Abstract
Key establishment protocols are among the most important security mechanisms via which two or more parties can encrypt their communications over an insecure network. This paper is concerned with the vulnerability of one-pass two-party key establishment protocols to key-compromise impersonation (K-CI) attacks. The latter may occur once an adversary has obtained the long-term private key of an honest party, and represent a serious — but often underestimated — threat, because a successful impersonation attack may result in far greater harm than the reading of past and future conversations. Our aim is to describe two main classes of K-CI attacks that can be mounted against all of the best-known one-pass protocols, including MQV and HMQV. We show that one of the attacks described can be somewhat avoided (though not completely eliminated) through the combined use of digital signatures and time-stamps; however, there still remains a class of K-CI threats for which there is no obvious solution.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ankney, R., Johnson, D., Matyas, M.: The Unified Model. In: Contribution to X9F1 (1995)
ANSI-X9.42, Agreement of symmetric algorithm keys using Diffie-Hellman. In: Working Draft (1998)
ANSI-X9.63, Elliptic curve key agreement and key transport protocols. In: Working Draft (1998)
Barreto, P.S.L.M., Kim, H.Y., Lynn, B., Scott, M.: Efficient Algorithms for Pairing-Based Cryptosystems. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 354–368. Springer, Heidelberg (2002)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 139–155. Springer, Heidelberg (2000)
Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., Yung, M.: Systematic design of two-party authentication protocols. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 44–61. Springer, Heidelberg (1992)
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)
Blake-Wilson, S., Menezes, A.: Authenticated Diffie-Hellman key agreement protocols. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 339–361. Springer, Heidelberg (1999)
Boneh, D., Boyen, X., Goh, E.-J.: Hierarchical Identity Based Encryption with Constant Size Ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)
Boyd, C., Mao, W., Paterson, K.-G.: Key agreement using statically keyed authenticators. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 248–262. Springer, Heidelberg (2004)
Chalkias, K., Mpaldimtsi, F., Hristu-Varsakelis, D., Stephanides, G.: On the Key-Compromise Impersonation vulnerability of One-pass key establishment protocols. In: International Conference on Security and Cryptography - SECRYPT 2007, pp. 222–228 (2007)
Chalkias, K., Halkidis, S.T., Hristu-Varsakelis, D., Stephanides, G., Alexiadis, A.: A Provably Secure One-Pass Two-Party Key Establishment Protocol. In: 3rd International SKLOIS Conference on Information Security and Cryptology - Inscrypt 2007, pp. 105–119 (2007)
Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)
Goss, K.-C.: Cryptographic method and apparatus for public key exchange with authentication. In: U.S. Patent 4956865 (1990)
IEEE-1363. Standard specifications for public key cryptography-Draft 13. In: IEEE P1363 (November 1999) (1998)
Jeong, I., Katz, J., Lee, D.: One-round protocols for two-party authenticated key exchange. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 220–232. Springer, Heidelberg (2004)
Kaliski, B.: An unknown key share attack on the mqv key agreement protocol. In: ACM Transactions on Information and System Security, pp. 36–49. Springer, Heidelberg (2001)
Katz, J., Ostrovsky, R., Yung, M.: Forward secrecy in password-only key exchange protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 29–44. Springer, Heidelberg (2002)
Krawczyk, H.: Hmqv: A high-performance secure diffie- hellman protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
Kwon, T.: Authentication and key agreement via memorable password. In: Proceedings of NDSS 2001 Symposium Conference(2001)
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange, http://citeseer.ist.psu.edu/lamacchia06stronger.html
Lauter, K., Mityagin, A.: Authentication and key agreement via memorable password. In: Proceedings of NDSS 2001 Symposium Conference (2001)
Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Technical report CORR 98-05, University of Waterloo (1998)
Lu, R., Cao, Z., Su, R., Shao, J.: Pairing-based two-party authenticated key agreement protocol (2005), http://eprint.iacr.org/2005/354
Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key distribution systems. In: Transactions of the IECE of Japan, E69, pp. 99–106 (1986)
Menezes, A.: Another look at HMQV. Cryptology ePrint Archive, Report 2005/205 (2005)
Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
NIST, SKIPJACK and KEA algorithm specification. Version 2.0, May 29, 1998 (1998), http://csrc.nist.gov/encryption/skipjack-kea.htm
Oh, S., Kwak, J., Lee, S., Won, D.: Security analysis and applications of standard key agreement protocols. In: Kumar, V., Gavrilova, M.L., Tan, C.J.K., L’Ecuyer, P. (eds.) ICCSA 2003. LNCS, vol. 2668, pp. 191–200. Springer, Heidelberg (2003)
Strangio, M.-A.: On the resilience of key agreement protocols to key compromise impersonation. In: Atzeni, A.S., Lioy, A. (eds.) EuroPKI 2006. LNCS, vol. 4043, pp. 233–247. Springer, Heidelberg (2006)
Ustaoglu, B.: Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS. In: Cryptology ePrint Archive, Report 123,2007 (2007), http://eprint.iacr.org/2007/123
Zhu, R.W., Tian, X., Wong, D.S.: Enhancing ck-model for key compromise impersonation resilience and identity-based key exchange. Cryptology ePrint Archive, Report 2005/455 (2005), http://eprint.iacr.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chalkias, K., Baldimtsi, F., Hristu-Varsakelis, D., Stephanides, G. (2008). Two Types of Key-Compromise Impersonation Attacks against One-Pass Key Establishment Protocols. In: Filipe, J., Obaidat, M.S. (eds) E-business and Telecommunications. ICETE 2007. Communications in Computer and Information Science, vol 23. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-88653-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-88653-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-88652-5
Online ISBN: 978-3-540-88653-2
eBook Packages: Computer ScienceComputer Science (R0)