Skip to main content
SpringerLink
Log in

Anonymity and one-way authentication in key exchange protocols

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Aiello W., Bellovin S.M., Blaze M., Canetti R., Ioannidis J., Keromytis A.D., Reingold O. (2004) Just Fast Keying: key agreement in a hostile Internet. ACM Trans. Inform. Syst. Secur. 7(2): 1–30. doi: 10.1145/996943.996946

    Article  Google Scholar 

  2. Bellare M., Rogaway P.: Entity authentication and key distribution. In: Stinson D.R. (ed.) Advances in Cryptology—Proc. CRYPTO ’93, LNCS, vol. 773, pp. 232–249. Springer (1993). doi:10.1007/3-540-48329-2_21.

  3. Bellare M., Pointcheval D., Rogaway P.: Authenticated key exchange secure against dictionary attacks. In: Preneel B. (ed.) Advances in Cryptology—Proc. EUROCRYPT 2000, LNCS, vol. 1807, pp. 139–155. Springer (2000). doi:10.1007/3-540-45539-6_11.

  4. Bellovin S.M., Merritt M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the 1992 IEEE Computer Society Conference on Research in Security and Privacy. IEEE (1992). doi:10.1109/RISP.1992.213269.

  5. Blake-Wilson S., Johnson D., Menezes A.: Key agreement protocols and their security analysis. In: Darnell M. (ed.) Cryptography and Coding—6th IMA International Conference, LNCS, vol. 1355. Springer (1997). doi:10.1007/BFb0024447.

  6. Canetti R., Krawczyk H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann B. (ed.) Advances in Cryptology—Proc. EUROCRYPT 2001, LNCS, vol. 2045, pp. 453–474. Springer (2001). doi:10.1007/3-540-44987-6_28

  7. Canetti R., Krawczyk H.: Security analysis of IKE’s signature based key-exchange protocol. In: Yung M. (ed.) Advances in Cryptology—Proc. CRYPTO 2002, LNCS, vol. 2442, pp. 27–52. Springer (2002). doi:10.1007/3-540-45708-9_10. Full version available as http://eprint.iacr.org/2002/120.

  8. Cheng Z., Chen L., Comley R., Tang Q.: Identity-based key agreement with unilateral identity privacy using pairings. In: Chen K., Deng R., Lai X., Zhou J. (eds.) Proc. Information Security Practice and Experience (ISPEC) 2006, LNCS, vol. 3903, pp. 202–213. Springer (2006). doi:10.1007/11689522_19.

  9. Chien H.Y.: ID-based key agreement with anonymity for ad hoc networks. In: Huo T.W., Sha E., Guo M., Yang L., Shao Z. (eds.) Proc. Embedded and Ubiquitous Computing (EUC) 2007, LNCS, vol. 4808, pp. 333–345. Springer (2007). doi:10.1007/978-3-540-77092-3_29.

  10. Chow S.S.M., Choo K.K.R.: Strongly-secure identity-based key agreement and anonymous extension. In: Garay J., Lenstra A., Mambo M., Peralta R. (eds.) Proc. 10th International Conference on Information Security Conference (ISC) 2007, LNCS, vol. 4779, pp. 203–220. Springer (2007). doi:10.1007/978-3-540-75496-1_14.

  11. Di Raimondo M., Gennaro R., Krawczyk H.: Deniable authentication and key exchange. In: Wright R., De Capitani de Vimercati S., Shmatikov V. (eds.) Proc. 13th ACM Conference on Computer and Communications Security (CCS), pp. 400–409. ACM (2006). doi:10.1145/1180405.1180454.

  12. Dierks T., Allen C.: The TLS protocol version 1.0 (1999). http://www.ietf.org/rfc/rfc2246.txt. RFC 2246.

  13. Dierks T., Rescorla E.: The Transport Layer Security (TLS) protocol version 1.2 (2008). http://www.ietf.org/rfc/rfc5246.txt. RFC 5246.

  14. Diffie W., Hellman M.E. (1976) New directions in cryptography. IEEE Trans. Inform. Theory 22(6): 644–654

    Article  MathSciNet  MATH  Google Scholar 

  15. Dingledine R., Mathewson N., Syverson P.: Tor: the second-generation onion router. In: Proc. 13th USENIX Security Symposium. The USENIX Association (2004). http://www.usenix.org/events/sec04/tech/dingledine.html.

  16. Fiore D., Gennaro R., Smart N.P.: Constructing certificateless encryption and ID-based encryption from ID-based key agreement. In: Joye M., Miyaji A., Otsuka A. (eds.) Proc. Pairing-Based Cryptography (Pairing) 2010, LNCS, vol. 6487, pp. 167–186. Springer (2010). doi:10.1007/978-3-642-17455-1_11.

  17. Goldberg I.: On the security of the Tor authentication protocol. In: Danezis G., Golle P. (eds.) Privacy Enhancing Technologies (PET) 2006, LNCS, vol. 4258, pp. 316–331. Springer (2006). doi:10.1007/11957454_18

  18. Google: The Official Google Blog—search more securely with encrypted Google web search (2010). http://googleblog.blogspot.com/2010/05/search-more-securely-with-encrypted.html

  19. Kate A., Zaverucha G.M., Goldberg I. (2010) Pairing-based onion routing with improved forward secrecy. ACM Trans. Inform. Syst. Secur. 13(4): 29. doi:10.1145/1880022.1880023

    Article  Google Scholar 

  20. Krawczyk H.: SIGMA: The ‘SIGn-and-MAc’ approach to authenticated Diffie-Hellman and its use in the IKE protocols. In: Boneh D. (ed.) Advances in Cryptology—Proc. CRYPTO 2003, LNCS, vol. 2729, pp. 400–425. Springer (2003). doi:10.1007/b11817. Full version available as http://www.ee.technion.ac.il/~hugo/sigma.ps.

