Analysis and Improvement of an Authenticated Key Exchange Protocol

In this paper, we analyze and improve an authenticated key exchange protocol named as UP which is proposed in a recent paper. We present a key compromise impersonation (KCI) attack and a secret replication (SR) attack against up. In order to formally capture these attacks, a variant of Canetti-Krawczyk model named as vCK model is proposed. Using this variant, we describe a successful KCI attack and a successful SR attack against up. To avoid the attacks, we provide an improved protocol named as UP+ by binding the shared secret to the session identifier. UP+ is provably secure under the hardness of the Gap Diffie-Hellman problem in the random oracle model. Our improved protocol combines the higher security level with comparable efficiency.

[1]  Cas J. F. Cremers Formally and Practically Relating the CK, CK-HMQV, and eCK Security Models for Authenticated Key Exchange , 2009, IACR Cryptol. ePrint Arch..

[2]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[3]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[4]  Cas J. F. Cremers Session-state Reveal Is Stronger Than Ephemeral Key Reveal: Attacking the NAXOS Authenticated Key Exchange Protocol , 2009, ACNS.

[5]  Berkant Ustaoglu,et al.  Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS , 2008, Des. Codes Cryptogr..

[6]  Mihir Bellare,et al.  The Knowledge-of-Exponent Assumptions and 3-Round Zero-Knowledge Protocols , 2004, CRYPTO.

[7]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[8]  Information Security and Privacy , 1996, Lecture Notes in Computer Science.

[9]  Alfred Menezes,et al.  Comparing the Pre- and Post-specified Peer Models for Key Agreement , 2008, ACISP.

[10]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[11]  Berkant Ustaoglu,et al.  Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellman Protocols , 2009, ProvSec.

[12]  Tatsuaki Okamoto,et al.  An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles , 2009, ProvSec.

[13]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[14]  David Pointcheval,et al.  The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes , 2001, Public Key Cryptography.

[15]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[16]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.