Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices

In this paper, we consider the problem of mutually authenticated key exchanges between a low-power client and a powerful server. We show how the Jakobsson-Pointcheval scheme proposed recently [15] can be compromised using a variant of interleaving attacks. We also propose a new scheme for achieving mutually authenticated key exchanges. The protocol is proven correct within a variant of Bellare-Rogaway model [3,4]. This protocol gives the same scalability as other publickey based authenticated key exchange protocols but with much higher efficiency and fewer messages. It only takes 20 msec total computation time on a PalmPilot and has only three short messages exchanged during the protocol.

[1]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[2]  Alan O. Freier,et al.  SSL Protocol Version 3.0 Internet Draft , 1996 .

[3]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[4]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[5]  Christopher Carroll,et al.  The Software-Oriented Stream Cipher SSC2 , 2000, FSE.

[6]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[7]  Ashar Aziz,et al.  Privacy and authentication for wireless local area networks , 1994, IEEE Personal Communications.

[8]  Joan Daemen,et al.  AES Proposal : Rijndael , 1998 .

[9]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[10]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[11]  Markus Jakobsson,et al.  Mutual Authentication for Low-Power Mobile Devices , 2002, Financial Cryptography.

[12]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[13]  Mihir Bellare,et al.  Lecture Notes on Cryptography , 2001 .

[14]  Duncan S. Wong,et al.  Mutual authentication and key exchange for low power wireless communications , 2001, 2001 MILCOM Proceedings Communications for Network-Centric Operations: Creating the Information Force (Cat. No.01CH37277).

[15]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[16]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Moti Yung,et al.  Systematic Design of Two-Party Authentication Protocols , 1991, CRYPTO.

[19]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[20]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[21]  Alfred Menezes,et al.  Authenticated Diffie-Hellman Key Agreement Protocols , 1998, Selected Areas in Cryptography.

[22]  Chris J. Mitchell,et al.  Limitations of challenge-response entity authentication , 1989 .

[23]  Duncan S. Wong,et al.  The performance measurement of cryptographic primitives on palm devices , 2001, Seventeenth Annual Computer Security Applications Conference.

[24]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[25]  Chae Hoon Lim,et al.  A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp , 1997, CRYPTO.

[26]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..