A new generic protocol for authentication and key agreement in lightweight systems

In this paper, we propose a new generic authenticated key agreement protocol where the master secret is automatically renewed based on a sequence of hash values, thus providing the system with an extended cryptoperiod. The focus of this work is to formally assess the security o↵ered by the protocol’s key renewing in the case of a long term use of the system. The formal analysis is carried using the automated tools ProVerif and AVISPA. The protocol is designed to be implemented on devices with limited computing and storage resources.

[1]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[2]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[3]  Yuqing Zhang,et al.  A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Public-Key Cryptography , 2007, 2007 International Conference on Computational Intelligence and Security (CIS 2007).

[4]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..

[5]  Seonho Choi Denial-of-service resistant multicast authentication protocol with prediction hashing and one-way key chain , 2005, Seventh IEEE International Symposium on Multimedia (ISM'05).

[6]  Bruno Blanchet,et al.  Automatic verification of correspondences for security protocols , 2008, J. Comput. Secur..

[7]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[8]  Bernard Aboba,et al.  Extensible Authentication Protocol (EAP) , 2004, RFC.

[9]  Naïm Qachri,et al.  The flaws and critics about the security layer for the Wimedia MAC standard , 2009 .

[10]  Markus Jakobsson,et al.  Efficient Constructions for One-Way Hash Chains , 2005, ACNS.

[11]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[12]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[13]  Byrav Ramamurthy,et al.  An Authenticated Key Agreement Protocol for Mobile Ad Hoc Networks , 2006, MSN.

[14]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[15]  Dong Hoon Lee,et al.  One-Round Protocols for Two-Party Authenticated Key Exchange , 2004, ACNS.

[16]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[17]  Larry J. Blunk,et al.  PPP Extensible Authentication Protocol (EAP) , 1998, RFC.

[18]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[19]  Yacine Challal,et al.  Efficient multicast source authentication using layered hash-chaining scheme , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[20]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.