Authenticated Key Exchange with Entities from Different Settings and Varied Groups

Authenticated key exchange (AKE) protocol is one of the most widely used cryptographic primitives, and lots of protocols have been proposed either in the certificate-based (cert-based) setting or in the identity-based (id-based) setting. In practical applications, entities from different settings may have the requirement to communicate with each other. Though there are works concentrated on supporting either multiple certification authorities (CAs) or multiple key generation centers (KGCs), very few papers have focused on the interoperability between the two settings. Furthermore, existing approaches are still inadequate in supporting parameters from different algebraic groups introduced by multiple CAs and multiple KGCs. In this paper, we focus on AKE protocols integrating cert-based settings and id-based settings with varied groups, and propose an AKE protocol where one entity is cert-based and the other is id-based, and the parameters of both entities may come from different groups. An extended AKE security model of [6,22] is proposed to support multiple KGCs and CAs. The proposed protocol is proved to be secure in the extended security model. Finally, we extend the protocol to achieve forward secrecy and resistance to leakage of both ephemeral keys.

[1]  Kim-Kwang Raymond Choo,et al.  Strongly-Secure Identity-Based Key Agreement and Anonymous Extension , 2007, ISC.

[2]  Yongge Wang Efficient Identity-Based and Authenticated Key Agreement Protocol , 2013, Trans. Comput. Sci..

[3]  Sanjit Chatterjee,et al.  A Generic Variant of NIST's KAS2 Key Agreement Protocol , 2011, ACISP.

[4]  Zhenfu Cao,et al.  An ID-based authenticated key exchange protocol based on bilinear Diffie-Hellman problem , 2009, ASIACCS '09.

[5]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[6]  Berkant Ustaoglu,et al.  Integrating identity-based and certificate-based authenticated key exchange protocols , 2011, International Journal of Information Security.

[7]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[8]  Hyang-Sook Lee,et al.  IDENTITY BASED AUTHENTICATED KEY AGREEMENT FROM PAIRINGS , 2005 .

[9]  Jean-Claude Bajard,et al.  A New Security Model for Authenticated Key Agreement , 2010, SCN.

[10]  Paulo S. L. M. Barreto,et al.  A New Two-Party Identity-Based Authenticated Key Agreement , 2005, CT-RSA.

[11]  Nigel P. Smart,et al.  AN IDENTITY BASED AUTHENTICATED KEY AGREEMENT PROTOCOL BASED ON THE WEIL PAIRING , 2001 .

[12]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[13]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[14]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[15]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[16]  Rosario Gennaro,et al.  Making the Diffie-Hellman Protocol Identity-Based , 2010, CT-RSA.

[17]  Liqun Chen,et al.  Identity-based key agreement protocols from pairings , 2017, International Journal of Information Security.

[18]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[19]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[20]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[21]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[22]  Christoph G. Günther,et al.  An Identity-Based Key-Exchange Protocol , 1990, EUROCRYPT.