Formally and Practically Relating the CK, CK-HMQV, and eCK Security Models for Authenticated Key Exchange

Many recent key exchange (KE) protocols have been proven secure in the CK, CK-HMQV, or eCK security models. The exact relation between these security models, and hence between the security guarantees provided by the protocols, is unclear. First, we show that the CK, CK-HMQV, and eCK security models are formally incomparable. Second, we show that these models are also practically incomparable, by providing for each model attacks that are not considered by the other models. Our analysis enables us to find several previously unreported flaws in existing protocol security proofs. We identify the causes of these flaws and show how they can be avoided.

[1]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[2]  Alfred Menezes,et al.  Comparing the pre- and post-specified peer models for key agreement , 2009, Int. J. Appl. Cryptogr..

[3]  Jooyoung Lee,et al.  An Efficient Authenticated Key Exchange Protocol with a Tight Security Reduction , 2008, IACR Cryptol. ePrint Arch..

[4]  Zhenfu Cao,et al.  Strongly Secure Authenticated Key Exchange Protocol Based on Computational Diffie-Hellman Problem , 2008, IACR Cryptol. ePrint Arch..

[5]  Tatsuaki Okamoto,et al.  An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles , 2009, ProvSec.

[6]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[7]  Colin Boyd,et al.  On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited , 2004, SCN.

[8]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[9]  Elaine B. Barker,et al.  SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised) , 2007 .

[10]  Tatsuaki Okamoto,et al.  Authenticated Key Exchange and Key Encapsulation in the Standard Model , 2007, ASIACRYPT.

[11]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[12]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[13]  SeongHan Shin,et al.  Partnership in key exchange protocols , 2009, ASIACCS '09.

[14]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[15]  Je Hong Park,et al.  Authenticated Key Exchange Secure under the Computational Diffie-Hellman Assumption , 2008, IACR Cryptol. ePrint Arch..

[16]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[17]  Wang Jiandong,et al.  Formal Proof of Relative Strengths of Security between ECK2007 Model and other Proof Models for Key Agreement Protocols , 2007 .

[18]  Serge Vaudenay,et al.  Authenticated Multi-Party Key Agreement , 1996, ASIACRYPT.

[19]  Chuangui Ma,et al.  A New Efficient and Strongly Secure Authenticated Key Exchange Protocol , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[20]  Yongjun Ren,et al.  Formal Proof of Relative Strengths of Security between ECK2007 Model and other Proof Models for Key Agreement Protocols , 2008, IACR Cryptol. ePrint Arch..

[21]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[22]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[23]  Atsushi Fujioka,et al.  Strongly Secure Authenticated Key Exchange without NAXOS' Approach , 2009, IWSEC.

[24]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[25]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[26]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..