Unified security model of authenticated key exchange with specific adversarial capabilities

The most widely accepted models in the security proofs of authenticated key exchange protocols are the Canetti–Krawczyk (CK) and extended CK models that admit different adversarial queries with ambiguities and incomparable strength. It is desirable to incorporate specific and powerful adversarial queries into a single unified security model and establish a more practical oriented security notion. Concerning the security of one-round implicitly authenticated Diffie–Hellman (DH) key exchange protocols, the authors present a unified security model that has many advantages over the previous ones. In the model, a system environment is set up, all of adversarial queries are practically interpreted and definitely characterised through physical environment, and some rigorous rules of secret leakage are also specified. To demonstrate usability of their model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented strong security notion and attains high efficiency. The protocol is proven secure in random oracle model under gap DH assumption.

[1]  Jean-Claude Bajard,et al.  A Secure and Efficient Authenticated Diffie-Hellman Protocol , 2009, EuroPKI.

[2]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[3]  Cas J. F. Cremers,et al.  One-round Strongly Secure Key Exchange with Perfect Forward Secrecy and Deniability , 2011, IACR Cryptol. ePrint Arch..

[4]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[5]  Yunlei Zhao,et al.  OAKE: a new family of implicitly authenticated diffie-hellman protocols , 2013, CCS.

[6]  Cas J. F. Cremers Formally and Practically Relating the CK, CK-HMQV, and eCK Security Models for Authenticated Key Exchange , 2009, IACR Cryptol. ePrint Arch..

[7]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[8]  Berkant Ustaoglu,et al.  Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman Protocols , 2009, ProvSec.

[9]  Hovav Shacham,et al.  Hedged Public-Key Encryption: How to Protect against Bad Randomness , 2009, ASIACRYPT.

[10]  Philippe Elbaz-Vincent,et al.  A Complementary Analysis of the (s)YZ and DIKE Protocols , 2012, AFRICACRYPT.

[11]  Manuel Blum,et al.  Non-interactive zero-knowledge and its applications , 1988, STOC '88.

[12]  Thomas Peyrin,et al.  Side-Channel Analysis of Six SHA-3 Candidates , 2010, CHES.

[13]  Cas J. F. Cremers Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK , 2011, ASIACCS '11.

[14]  Tatsuaki Okamoto,et al.  Authenticated Key Exchange and Key Encapsulation in the Standard Model , 2007, ASIACRYPT.

[15]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[16]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[17]  Cas J. F. Cremers,et al.  Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal , 2012, ESORICS.

[18]  Kenneth G. Paterson,et al.  Efficient One-Round Key Exchange in the Standard Model , 2008, ACISP.

[19]  Jean-Claude Bajard,et al.  A New Security Model for Authenticated Key Agreement , 2010, SCN.

[20]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[21]  Atsushi Fujioka,et al.  Strongly secure authenticated key exchange from factoring, codes, and lattices , 2012, Des. Codes Cryptogr..

[22]  Yunlei Zhao,et al.  A New Family of Practical Non-Malleable Protocols , 2011, IACR Cryptol. ePrint Arch..

[23]  Tatsuaki Okamoto,et al.  An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles , 2009, ProvSec.

[24]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[25]  Yunlei Zhao,et al.  Taxonomical Security Consideration of Authenticated Key Exchange Resilient to Intermediate Computation Leakage , 2011, ProvSec.

[26]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.