Combined Security Analysis of the One- and Three-Pass Unified Model Key Agreement Protocols
The unified model (UM) is a family of key agreement protocols that has been standardized by ANSI and NIST. The NIST standard explicitly permits the reuse of a static key pair among the one-pass and three-pass UM protocols. However, a recent study demonstrated that such reuse can lead to security vulnerabilities. In this paper we revisit the security of the one- and three-pass UM protocols when static key pairs are reused. We propose a shared security model that incorporates the individual security attributes of the two protocols. We then show, provided appropriate measures are taken, that the protocols are secure even when static key pairs are reused.
KeywordsRandom Oracle Security Model Negligible Probability Protocol Description Matching Session
Unable to display preview. Download preview PDF.
- 1.ANSI X9.42, Agreement of Symmetric Keys Using Discrete Logarithm Cryptography, American National Standards Institute (2003)Google Scholar
- 2.ANSI X9.63, Key Agreement and Key Transport Using Elliptic Curve Cryptography, American National Standards Institute (2001)Google Scholar
- 11.Menezes, A., Ustaoglu, B.: Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, pp. 261–270. ACM Press, New York (2008)Google Scholar
- 12.SP 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised), National Institute of Standards and Technology (March 2007)Google Scholar