Combined Security Analysis of the One- and Three-Pass Unified Model Key Agreement Protocols

  • Sanjit Chatterjee
  • Alfred Menezes
  • Berkant Ustaoglu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6498)

Abstract

The unified model (UM) is a family of key agreement protocols that has been standardized by ANSI and NIST. The NIST standard explicitly permits the reuse of a static key pair among the one-pass and three-pass UM protocols. However, a recent study demonstrated that such reuse can lead to security vulnerabilities. In this paper we revisit the security of the one- and three-pass UM protocols when static key pairs are reused. We propose a shared security model that incorporates the individual security attributes of the two protocols. We then show, provided appropriate measures are taken, that the protocols are secure even when static key pairs are reused.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ANSI X9.42, Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, American National Standards Institute (2003)Google Scholar
  2. 2.
    ANSI X9.63, Key Agreement and Key Transport Using Elliptic Curve Cryptography, American National Standards Institute (2001)Google Scholar
  3. 3.
    Boyd, C., Cliff, Y., Nieto, J., Paterson, K.: Efficient one-round key exchange in the standard model. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 69–83. Springer, Heidelberg (2008) http://eprint.iacr.org/2008/007 CrossRefGoogle Scholar
  4. 4.
    Chatterjee, S., Menezes, A., Ustaoglu, B.: Reusing static keys in key agreement protocols. In: Roy, B., Sendrier, N. (eds.) INDOCRYPT 2009. LNCS, vol. 5922, pp. 39–56. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Diffie, W., van Oorschot, P., Wiener, M.: Authentication and authenticated key exchanges. Design. Code. Cryptogr. 2(2), 107–125 (1992)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Just, M., Vaudenay, S.: Authenticated multi-party key agreement. In: Kim, K.-c., Matsumoto, T. (eds.) ASIACRYPT 1996. LNCS, vol. 1163, pp. 36–49. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  7. 7.
    Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005), http://eprint.iacr.org/2005/176 CrossRefGoogle Scholar
  8. 8.
    Kunz-Jacques, S., Pointcheval, D.: About the security of MTI/C0 and MQV. In: De Prisco, R., Yung, M. (eds.) SCN 2006. LNCS, vol. 4116, pp. 156–172. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Design. Code. Cryptogr. 28(2), 119–134 (2003)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Menezes, A.: Another look at HMQV. J. Math. Cryptology 1(1), 47–64 (2007)MathSciNetMATHGoogle Scholar
  11. 11.
    Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM Press, New York (2008)Google Scholar
  12. 12.
    SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), National Institute of Standards and Technology (March 2007)Google Scholar
  13. 13.
    Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Design. Code. Cryptogr. 46(3), 329–342 (2008), http://eprint.iacr.org/2007/123 MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Sanjit Chatterjee
    • 1
  • Alfred Menezes
    • 1
  • Berkant Ustaoglu
    • 2
  1. 1.Department of Combinatorics & OptimizationUniversity of WaterlooCanada
  2. 2.NTT Information Sharing Platform LaboratoriesTokyoJapan

Personalised recommendations