Stronger security model of group key agreement

In PKC 2009, Gorantla, Boyd and González Nieto presented a nice result on modelling security for group key agreement (GKA) protocols. They proposed a novel security model (GBG model) that better supports the adversaries' queries than previous models for GKA protocols by considering KCI resilience. However, ephemeral key leakage attack resistance has been left outside the scope of the GBG model. In this paper, we demonstrate an ephemeral key leakage on an existing GKA protocol which has been shown secure in the GBG model. We then extend the GBG model by allowing the adversary greater attack powers of leaking ephemeral keys in GKA protocol session. We also apply the well known NAX-OS trick to propose an improvement to an existing GKA protocol, which can resist the ephemeral key leakage attack. The security of the improved protocol has been argued under the our new model.

[1]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[2]  Colin Boyd,et al.  Modeling Key Compromise Impersonation Attacks on Group Key Exchange Protocols , 2009, Public Key Cryptography.

[3]  Colin Boyd,et al.  Round-Optimal Contributory Conference Key Agreement , 2003, Public Key Cryptography.

[4]  Kazuki Yoneyama Efficient and Strongly Secure Password-Based Server Aided Key Exchange (Extended Abstract) , 2008, INDOCRYPT.

[5]  Mark Manulis,et al.  Modeling Leakage of Ephemeral Secrets in Tripartite/Group Key Exchange , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[6]  Kenneth G. Paterson,et al.  Tripartite Authenticated Key Agreement Protocols from Pairings , 2003, IMACC.

[7]  Jonathan Katz,et al.  Modeling insider attacks on group key-exchange protocols , 2005, CCS '05.

[8]  Mark Manulis Provably secure group key exchange , 2007 .

[9]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[10]  Lei Hu,et al.  Efficient and Provably Secure Generic Construction of Three-Party Password-Based Authenticated Key Exchange Protocols , 2006, INDOCRYPT.

[11]  Emmanuel Bresson,et al.  Provably authenticated group Diffie-Hellman key exchange , 2001, CCS '01.

[12]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[13]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[14]  Emmanuel Bresson,et al.  Mutual Authentication and Group Key Agreement for low-Power Mobile Devices , 2003, MWCN.

[15]  Emmanuel Bresson,et al.  Provably Authenticated Group Diffie-Hellman Key Exchange - The Dynamic Case , 2001, ASIACRYPT.

[16]  David Pointcheval,et al.  Password-Based Authenticated Key Exchange in the Three-Party Setting , 2005, Public Key Cryptography.

[17]  Emmanuel Bresson,et al.  Securing group key exchange against strong corruptions , 2008, ASIACCS '08.

[18]  Rainer Steinwandt,et al.  Secure group key establishment revisited , 2007, International Journal of Information Security.

[19]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.

[20]  Emmanuel Bresson,et al.  Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions , 2002, EUROCRYPT.