On the leakage-resilient key exchange

Abstract Typically, secure channels are constructed from an authenticated key exchange (AKE) protocol, which authenticates the communicating parties based on long-term public keys and establishes secret session keys. In this paper we address the partial leakage of long-term secret keys of key exchange protocol participants due to various side-channel attacks. Security models for two-party authenticated key exchange protocols have been developed over time to provide security even when the adversary learns certain secret values. This paper combines and extends the advances of security modelling for AKE protocols addressing more granular partial leakage of long-term secrets of protocol participants. Further, we fix some flaws in security proofs of previous leakage-resilient key exchange protocols.

[1]  Vinod Vaikuntanathan,et al.  Simultaneous Hardcore Bits and Cryptography against Memory Attacks , 2009, TCC.

[2]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[3]  David P. Jablon Strong password-only authenticated key exchange , 1996, CCRV.

[4]  Yael Tauman Kalai,et al.  Overcoming the Hole in the Bucket: Public-Key Cryptography Resilient to Continual Memory Leakage , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[5]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[6]  Cas J. F. Cremers Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK , 2011, ASIACCS '11.

[7]  Yehuda Lindell,et al.  Introduction to Modern Cryptography , 2004 .

[8]  Robert H. Sloan,et al.  Examining Smart-Card Security under the Threat of Power Analysis Attacks , 2002, IEEE Trans. Computers.

[9]  Tatsuaki Okamoto,et al.  Leakage resilient eCK-secure key exchange protocol without random oracles , 2011, ASIACCS '11.

[10]  Guy N. Rothblum,et al.  Leakage-Resilient Signatures , 2010, TCC.

[11]  Shai Halevi,et al.  After-the-Fact Leakage in Public-Key Encryption , 2011, IACR Cryptol. ePrint Arch..

[12]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[13]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[14]  Hugo Krawczyk,et al.  On Extract-then-Expand Key Derivation Functions and an HMAC-based KDF ∗ , 2008 .

[15]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[16]  Douglas Stebila,et al.  Continuous After-the-Fact Leakage-Resilient eCK-Secure Key Exchange , 2015, IMACC.

[17]  Atsushi Fujioka,et al.  Strongly Secure Authenticated Key Exchange without NAXOS' Approach , 2009, IWSEC.

[18]  Stefan Mangard,et al.  Power and EM Attacks on Passive 13.56 MHz RFID Devices , 2007, CHES.

[19]  Mohsen Toorani On Continuous After-the-Fact Leakage-Resilient Key Exchange , 2014, IACR Cryptol. ePrint Arch..

[20]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[21]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[22]  Tatsuaki Okamoto,et al.  An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles , 2009, ProvSec.

[23]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[24]  Moti Yung,et al.  A New Randomness Extraction Paradigm for Hybrid Encryption , 2009, EUROCRYPT.

[25]  Krzysztof Pietrzak,et al.  A Leakage-Resilient Mode of Operation , 2009, EUROCRYPT.

[26]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[27]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[29]  Philip D. MacKenzie,et al.  More Efficient Password-Authenticated Key Exchange , 2001, CT-RSA.

[30]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[31]  Colin Boyd,et al.  On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited , 2004, SCN.

[32]  Dario Fiore,et al.  Verifiable Random Functions from Identity-Based Key Encapsulation , 2009, EUROCRYPT.

[33]  Jaideep Vaidya,et al.  Information Systems Security , 2014, Lecture Notes in Computer Science.

[34]  Colin Boyd,et al.  Modelling after-the-fact leakage for key exchange , 2014, IACR Cryptol. ePrint Arch..

[35]  R. Ragel,et al.  Side Channel Attacks: Measures and Countermeasures , 2007 .

[36]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[37]  Moni Naor,et al.  Public-Key Cryptosystems Resilient to Key Leakage , 2012, SIAM J. Comput..

[38]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[39]  Mihir Bellare,et al.  The Oracle Diffie-Hellman Assumptions and an Analysis of DHIES , 2001, CT-RSA.

[40]  Janaka Alawatugoda On the leakage resilience of secure channel establishment , 2015 .

[41]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[42]  Stefan Dziembowski,et al.  Leakage-Resilient Cryptography From the Inner-Product Extractor , 2011, IACR Cryptol. ePrint Arch..

[43]  Moti Yung,et al.  Signatures Resilient to Continual Leakage on Memory and Computation , 2011, IACR Cryptol. ePrint Arch..

[44]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[45]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[46]  Zheng Yang,et al.  Efficient eCK-secure Authenticated Key Exchange Protocols in the Standard Model , 2013, IACR Cryptol. ePrint Arch..

[47]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[48]  Hugo Krawczyk,et al.  HMAC-based Extract-and-Expand Key Derivation Function (HKDF) , 2010, RFC.

[49]  Vinod Vaikuntanathan,et al.  Signature Schemes with Bounded Leakage Resilience , 2009, ASIACRYPT.

[50]  Janaka Alawatugoda,et al.  Countermeasures against Bernstein's remote cache timing attack , 2011, 2011 6th International Conference on Industrial and Information Systems.