Efficient and Leakage-Resilient Authenticated Key Transport Protocol Based on RSA
نویسندگان
چکیده
In this paper, we prove the security of the RSA-AKE protocol [9] in the random oracle model. The proof states that the RSA-AKE protocol is secure against an adversary who gets the client’s stored secret or the server’s RSA private key. To our best knowledge, the RSA-AKE protocol is the most efficient among their kinds (i.e., RSA and password based AKE protocols). The other security properties and efficiency measurements of the RSA-AKE protocol remain the same as in [9]. 1 The protocol is the same as [9], but we corrected the security proof partially. The attacks appeared in [10] are no longer available in the proof since the adversary has access to either the client’s stored secret or the server’s private key, not both of them.
منابع مشابه
Weaknesses in a leakage-resilient authenticated key transport protocol
In this paper we demonstrate the existence of a number of weaknesses in a leakage-resilient authenticated key transport (RSA-AKE) protocol due to Shin, Kobara and Imai.
متن کاملAn Efficient and Leakage-Resilient RSA-Based Authenticated Key Exchange Protocol with Tight Security Reduction
Both mutual authentication and generation of session keys can be accomplished by an authenticated key exchange (AKE) protocol. Let us consider the following situation: (1) a client, who communicates with many different servers, remembers only one password and has insecure devices (e.g., mobile phones or PDAs) with very-restricted computing power and built-in memory capacity; (2) the counterpart...
متن کاملNotes on weaknesses in a leakage-resilient authenticated key transport protocol
Tang et al., [1] have showed weaknesses in a leakage-resilient authenticated key transport (so-called RSA-AKE) protocol [2] and then proposed an enhanced protocol. The objective of this paper is two-fold. First, we clarify some ambiguities that may cause misunderstandings on the RSA-AKE protocol by [1]. Second, we show that Tang’s protocol is insecure against a weaker adversary who gets the cli...
متن کاملStrongly Leakage-Resilient Authenticated Key Exchange
Authenticated Key Exchange (AKE) protocols have been widely deployed in many real-world applications for securing communication channels. In this paper, we make the following contributions. First, we revisit the security modelling of leakage-resilient AKE protocols, and show that the existing models either impose some unnatural restrictions or do not sufficiently capture leakage attacks in real...
متن کاملNew Approach to Practical Leakage-Resilient Public-Key Cryptography
We present a new approach to construct several leakage-resilient cryptographic primitives, including leakage-resilient public-key encryption (PKE) schemes, authenticated key exchange (AKE) protocols and low-latency key exchange (LLKE) protocols. To this end, we introduce a new primitive called leakage-resilient non-interactive key exchange (LR-NIKE) protocol. We introduce a generic security mod...
متن کامل