A Study of Two-Party Certificateless Authenticated Key-Agreement Protocols
نویسندگان
چکیده
We survey the set of all prior two-party certificateless key agreement protocols available in the literature at the time of this work. We find that all of the protocols exhibit vulnerabilities of varying severity, ranging from lack of resistance to leakage of ephemeral keys up to (in one case) a man-in-the-middle attack. Many of the protocols admit keycompromise impersonation attacks despite claiming security against such attacks. In order to describe our results rigorously, we introduce the first known formal security model for two-party authenticated certificateless key agreement protocols. Our model is based on the extended CanettiKrawczyk model for traditional authenticated key exchange, except that we expand the range of allowable attacks to account for the increased flexibility of the attacker in the certificateless setting.
منابع مشابه
An efficient certificateless two-party authenticated key agreement protocol
Due to avoiding the key escrow problem in the identity-based cryptosystem, certificateless public key cryptosystem (CLPKC) has received a significant attention. As an important part of the CLPKC, the certificateless authenticated key agreement (CLAKA) protocol also received considerable attention. Most CLAKA protocols are built from bilinear mappings on elliptic curves which need costly operati...
متن کاملCryptanalysis and improvement of two certificateless three-party authenticated key agreement protocols
Recently, two certificateless three-party authenticated key agreement protocols were proposed, and both protocols were claimed they can meet the desirable security properties including forward security, key compromise impersonation resistance and so on. Through cryptanalysis, we show that one neither meets forward security and key compromise impersonation resistance nor resists an attack by an ...
متن کاملSimulatable certificateless two-party authenticated key agreement protocol
Key agreement (KA) allows two or more users to negotiate a secret session key among them over an open network. Authenticated key agreement (AKA) is a KA protocol enhanced to prevent active attacks. AKA can be achieved using a public key infrastructure (PKI) or identity-based cryptography. However, the former suffers from a heavy certificate management burden while the latter is subject to the s...
متن کاملCertificateless Authenticated Two-Party Key Agreement Protocols
Certificateless public key cryptography (CL-PKC) was proposed to overcome the weaknesses of the public key infrastructure (PKI) and identity-based cryptography (ID-PKC). In PKI, certificates are used to provide the authenticity of public keys. However, a PKI faces many challenges in practice, such as the scalability of the infrastructure and certificate management (distribution, revocation, sto...
متن کاملA new two-round certificateless authenticated key agreement protocol without bilinear pairings
Certificateless public key cryptography (CLPKC), which can simplify the complex certificate management in the traditional public key cryptography and resolve the key escrow problem in identity-based cryptography, has been widely studied. As an important part of CLPKC, certificateless two-party authenticated key agreement (CTAKA) protocols have also received considerable attention. Recently, man...
متن کامل