Enhanced Modelling of Authenticated Key Exchange Security

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10547)

Abstract

The security models for Authenticated Key Exchange do not consider leakages on pre-computed ephemeral data before their use in sessions. We investigate the consequences of such leakages and point out damaging consequences. As an illustration, we show the HMQV-C protocol vulnerable to a Bilateral Unknown Key Share (BUKS) and an Unilateral Unknown Key Share (UUKS) Attack, when precomputed ephemeral public keys are leaked. We point out some shades in the seCK model in multi-certification authorities setting. We propose an enhancement of the seCK model, which uses a liberal instantiation of the certification systems model from the ASICS framework, and allows reveal queries on precomputed ephemeral (public and private) keys. We propose a new protocol, termed eFHMQV, which in addition to provide the same efficiency as MQV, is particularly suited for implementations wherein a trusted device is used together with untrusted host machine. In such settings, the non-idle time computational effort of the device safely reduces to one digest computation, one integer multiplication, and one integer addition. The eFHMQV protocol meets our security definition, under the Random Oracle Model and the Gap Diffie-Hellman assumption.

Keywords

Unknown Key Share \(\text {seCK}^{\text {cs}}\) ASICS HMQV-C eFHMQV 

References

  1. 1.
    Basin, D., Cremers, C.: Modeling and analyzing security in the presence of compromising adversaries. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 340–356. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15497-3_21 CrossRefGoogle Scholar
  2. 2.
    Bellare, M., Palacio, A.: The knowledge-of-exponent assumptions and 3-round zero-knowledge protocols. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 273–289. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28628-8_17 CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_21 CrossRefGoogle Scholar
  4. 4.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003). doi:10.1007/978-3-662-09527-0 CrossRefMATHGoogle Scholar
  5. 5.
    Boyd, C., Cremers, C., Feltz, M., Paterson, K.G., Poettering, B., Stebila, D.: ASICS: authenticated key exchange security incorporating certification systems. In: Crampton, J., Jajodia, S., Mayes, K. (eds.) ESORICS 2013. LNCS, vol. 8134, pp. 381–399. Springer, Heidelberg (2013). doi:10.1007/978-3-642-40203-6_22 CrossRefGoogle Scholar
  6. 6.
    Boyd, C., Cremers, C., Feltz, M., Paterson, K.G., Poettering, B., Stebila, D.: ASICS: Authenticated key exchange security incorporating certification systems. Cryptology ePrint Archive: Report 2013/398Google Scholar
  7. 7.
    Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001). doi:10.1007/3-540-44987-6_28 CrossRefGoogle Scholar
  8. 8.
    Chen, L., Tang, Q.: Bilateral unknown key-share attacks in key agreement protocols. J. Univ. Comput. Sci. 14(3), 416–440 (2008)MathSciNetMATHGoogle Scholar
  9. 9.
    Cremers, C., Feltz, M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. Des. Codes Crypt. 74(1), 183–218 (2013). SpringerMathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Diffie, W., Van Orschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2(2), 107–125 (1992). SpringerMathSciNetCrossRefGoogle Scholar
  11. 11.
    Ducklin, P.: Serious security: Google finds fake but trusted SSL certificates for its domains, made in France. http://tinyurl.com/hrmo8pa
  12. 12.
    FOX IT: Black Tulip: report of the investigation into the DigiNotar Certificate Authority breach. http://preview.tinyurl.com/lj6938c
  13. 13.
    Güneysu, T., Pfeiffer, G., Paar, C., Schimmler, M.: Three years of evolution: cryptanalysis with COPACOBANA. In: Workshop Record of “Special-Purpose Hardware for Attacking Cryptographic Systems”–SHARCS 2009 (2009)Google Scholar
  14. 14.
    Huq, N.: PoS RAM Scraper Malware: Past, Present, and Future. A Trend Micro Research Paper (2014). http://tinyurl.com/jcwc8wz
  15. 15.
    Kaliski, B.S.: An unknown key-share attack on the MQV key agreement protocol. ACM Trans. Inf. Syst. Secur. (TISSEC) 4(3), 275–288 (2001). ACMCrossRefGoogle Scholar
  16. 16.
    Krawczyk, H.: SIGMA: the ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45146-4_24 CrossRefGoogle Scholar
  17. 17.
    Krawczyk, H.: HMQV: a hight performance secure Diffie-Hellman protocol. Cryptology ePrint Archive, Report 2005/176 (2005)Google Scholar
  18. 18.
    Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005). doi:10.1007/11535218_33 CrossRefGoogle Scholar
  19. 19.
    Krawczyk, H.: HMQV in IEEE P1363. Submission to the IEEE P1363 working group. http://tinyurl.com/opjqknd
  20. 20.
    Kumar, S., Paar, C., Pelzl, J., Pfeiffer, G., Rupp, A., Schimmler, M.: How to break DES for Open image in new window 8,980. In: International Workshop on Special-Purpose Hardware for Attacking Cryptographic Systems – SHARCS’06, Cologne, Germany, April 2006Google Scholar
  21. 21.
    LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007). doi:10.1007/978-3-540-75670-5_1 CrossRefGoogle Scholar
  22. 22.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Des. Codes Crypt. 28, 119–134 (2003). SpringerMathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Menezes, A., Van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefMATHGoogle Scholar
  24. 24.
    Menezes, A., Ustaoglu, B.: Comparing the pre- and post-specified peer models for key agreement. Int. J. Appl. Crypt. 1(3), 236–250 (2009). InderscienceMathSciNetCrossRefMATHGoogle Scholar
  25. 25.
    Sarr, A.P., Elbaz–Vincent, P.: On the security of the (F)HMQV protocol. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 207–224. Springer, Cham (2016). doi:10.1007/978-3-319-31517-1_11 CrossRefGoogle Scholar
  26. 26.
    Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A secure and efficient authenticated Diffie–Hellman protocol. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 83–98. Springer, Heidelberg (2010). doi:10.1007/978-3-642-16441-5_6 CrossRefGoogle Scholar
  27. 27.
    Sarr, A.P., Elbaz-Vincent, P., Bajard, J.C.: A secure and efficient authenticated Diffie-Hellman protocol. Cryptology ePrint Archive: Report 2009/408Google Scholar
  28. 28.
    Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A new security model for authenticated key agreement. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 219–234. Springer, Heidelberg (2010). doi:10.1007/978-3-642-15317-4_15 CrossRefGoogle Scholar
  29. 29.
    Shoup, V.: On formal models for secure key exchange. Cryptology ePrint Archive, 1999/012 (1999)Google Scholar
  30. 30.
    Trend Labs Security Intelligence Blog: RawPOS Technical Brief. http://tinyurl.com/joyazja
  31. 31.
    TCG: Trusted Platform Module Library Part 3: Commands, Level 00 Revision 01.38 (2016)Google Scholar
  32. 32.
    Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Des. Codes Crypt. 46(3), 329–342 (2008)MathSciNetCrossRefMATHGoogle Scholar
  33. 33.
    VISA Data Security Alert: Retail Merchants Targeted by Memory-Parsing Malware 2013. http://tinyurl.com/j3duvlg
  34. 34.
    Yao, A.C., Zhao, Y.: Deniable internet key exchange. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 329–348. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13708-2_20 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Laboratoire ACCAUniversité Gaston Berger de Saint-LouisSaint LouisSenegal

Personalised recommendations