Deniable Authenticated Key Establishment for Internet Protocols

We propose two public-key schemes to achieve “deniable authentication” for the Internet Key Exchange (IKE). Our protocols can be implemented using different concrete mechanisms and we discuss different options; in particular we suggest solutions based on elliptic curve pairings. The protocol designs use the modular construction method of Canetti and Krawczyk which provides the basis for a proof of security. Our schemes can, in some situations, be more efficient than existing IKE protocols as well as having stronger deniability properties.

[1]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[2]  Andreas Enge,et al.  Practical Non-Interactive Key Distribution Based on Pairings , 2002, IACR Cryptology ePrint Archive.

[3]  Steven D. Galbraith,et al.  Supersingular Curves in Cryptography , 2001, ASIACRYPT.

[4]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[5]  Dan Harkins,et al.  Design Rationale for IKEv2 , 2002 .

[6]  Shahrokh Saeednia,et al.  A note on Girault's self-certified model , 2003, Inf. Process. Lett..

[7]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[8]  Hugo Krawczyk,et al.  SIGMA: The 'SIGn-and-MAc' Approach to Authenticated Diffie-Hellman and Its Use in the IKE-Protocols , 2003, CRYPTO.

[9]  Paulo S. L. M. Barreto,et al.  Efficient Algorithms for Pairing-Based Cryptosystems , 2002, CRYPTO.

[10]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[11]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[12]  K. Paterson,et al.  On The Plausible Deniability Feature of Internet Protocols , 2002 .

[13]  Pau-Chen Cheng An architecture for the Internet Key Exchange Protocol , 2001, IBM Syst. J..

[14]  Jianying Zhou,et al.  Further analysis of the Internet key exchange protocol , 2000, Comput. Commun..

[15]  Steven D. Galbraith,et al.  Implementing the Tate Pairing , 2002, ANTS.

[16]  M. S. Borella Methods and protocols for secure key negotiation using IKE , 2000 .

[17]  Alfred Menezes,et al.  Reducing elliptic curve logarithms to logarithms in a finite field , 1993, IEEE Trans. Inf. Theory.

[18]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[19]  Andreas Enge,et al.  Building Curves with Arbitrary Small MOV Degree over Finite Prime Fields , 2004, Journal of Cryptology.

[20]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[21]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[22]  Hugo Krawczyk,et al.  Security Analysis of IKE's Signature-Based Key-Exchange Protocol , 2002, CRYPTO.

[23]  Paulo S. L. M. Barreto,et al.  Constructing Elliptic Curves with Prescribed Embedding Degrees , 2002, SCN.

[24]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[25]  Marc Girault,et al.  Self-Certified Public Keys , 1991, EUROCRYPT.

[26]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[27]  Radia J. Perlman,et al.  Key Exchange in IPSec: Analysis of IKE , 2000, IEEE Internet Comput..

[28]  Jianying Zhou Fixing of security flaw in IKE protocols , 1999 .

[29]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[30]  Bruce Schneier,et al.  A Cryptographic Evaluation of IPsec , 1999 .

[31]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[32]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[33]  Eric R. Verheul,et al.  Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems , 2001, Journal of Cryptology.