Abstract
Most recent security models for authenticated key exchange (AKE) do not explicitly model the entity authentication, which enables a party to identify its communication peer in specific session. However, it is quite necessary in many real-world applications and is a general way to enhance the security of AKE protocols. Despite much work on AKE, we notice that there is no good definition of entity authentication security involving simultaneous protocol execution that would improve the bandwidth efficiency in practice. Based on eCK model, we define a security model called eCK-A that deals with simultaneous mutual authentication. Besides the eCK-A model particularly formulates the security properties regarding resilience to the leakage of various combinations of long-term key and ephemeral session state, and provision of perfect forward secrecy in a single model. We present a generic protocol compiler to achieve the eCK-A security based on any eCK secure protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
For simplicity, we consider the security of one selective public key pair of each honest party. Of course one my apply the much more complicated certificate authority setting in [4] that each party may possess multiple public keys. But in this case, in the security proof, the adversary still has to choose one uncompromised public key of honest party to attack. On the other hand, we have to consider the model that is compatible to previous model for our upcoming generic protocol transformation.
- 2.
An oracle in this paper might be alternatively written as \(\pi _{\mathsf {ID}_i}^s\) which is conceptually equivalent to \(\pi _{i}^s\).
- 3.
For example, the variable \(\varPsi ^s_i\) might be set as identity \(\mathsf {ID}_j\) and public key \(pk_{\mathsf {ID}_j}\) at some point when the oracle receives a message containing identity related information of its partner; the messages \(m\) and \(m^*\) will be appended to transcript \(rT^s_i\) and \(sT^s_i\) respectively. A protocol here might be either run in pre- or post-specified peer setting [8, 17]. As for a protocol running under post-specified peer setting, we always have that \(\widetilde{\mathsf {ID}_j} = \emptyset \).
References
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, p. 139. Springer, Heidelberg (2000)
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) 6th IMA International Conference on Cryptography and Coding. LNCS, vol. 1355, pp. 30–45. Springer, Berlin (1997)
Boyd, C., Cremers, C., Feltz, M., Paterson, K.G., Poettering, B., Stebila, D.: Asics: authenticated key exchange security incorporating certification systems. IACR Cryptol. ePrint Arch. 2013, 398 (2013)
Boyd, C., González Nieto, J.: On forward secrecy in one-round key exchange. In: Chen, L. (ed.) IMACC 2011. LNCS, vol. 7089, pp. 451–468. Springer, Heidelberg (2011)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, pp. 136–145. IEEE Computer Society Press, October 2001
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Canetti, R., Krawczyk, H.: Security analysis of IKE’s signature-based key-exchange protocol. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 143–161. Springer, Heidelberg (2002). http://eprint.iacr.org/2002/120/
Cremers, C., Feltz, M.: Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 734–751. Springer, Heidelberg (2012)
Fujioka, A., Suzuki, K.: Designing efficient authenticated key exchange resilient to leakage of ephemeral secret keys. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 121–141. Springer, Heidelberg (2011)
Fujioka, A., Suzuki, K., Xagawa, K., Yoneyama, K.: Strongly secure authenticated key exchange from factoring, codes, and lattices. In: Fischlin, M., Buchmann, J., Manulis, M. (eds.) PKC 2012. LNCS, vol. 7293, pp. 467–484. Springer, Heidelberg (2012)
Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: Generic compilers for authenticated key exchange. In: Abe, M. (ed.) ASIACRYPT 2010. LNCS, vol. 6477, pp. 232–249. Springer, Heidelberg (2010)
Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 273–293. Springer, Heidelberg (2012)
Kim, M., Fujioka, A., Ustaoğlu, B.: Strongly secure authenticated key exchange without NAXOS’ approach. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 174–191. Springer, Heidelberg (2009)
Krawczyk, H.: HMQV: a high-performance secure Diffie-Hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
LaMacchia, B.A., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)
Menezes, A., Ustaoglu, B.: Comparing the pre- and post-specified peer models for key agreement. In: Mu, Y., Susilo, W., Seberry, J. (eds.) ACISP 2008. LNCS, vol. 5107, pp. 53–68. Springer, Heidelberg (2008)
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A new security model for authenticated key agreement. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 219–234. Springer, Heidelberg (2010)
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A secure and efficient authenticated Diffie-Hellman protocol. In: Proceedings of the 6th European Conference on Public Key Infrastructures, Services and Applications, EuroPKI’09, pp. 83–98. Springer, Heidelberg (2010)
Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (h)mqv and naxos. Des. Codes Crypt. 46(3), 329–342 (2008)
Ustaoglu, B.: Comparing SessionStateReveal and EphemeralKeyReveal for Diffie-Hellmanp protocols. In: Pieprzyk, J., Zhang, F. (eds.) ProvSec 2009. LNCS, vol. 5848, pp. 183–197. Springer, Heidelberg (2009)
Yang, Z.: Efficient eCK-secure authenticated key exchange protocols in the standard model. In: Qing, S., Zhou, J., Liu, D. (eds.) ICICS 2013. LNCS, vol. 8233, pp. 185–193. Springer, Heidelberg (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Proof of Theorem 1
Proof of Theorem 1
We prove Theorem 1 in two stages. First, we show that the AKE protocol is a secure authentication protocol except for probability \(\epsilon _{auth}\), that is, the protocol fulfils security property 1.) of the AKE definition. In the next step, we show that the session key of the AKE protocol is secure except for probability \(\epsilon _{ind}\) in the sense of the Property 2.) of the AKE definition. Then we have the overall probability \(\epsilon \) that adversary breaking the protocol is at most \(\epsilon \le \epsilon _{auth} +\epsilon _{ind}\).
Lemma 1
If the protocol \(\varPi \) is \((t,\epsilon _{\mathsf {eCK}})\)-eCK-secure, the pseudo-random function family \(\mathsf {PRF}\) is \((q_{prf},t,\epsilon _{\mathsf {PRF}})\)-secure and the MAC scheme is (\(q_{mac},t,\epsilon _{\mathsf {MAC}}\))-secure, then the above protocol meets the security Property 1.) of the eCK-A security definition except for probability with
where all quantities are as the same as stated in the Theorem 1.
Proof
Let \(\mathsf {S}^{1}_\delta \) be the event that (i) there exists oracle \(\pi ^{s^*}_i\) reaches internal state \(\varPhi ^{s^*}_i= \mathtt {accept} \) with intended communication partner \(\mathsf {ID}_j\), but (ii) there is no oracle \(\pi ^t_j\) such that \(\pi ^{s^*}_i\) has a matching session to \(\pi ^t_j\), in Game \(\delta \).
Game 0. This is the original security game. We have that
Game 1. In this game, the challenger proceeds exactly like previous game, except that we add a abortion rule. The challenger raises event \(\mathsf {abort}_\mathsf {trans} \) and aborts, if during the simulation either the message \(m_{\mathsf {ID}}\) replied by an oracle \(\pi ^s_i\) but it has been sample by another oracle \(\pi ^w_u\) or sent by adversary before. Since there are \(d\ell \) such values would be sampled randomly. We claim that the event \(\mathsf {abort}_\mathsf {trans} \) occurs with probability \(\Pr [\mathsf {abort}_\mathsf {trans} ] \le \epsilon _{\mathsf {eCK}}\). We elaborate the proof as follows. Please first recall that if the under-attacked