  21. Krawczyk H.: HMQV: A high-performance secure Diffie-Hellman protocol. In: Cramer R. (ed.) Advances in Cryptology—Proc. CRYPTO 2005, LNCS, vol. 3621, pp. 546–566. Springer (2005). doi:10.1007/11535218_33.

  22. LaMacchia B., Lauter K., Mityagin A.: Stronger security of authenticated key exchange. In: Susilo W., Liu J.K., Mu Y. (eds.) First International Conference on Provable Security (ProvSec) 2007, LNCS, vol. 4784, pp. 1–16. Springer (2007). doi:10.1007/978-3-540-75670-5_1.

  23. Law L., Menezes A.J., Qu M., Solinas J., Vanstone S.: An efficient protocol for authenticated key agreement. Des. Codes Cryptogr. 28, 119–134 (2003). doi:10.1023/A:1022595222606. Previously appeared as http://www.cacr.math.uwaterloo.ca/techreports/1998/corr98-05.pdf.

  24. Menezes A.J., Ustaoglu B.: Comparing the pre- and post-specified peer models for key agreement. Int. J. Appl. Cryptogr. 1(3), 236–250 (2009). doi:10.1504/IJACT.2009.023472.

    Google Scholar 

  25. Menezes A., van Oorschot P.C., Vanstone S.A. (1997) Handbook of Applied Cryptography. CRC Press, Boca Raton, FL, USA

    MATH  Google Scholar 

  26. Morrissey P., Smart N.P., Warinschi B.: A modular security analysis of the TLS handshake protocol. In: Pieprzyk J. (ed.) Advances in Cryptology—Proc. ASIACRYPT 2008, LNCS, vol. 5350, pp. 55–73 (2008). doi:10.1007/978-3-540-89255-7_5.

  27. M’Raïhi D., Naccache D.: Batch exponentiations: a fast DLP-based signature generation strategy. In: Gong L., Stern J. (eds.) CCS 1996: Proceedings of the 3rd ACM Conference on Computer and Communications Security, pp. 58–61. ACM (1996). doi:10.1145/238168.238187.

  28. NIST National Institute of Standards and Technology: Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (2007). http://csrc.nist.gov/publications/PubsSPs.html.

  29. NIST National Institute of Standards and Technology: Special Publication 800-56B, Recommendation for Pair-Wise Key Establishment Schemes Using Integer Factorization Cryptography (2009). http://csrc.nist.gov/publications/PubsSPs.html.

  30. OpenSSL Project, The: OpenSSL v1.0.0d (2011). http://www.openssl.org/.

  31. Øverlier L., Syverson P.: Improving efficiency and simplicity of Tor circuit establishment and hidden services. In: Privacy Enhancing Technologies, LNCS, vol. 4776, pp. 134–152. Springer (2007). doi:10.1007/978-3-540-75551-7_9.

  32. Pfitzmann A., Hansen M.: A terminology for talking about privacy by data minimization: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management (2010). http://dud.inf.tu-dresden.de/Anon_Terminology.shtml. V0.34.

  33. Rahman S.M.M., Inomata A., Okamoto T., Mambo M., Okamoto E.: Anonymous secure communication in wireless mobile ad-hoc networks. In: Stajano F., Kim H.J., Chae J.S., Kim S.D. (eds.) Proc. International Converence on Ubiquitous Convergence Technology (ICUCT) 2006, LNCS, vol. 4412, pp. 140–149. Springer (2007). doi:10.1007/978-3-540-71789-8_15.

  34. Shoup V.: On formal models for secure key exchange (version 4) (1999). http://shoup.net/papers/skey.pdf.

  35. Singel R.: Charter to snoop on broadband customers’ web histories for ad networks (2008). http://www.wired.com/threatlevel/2008/05/charter-to-inse/.

  36. Slashdot: ISPs inserting ads into your pages (2007). http://yro.slashdot.org/yro/07/06/23/1233212.shtml.

  37. Tor Project: Homepage (2011). http://www.torproject.org/.

Download references

Author information

Authors and Affiliations

  1. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada

    Ian Goldberg

  2. Information Security Institute, Queensland University of Technology, Brisbane, QLD, Australia

    Douglas Stebila

  3. Faculty of Engineering and Natural Sciences, Sabanci University, Istanbul, Turkey

    Berkant Ustaoglu

Authors
  1. Ian Goldberg
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Douglas Stebila
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Berkant Ustaoglu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Douglas Stebila.

Additional information

Communicated by C. Cid.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Goldberg, I., Stebila, D. & Ustaoglu, B. Anonymity and one-way authentication in key exchange protocols. Des. Codes Cryptogr. 67, 245–269 (2013). https://doi.org/10.1007/s10623-011-9604-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-011-9604-z

Keywords

Mathematics Subject Classification (2000)

Search

Navigation