Improving the Security of the HMQV Protocol Using Tamper-Proof Hardware

The full Perfect Forward Secrecy (PFS) is an important security property for Authenticated Key Exchange (AKE) protocols. Unfortunately, Krawczyk has claimed that any one-round implicitly authenticated key exchange protocol could not achieve full PFS but only weak PFS. Although some solutions are proposed in the literature, their protocols maintain secure only in the cases of additional authentication and a constrained adversary. In this paper, we investigate the question of whether tamper-proof hardware can circumvent the full PFS deficiency of one-round implicitly authenticated key exchange protocols. We answer this question in the affirmative by formally proving that the most efficient one-round implicitly authenticated key exchange protocol, HMQV, achieves full PFS under the physical assumption of regarding the existence of tamper-proof hardware.

[1]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[2]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[3]  Kazuki Yoneyama One-Round Authenticated Key Exchange with Strong Forward Secrecy in the Standard Model against Constrained Adversary , 2012, IWSEC.

[4]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[5]  Kristin E. Lauter,et al.  Security Analysis of KEA Authenticated Key Exchange Protocol , 2006, IACR Cryptol. ePrint Arch..

[6]  Marc Fischlin,et al.  Unconditionally-Secure Universally Composable Password-Based Key-Exchange based on One-Time Memory Tokens , 2012, IACR Cryptol. ePrint Arch..

[7]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[8]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[9]  Ivan Damgård,et al.  Isolated Proofs of Knowledge and Isolated Zero Knowledge , 2008, EUROCRYPT.

[10]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[11]  Vladimir Kolesnikov,et al.  Truly Efficient String Oblivious Transfer Using Resettable Tamper-Proof Tokens , 2010, TCC.

[12]  Dengguo Feng,et al.  Comments on the SM2 Key Exchange Protocol , 2011, CANS.

[13]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[14]  Yuval Ishai,et al.  On Efficient Zero-Knowledge PCPs , 2012, TCC.

[15]  Gil Segev,et al.  David and Goliath Commitments: UC Computation for Asymmetric Parties Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[16]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[17]  Dong Hoon Lee,et al.  One-Round Protocols for Two-Party Authenticated Key Exchange , 2004, ACNS.

[18]  Yael Tauman Kalai,et al.  One-Time Programs , 2008, CRYPTO.

[19]  Alfred Menezes,et al.  Another look at HMQV , 2007, J. Math. Cryptol..

[20]  Hideki Imai,et al.  ON SEEKING SMART PUBLIC-KEY-DISTRIBUTION SYSTEMS. , 1986 .

[21]  Cas J. F. Cremers,et al.  One-round Strongly Secure Key Exchange with Perfect Forward Secrecy and Deniability , 2011, IACR Cryptol. ePrint Arch..

[22]  Yunlei Zhao,et al.  OAKE: a new family of implicitly authenticated diffie-hellman protocols , 2013, CCS.

[23]  Colin Boyd,et al.  On Forward Secrecy in One-Round Key Exchange , 2011, IMACC.

[24]  Dengguo Feng,et al.  Security analysis of SM2 key exchange protocol in TPM2.0 , 2015, Secur. Commun. Networks.

[25]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[26]  Hai Huang An eCK-Secure One Round Authenticated Key Exchange Protocol with Perfect Forward Security , 2011, J. Internet Serv. Inf. Secur..

[27]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[28]  Hugo Krawczyk,et al.  Okamoto-Tanaka Revisited: Fully Authenticated Diffie-Hellman with Minimal Overhead , 2010, ACNS.

[29]  Yuval Ishai,et al.  Interactive Locking, Zero-Knowledge PCPs, and Unconditional Cryptography , 2010, Electron. Colloquium Comput. Complex..

[30]  FengDengguo,et al.  Security analysis of SM2 key exchange protocol in TPM2.0 , 2015 .

[31]  Cas J. F. Cremers,et al.  Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal , 2012, ESORICS.

[32]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.