oracle \(\pi ^{s^*}_i\) (generating message \(m^{s^*}_{\mathsf {ID}_i}\)) is fresh then the adversary is not allowed to issue both \(\mathsf {Corrupt}(\mathsf {ID}_i)\) and \(\mathsf {RevealState}(\pi ^{s^*}_i)\), as otherwise the security is trivially broken. However, consider the case that there is another oracle \(\pi ^v_w\) generate the same message as \(\pi ^{s^*}_i\) then the adversary can issue \(\mathsf {RevealState}(\pi ^v_w)\) to learn the states of \(\pi ^{s^*}_i\). At the same time that the adversary can ask \(\mathsf {Corrupt}(\mathsf {ID}_i)\) to learn \(sk_{\mathsf {ID}_i}\). Then the adversary to compute the session key of \(\pi ^{s^*}_i\) with both ephemeral and long-term secrets of test session. Furthermore, the probability that the collisions among the messages generated by \(\mathsf {TMAKE.MF}\) in either protocol \(\varPi \) or \(\mathsf {MAC} (\varPi )\) is the same. The security of \(\varPi \) in the eCK model, implies the collision probability among outgoing messages is negligible. We therefore have that
Game 2. This game proceeds exactly as the previous game but the challenger aborts if it fails to guess the under attacked oracle \(\pi ^{s^*}_i\). Since there are \(\ell \) honest parties and \(d\) oracles for each party, the probability that the adversary guesses correctly is at least \(1/(d\ell )\). Thus we have that
Game 3. In this game, the challenger proceeds exactly like previous game, except that we replace the intermediate key \(K^*\) of oracle \(\pi ^{s^*}_i\) with a random value \(\widetilde{K^*}\). If the adversary can distinguish this game from previous game, then it must be able to break the eCK security of protocol \(\varPi \). We therefore have that
Game 4. In this game, we change function \(\mathsf {PRF}(K^*,\)“SKeys”\()\) for the test oracle and its partner oracle with a truly random function. We make use of the fact, that the secret seed of the \(\mathsf {PRF}\)s of test oracle is a truly random value due to the modification in previous game. If there exists a polynomial time adversary \(\mathcal {A} \) can distinguish the Game \(4\) from Game \(3\). Then we can construct an algorithm \(\mathcal {B}\) using \(\mathcal {A} \) to break the security of \(\mathsf {PRF}\). Exploiting the security of \(\mathsf {PRF}\), we have that
Game 5. This game proceeds exactly like the previous game except that the challenger aborts if the eCK-A-fresh oracle \(\pi ^{s^*}_i\) accepts a confirmation message \(KC^{s^*}_j\) but it has not been sent by any oracle of its intended partner \(\mathsf {ID}_j\). In this game, the eCK-A-fresh \(\pi ^{s^*}_i\) accepts if and only if it has a unique partner oracle. Thus no adversary can break authentication property, and we have \(\Pr [\mathsf {S}^{1}_{5}] = 0\). Applying the security of \(\mathsf {MAC} \) we have that
Put altogether advantages of adversary in each game, we proved this lemma.
Lemma 2
If the protocol \(\varPi \) is \((t,\epsilon _{\mathsf {eCK}})\)-eCK-secure, the pseudo-random function family \(\mathsf {PRF}\) is \((q_{prf},t,\epsilon _{\mathsf {PRF}})\)-secure and the MAC scheme is (\(q_{mac},t,\epsilon _{\mathsf {MAC}}\))-secure, then the above protocol meets the security Property 2.) of the eCK-A security definition except for probability with
where all quantities are as the same as stated in the Theorem 1.
Proof
It is straightforward to verify that two accepted oracles (of considered protocol) having matching sessions would generate the same session key. Since a correct eCK protocol must also be eCK-A protocol. In the sequel, we wish to show that the adversary is unable to distinguish random value from the session key of any \(\mathsf {eCK\text {-}A\text {-}fresh}\) oracle. In the following, we use the superscript \(`\)*’ to highlight corresponding values processed in test oracle \(\pi ^{s^*}_{i}\) which has intended communication partner \(\mathsf {ID}_j\).
