Enhancing CK-Model for Key Compromise Impersonation Resilience and Identity-based Key Exchange
نویسندگان
چکیده
In 2001, Canetti and Krawczyk proposed a security model (CKmodel) for authentication protocols. They also gave an indistinguishabilitybased definition for key exchange protocols. Since then the model has almost exclusively been used for analyzing key exchange protocols, although it can be applied to authentication protocols in general. The model not only captures a large class of attacks but also provides a modular approach to the design of authentication protocols. However, the model does not capture the property of Key Compromise Impersonation (KCI) Resilience. Until now, analysis concerning this property has mostly been done heuristically and restricted to key exchange protocols only. Previous attempts on formalizing KCI have mostly been done in some ad hoc manner and additional proofs have to be given specifically for the security of KCI resilience. In this paper, we propose an extension to the CK-model, which allows, for the first time, the KCI attacks to be considered in authentication protocols in general, rather than restricted to key exchange protocols, and no more additional proofs are required specifically for KCI security. With the revival of interest in identity-based (ID-based) cryptography, there have been many new ID-based key exchange protocols proposed. Despite the fact that some of them have been proven in some restricted versions of a model proposed by Bellare and Rogaway in 1993 and some others have been proven in the original CK-model, there is no rigorous model specifically for ID-based key exchange security. In particular, forward secrecy against compromised Key Generation Server (KGS-FS) has never been captured even though this notion is more important and stronger than the perfect forward secrecy in ID-based key exchange. For this, we further extend our model to ID-based setting and capture the property of KGS-FS for ID-based key exchange security.
منابع مشابه
A Suite of Enhanced Security Models for Key Compromise Impersonation Resilience and ID-based Key Exchange
Canetti and Krawczyk proposed a security model (CK-model) for authentication and key exchange protocols in 2001 based on a modeling approach proposed by Bellare et al. in 1998. The model not only reasonably captures the power of practical attackers but also provides a modular approach to the design of secure key exchange protocols. However, the model does not capture the property of Key Comprom...
متن کاملEfficient, Pairing-Free, One Round Attribute-Based Authenticated Key Exchange
In this paper, we present a single round two-party attribute-based authenticated key exchange protocol. Since pairing is a costly operation and the composite order groups must be very large to ensure security, we focus on pairing free protocols in prime order groups. We propose a new protocol that is pairing free, working in prime order group and having tight reduction to Strong Diffie Hellman ...
متن کاملA Constant Time, Single Round Attribute-Based Authenticated Key Exchange in Random Oracle Model
In this paper, we present a single round two-party attributebased authenticated key exchange (ABAKE) protocol in the framework of ciphertext-policy attribute-based systems. Since pairing is a costly operation and the composite order groups must be very large to ensure security, we focus on pairing free protocols in prime order groups. The proposed protocol is pairing free, working in prime orde...
متن کاملStrongly Secure Authenticated Key Exchange from Factoring, Codes, and Lattices
An unresolved problem in research on authenticated key exchange (AKE) is to construct a secure protocol against advanced attacks such as key compromise impersonation and maximal exposure attacks without relying on random oracles. HMQV, a state of the art AKE protocol, achieves both efficiency and the strong security model proposed by Krawczyk (we call it the CK model), which includes resistance...
متن کاملA Constant Time, Single Round, Attribute-Based Authenticated Key Exchange in Random Oracle Model
In this paper, we present a single round two-party attributebased authenticated key exchange (ABAKE) protocol in the framework of ciphertext-policy attribute-based systems. Since pairing is a costly operation and the composite order groups must be very large to ensure security, we focus on pairing free protocols in prime order groups. The proposed protocol is pairing free, working in prime orde...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2005 شماره
صفحات -
تاریخ انتشار 2005