Abstract
The paper considers the following situation: as a result of interaction under the authenticated key establishment protocol, the parties successfully establish a common key and correctly authenticate each other, but they obtain identical roles, i.e. both parties believe that they are initiators (or responders). The requirement to setup different roles was presented in well-known papers dedicated to the analysis of cryptographic properties of such protocols, but was of a technical nature. In the current paper, examples that show how application-layer information system can be negatively affected by the setup of identical roles are given. Thus this situation should be considered as a threat to authenticated key establishment protocols. The paper contains examples of attacks realizing this threat for the HMQV and SIGMA protocols, as well as two methods of modifying such protocols to protect them against this threat.
Similar content being viewed by others
Data availability
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
References
Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) Advances in Cryptology—CRYPTO’ 93. Lecture Notes in Computer Science, vol. 773, pp. 232–249. Springer, Berlin, Heidelberg (1994)
Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Preneel, B. (ed.) Advances in Cryptology—EUROCRYPT 2000. Lecture Notes in Computer Science, vol. 1807, pp. 139–155. Springer, Berlin, Heidelberg (2000)
Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Pfitzmann, B. (ed.) Advances in Cryptology—EUROCRYPT 2001. Lecture Notes in Computer Science, vol. 2045, pp. 453–474. Springer, Berlin, Heidelberg (2001)
Kobara, K., Shin, S., Strefler, M.: Partnership in key exchange protocols. Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS’09), 161–170 (2009)
Jeong, I.R., Katz, J., Lee, D.H.: One-Round Protocols for Two-Party Authenticated Key Exchange. https://www.cs.umd.edu/~jkatz/papers/1round_AKE.pdf (2008)
Ninet, T.: Formal verification of the Internet Key Exchange (IKEv2) security protocol. Universite de Rennes, Thesis (2020)
Lowe, G.: A hierarchy of authentication specifications. Proceedings of the 10th Computer Security Foundations Workshop, 31–43 (1997)
Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (2008)
Krawczyk, H.: Hmqv: a high-performance secure diffie-hellman protocol. In: Shoup, V. (ed.) Advances in Cryptology—CRYPTO 2005. Lecture Notes in Computer Science, vol. 3621, pp. 546–566. Springer, Berlin, Heidelberg (2005)
Matsumoto, T., Takashima, Y., Imai, H.: On seeking smart public-key-distribution systems. Trans. Inst. Electron. Commun. Eng. Jpn. 69(2), 99–106 (1986)
Krawczyk, H.: Sigma: the ‘sign-and-mac’ approach to authenticated diffie-hellman and its use in the ike protocols. In: Boneh, D. (ed.) Advances in Cryptology—CRYPTO 2003. Lecture Notes in Computer Science, vol. 2729, pp. 400–425. Springer, Berlin, Heidelberg (2003)
Seye, P.B., Sarr, A.P.: Enhanced modelling of authenticated key exchange security. In: Livraga, G., Mitchell, C. (eds.) Security and Trust Management. STM 2017. Lecture Notes in Computer Science, vol. 10547, pp. 36–52. Springer, Cham (2017)
Boyd, C., Mao, W., Paterson, K.G.: Key agreement using statically keyed authenticators. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) Applied Cryptography and Network Security. ACNS 2004. Lecture Notes in Computer Science, vol. 3089, pp. 248–262. Springer, Berlin, Heidelberg (2004)
Chen, L., Cheng, Z., Smart, N.P.: Identity-based key agreement protocols from pairings. Int. J. Inf. Secur. 6, 213–241 (2007)
Popescu, C.: A secure authenticated key agreement protocol. Proceedings of the 12th IEEE Mediterranean Electrotechnical Conference, 783–786 (2004)
Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Crytography and Coding. Cryptography and Coding 1997. Lecture Notes in Computer Science, vol. 1355, pp. 30–45. Springer, Berlin, Heidelberg (1997)
NIST: Skipjack and KEA Algorithm Specifications. https://csrc.nist.gov/CSRC/media//Projects/Cryptographic-Algorithm-Validation-Program/documents/skipjack/skipjack.pdf (1998)
Alekseev, E.K., Akhmetzyanova, L.R., Bozhko, A.A., Kutsenok, K.O., Kyazhin, S.N.: On adversary capabilities for attacks on a certain class of authenticated key establishment protocols. RusCrypto’ (2022) https://www.ruscrypto.ru/resource/archive/rc2022/files/02_alekseyev_akhmetzyanova_kutsenok_kyazhin.pdf (2022)
Acknowledgements
The authors thank Liliya Akhmetzyanova and Alexandra Babueva for their valuable comments.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no relevant financial or non-financial interests to disclose.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Alekseev, E., Kyazhin, S. & Smyshlyaev, S. The threat of forcing the identical roles for authenticated key establishment protocols. J Comput Virol Hack Tech 20, 225–230 (2024). https://doi.org/10.1007/s11416-023-00471-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11416-023-00471-4