Let \(\pi ^s_i\) be an accepted oracle with intended partner \(\mathsf {ID}_j\). Let \(\pi ^t_j\) be an oracle (if it exists) with intended partner \(\mathsf {ID}_i\), such that \(\pi ^s_i\) has a matching session to \(\pi ^t_j\). Let \(\pi ^t_j\) be an oracle (if it exists), such that \(\pi ^t_j\) has a origin session to \(\pi ^s_i\). Besides the freshness restrictions of test oracle concerning \(\mathsf {RevealKey}\) and \(\mathsf {RegisterDishonest}\) queries, if the adversary breaks the indistinguishability security property of considered protocol, then at least one of the fresh cases related to \(\mathsf {RevealState}\) query and \(\mathsf {Corrupt}\) query in the following might occur in terms of the Definition 3: (i) if \(\pi ^t_j\) exists, \(\mathcal {A} \) did not query \(\mathsf {RevealState}(\pi ^{s}_{i})\) nor \(\mathsf {RevealState}(\pi ^t_j)\); (ii) if \(\pi ^t_j\) exists, \(\mathcal {A} \) did not query \(\mathsf {Corrupt}(\mathsf {ID}_i)\) nor \(\mathsf {RevealState}(\pi ^t_j)\); (iii) if \(\pi ^t_j\) exists, \(\mathcal {A} \) did not query \(\mathsf {Corrupt}(\mathsf {ID}_i)\) nor \(\mathsf {Corrupt}(\mathsf {ID}_j)\); (iv) if \(\pi ^t_j\) exists, \(\mathcal {A} \) did not query \(\mathsf {RevealState}(\pi ^{s}_{i})\) nor \(\mathsf {Corrupt}(\mathsf {ID}_j)\); (v) if \(\pi ^t_j\) does not exist, \(\mathcal {A} \) did not query \(\mathsf {Corrupt}(\mathsf {ID}_i)\) nor \(\mathsf {Corrupt}(\mathsf {ID}_j)\) prior to \(\varPhi ^s_i = \mathtt {accept} \); (vi) if \(\pi ^t_j\) does not exist, \(\mathcal {A} \) did not query \(\mathsf {RevealState}(\pi ^{s}_{i})\) nor \(\mathsf {Corrupt}(\mathsf {ID}_j)\) prior to \(\varPhi ^s_i = \mathtt {accept} \).
Let \(\mathsf {S}^{}_{\delta }\) be the event that the adversary wins the security experiment under the Game \(\delta \) and one of the above freshness cases. Let \(\mathsf {Adv}_\delta := \Pr [\mathsf {S}^{}_{\delta }] - 1/2\) denote the advantage of \(\mathcal {A} \) in Game \({\delta }\). We consider the following sequence of games.
Game 0. This is the original eCK-A security game with adversary \(\mathcal {A} \). Thus we have that
Game 1. The challenger in this game proceeds as before, but it aborts if the test oracle accepts without unique partner oracle. Thus we have
where \(\epsilon _\mathsf {auth}\) is an upper bound on the probability that there exists an oracle that accepts without unique partner oracle in the sense of Definition 4 (cf. Lemma 1). We have now excluded active adversaries between test oracle and its partner oracle.
Game 2. This game is similar to the previous game. However, the challenger \(\mathcal {C}\) now guesses the test oracle \(\pi ^{s^*}_i\). \(\mathcal {C}\) aborts if its guess is not correct. Thus we have that
We are now in a game where both oracles accept and the adversary cannot make active attacks.
Game 3. This game is proceeded as previous game, but the challenger \({\mathcal {C}}\) replaces the session key of test oracle and its partner oracle with a uniform random value. If there exists an adversary \(\mathcal {A} \) can distinguish the Game \({3}\) from Game \({2}\) then we can use it to construct an adversary \({\mathcal {B}}\) to break the eCK-security of \(\varPi \).
