Design and Analysis of Diffie-Hellman-Based Key Exchange Using One-time ID by SVO Logic

Authenticated key exchange protocols have been developed to establish secure channel on the Internet. In this paper, we consider following attacks against an authenticated key exchange using shared secret: eavesdropping, DoS attack, replay attack, and impersonation. Besides prevention from all these attacks, efficiency is also important. In this paper, we propose a three-party authenticated key exchange protocol based on Diffie-Hellman key exchange with one-time ID, which is a user's extraordinary identity used only once [K. Imamoto, K. Sakurai, Notes on Dynamic Information Management for Authenticated Key Exchange, ISEC, March 2003; H. Krawczyk, The IKE-SIGMA Protocol, Internet Draft, Nov 2001. http://www.ee.technion.ac.il/~hugo/draft-krawczyk-ipsec-ike-sigma-00.txt]. Moreover, we analyze our proposal by SVO Logic, which is one of formal methods to analyze cryptographic protocols [P. Syverson and P. C. van Oorschot. A Unified Cryptographic Protocol Logic. NRL CHAOS Report, 5540-227, 1996; P. Syverson and I. Cervesato. The Logic of Authentication Protocols. FOSAD'00, LNCS2171, pp.63-137, 2001], and show what assumptions are needed.

[1]  Hung-Min Sun,et al.  Provably Secure Three-Party Password-Authenticated Key Exchange , 2004 .

[2]  P. Syverson,et al.  A Unified Cryptographic Protocol Logic , 1996 .

[3]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[4]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[5]  Sarvar Patel,et al.  Password-Authenticated Key Exchange Based on RSA , 2000, ASIACRYPT.

[6]  Paul F. Syverson,et al.  The Logic of Authentication Protocols , 2000, FOSAD.

[7]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[8]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[9]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[10]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[11]  Sarvar Patel,et al.  Provably Secure Password-Authenticated Key Exchange Using Diffie-Hellman , 2000, EUROCRYPT.

[12]  Radia J. Perlman,et al.  Analysis of the IPSec key exchange standard , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.