Abstract
We present an enhanced security model for the authenticated key exchange (AKE) protocols to capture the pre-master secret replication attack and to avoid the controversial random oracle assumption in the security proof. Our model treats the AKE protocol as two relatively independent modules, the secret exchange module and the key derivation module, and formalizes the adversarial capabilities and security properties for each of these modules. We prove that the proposed security model is stronger than the extended Canetti-Krawczyk model. Moreover, we introduce NACS, a two-pass AKE protocol which is secure in the enhanced model. NACS is practical and efficient, since it reqires less exponentiations, and, more important, admits a tight security reduction with weaker standard cryptographic assumptions. Finally, the compact and elegant security proof of NACS shows that our method is reasonable and effective.
This work was supported by the National Natural Science Foundation of China under Grant #60703094, and the Opening Project of Shanghai Key Laboratory of Integrate Administration Technologies for Information Security.
Chapter PDF
Similar content being viewed by others
References
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. Journal of the ACM 51(4), 557–594 (2004)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Cremers, C.J.: Formally and practically relating the CK, CK-HMQV, and eCK security models for authenticated key exchange. Cryptology ePrint Archive, Report 2009/253 (2009), http://eprint.iacr.org/
Cremers, C.J.: Session-state Reveal is stronger than Ephemeral Key Reveal: Attacking the NAXOS authenticated key exchange protocol. In: Abdalla, M., Pointcheval, D., Fouque, P.-A., Vergnaud, D. (eds.) ACNS 2009. LNCS, vol. 5536, pp. 20–33. Springer, Heidelberg (2009)
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)
Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Moriyama, D., Okamoto, T.: An eCK-secure authenticated key exchange protocol without random oracles. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol. 5848, pp. 154–167. Springer, Heidelberg (2009)
M’Raïhi, D., Naccache, D.: Batch exponentiation: a fast dlp-based signature generation strategy. In: Gong, L., Stern, J. (eds.) Proceedings of the 3rd ACM Conference on Computer and Communications Security, CCS 1996, pp. 58–61. ACM Press, New York (1996)
Okamoto, T.: Authenticated key exchange and key encapsulation in the standard model. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 474–484. Springer, Heidelberg (2007)
Okamoto, T., Pointcheval, D.: The gap-problems: a new class of problems for the security of cryptographic schemes. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 104–118. Springer, Heidelberg (2001)
Pointcheval, D., Stern, J.: Security arguments for digital signatures and blind signatures. Journal of Cryptology 13(3), 361–396 (2000)
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A new security model for authenticated key agreement. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 219–234. Springer, Heidelberg (2010)
Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. Designs, Codes and Cryptography 46(3), 329–342 (2008)
Ustaoglu, B.: Comparing SessionStateReveal and EphemeralKeyReveal for Diffe-Hellman protocol. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol. 5848, pp. 183–197. Springer, Heidelberg (2009)
Wang, L., Pan, J., Ma, C.: A modular proof technique for password-based authenticated key exchange protocols. In: INSCRYPT 2010 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pan, J., Wang, L., Ma, C. (2010). Security Enhancement and Modular Treatment towards Authenticated Key Exchange. In: Soriano, M., Qing, S., López, J. (eds) Information and Communications Security. ICICS 2010. Lecture Notes in Computer Science, vol 6476. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17650-0_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-17650-0_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17649-4
Online ISBN: 978-3-642-17650-0
eBook Packages: Computer ScienceComputer Science (R0)