Intuitively, the security reduction from eCK-A to eCK is possible in this game, since both \(\mathsf {eCK\text {-}A\text {-}fresh}\) and \(\mathsf {eCK\text {-}fresh}\) encompass freshness cases when the test oracle has matching session. Let \({\mathcal {B}}\) be an adversary which interacts with an eCK-challenger \({\mathcal {C}}\) and tries to breaks the eCK security of \(\varPi \) in the eCK security game. \({\mathcal {B}}\) runs \({\mathcal {A}}\) (who is a successful eCK-A attacker) as subroutine and simulates the challenger for \({\mathcal {A}}\) as previous game. For every oracle \(\{\pi ^s_i: i\in [\ell ],s \in [d]\}\) simulated by \({\mathcal {C}}\), \({\mathcal {B}}\) keeps a corresponding dummy oracle \(\pi ^{s'}_i\) and the adversary \(\mathcal {A} \) is able to interacts with those dummy oracles simulated by \({\mathcal {B}}\). Specifically, a dummy oracle proceeds as following:
-
For any \(\mathsf {Send}(\pi ^{s'}_i,m)\) query from \(\mathcal {A} \), if \(m\) belongs to original \(\varPi \) then \({\mathcal {B}}\) then \({\mathcal {B}}\) just issues \(m^* \leftarrow \mathsf {Send}(\pi ^s_i,m)\) and return \(m^*\) to \(\mathcal {A} \). Meanwhile if \(\pi ^s_i\) terminate with acceptance and \(\pi ^s_i\) is not guessed as under attacked oracle or its partner oracle, then \({\mathcal {B}}\) asks \(\mathsf {RevealKey}(\pi ^s_i)\) to learn corresponding key material to generate the MAC key and corresponding key confirmation message. If \(\pi ^s_i\) is guessed under attacked oracle or its partner oracle, then \(\mathcal {B}\) just uses a random key material to compute MAC key and corresponding key confirmation message. All generated key confirmation messages are returned to adversary.
-
For any \(\mathsf {Corrupt}(\mathsf {ID}_i)\) (\(i \in [\ell ]\)) query, \({\mathcal {B}}\) asks \(\mathsf {Corrupt}(\mathsf {ID}_i)\) to \({\mathcal {C}}\) to obtain \(sk_{\mathsf {ID}_i}\) and returns it to \(\mathcal {A} \).
-
For any other oracles queries on \(\pi ^{s'}_i\) (including \(\mathsf {Test}\) query), \({\mathcal {B}}\) just asks corresponding oracles queries on \(\pi ^s_i\) to \({\mathcal {C}}\) and returns the results to \({\mathcal {A}}\).
So that \({\mathcal {B}}\) is able to perfectly simulate the environment for \(\mathcal {A} \). If the session key returned by \(\mathsf {Test}\) query is a true key, then the simulation is exactly the same as previous game, otherwise it is equivalent to this game. Finally, \({\mathcal {B}}\) returns what \(\mathcal {A} \) returns to \(\mathcal {C}\). If \(\mathcal {A} \) wins the game with non-negligible probability, so does \({\mathcal {B}}\). Thus we have that
Game 4. In this game, we change function \(\mathsf {PRF}(K^*,\)“SKeys”\()\) for the test oracle and its partner oracle with a truly random function. We make use of the fact, that the secret seed of the \(\mathsf {PRF}\)s of test oracle is a truly random value due to the modification in previous game. So the security of \(\mathsf {PRF}\) ensures that
Note that in this game the session key returned by \(\mathsf {Test}\)-query is totally a truly random value which is independent to the bit \(b\) and any messages. Thus the advantage that the adversary wins this game is \(\mathsf {Adv}_4 = 0\).
In this game, the session key given to adversary is independent of the bit \(b\) of \(\mathsf {Test}\) query, thus \(\Pr [\mathsf {S}^{1}_4] =0\). Sum up the probabilities from Game 0 to Game 4, we proved this lemma.
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Yang, Z. (2014). Modelling Simultaneous Mutual Authentication for Authenticated Key Exchange. In: Danger, J., Debbabi, M., Marion, JY., Garcia-Alfaro, J., Zincir Heywood, N. (eds) Foundations and Practice of Security. FPS 2013. Lecture Notes in Computer Science(), vol 8352. Springer, Cham. https://doi.org/10.1007/978-3-319-05302-8_4
Download citation
DOI: https://doi.org/10.1007/978-3-319-05302-8_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-05301-1
Online ISBN: 978-3-319-05302-8
eBook Packages: Computer ScienceComputer Science (R0)