIEIS 2011. CCIS, vol. 251, pp. 259–274. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-25327-0_23 CrossRefGoogle Scholar
  22. 22.
    Tsudik, G.: Message authentication with one-way hash functions. ACM SIGCOMM Comput. Commun. Rev. 22(5), 29–38 (1992)CrossRefGoogle Scholar
  23. 23.
    Watanabe, D., Sakazaki, H., Miyazaki, K.: Representative system and security message transmission using re-encryption scheme based on symmetric-key cryptography. J. Inf. Process. 25, 67–74 (2017)Google Scholar
  24. 24.
    Wikipedia: SpongeBob SquarePants – Wikipedia, the free encyclopedia (2016). Accessed 18 Oct 2016

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.Network, Information and Computer Security (NICS) Laboratory, Computer Science DepartmentUniversity of MálagaMálagaSpain

Personalised recommendations