Beyond Secret Handshakes: Affiliation-Hiding Authenticated Key Exchange
نویسندگان
چکیده
Public key based authentication and key exchange protocols are not usually designed with privacy in mind and thus involve cleartext exchanges of identities and certificates before actual authentication. In contrast, an AffiliationHiding Authentication Protocol, also called a Secret Handshake, allows two parties with certificates issued by the same organization to authenticate each other in a private way. Namely, one party can prove to the other that it has a valid organizational certificate, yet this proof hides the identity of the issuing organization unless the other party also has a valid certificate from the same organization. We consider a very strong notion of Secret Handshakes, namely Affiliation-Hiding Authenticated Key Exchange protocols (AH-AKE), which guarantee security under arbitrary composition of protocol sessions, including man-in-the-middle attacks. The contribution of our paper is three-fold: First, we extend existing notions of AH-AKE security to Perfect Forward Secrecy (PFS), which guarantees session security even if its participants are later corrupted or any other sessions are compromised. Second, in parallel to PFS security, we specify the exact level of privacy protection, which we call Linkable Affiliation-Hiding (LAH), that an AH-AKE protocol can provide in the face of player corruptions and session compromises. Third, we show an AH-AKE protocol that achieves both PFS and LAH properties, under the RSA assumption in ROM, at minimal costs of 3 communication rounds and two (multi)exponentiations per player.
منابع مشابه
Taming Big Brother Ambitions: More Privacy for Secret Handshakes
In Secret Handshakes (SH) and Affiliation-Hiding Authenticated Key Exchange (AH-AKE) schemes, users become group members by registering with Group Authorities (GAs) and obtaining membership credentials. Group members then use their membership credentials to privately authenticate each other and communicate securely. The distinguishing privacy property of SH and AH-AKE is that parties learn each...
متن کاملCryptanalysis of Efficient Unlinkable Secret Handshakes for Anonymous Communications
Several unlinkable secret handshakes schemes have been proposed in recent years. As performing the successful secret handshakes is essentially equivalent to computing a common key between two interactive members of the same group. Therefore secret handshakes scheme is a key agreement protocol between two members of the same group. So it is necessary for a secret handshakes scheme to fulfill sec...
متن کاملGroup Secret Handshakes Or Affiliation-Hiding Authenticated Group Key Agreement
Privacy concerns in many aspects of electronic communication trigger the need to re-examine – with privacy in mind – familiar security services, such as authentication and key agreement. An Affiliation-Hiding Group Key Agreement (AH-AGKA) protocol (also known as Group Secret Handshake) allows a set of participants, each with a certificate issued by the same authority, to establish a common auth...
متن کاملSecret Handshakes based on Shortened Versions of DSS
Balfanz et al. in 2003 introduced secret handshakes as mechanisms designed to prove group membership and share a secret key between two fellow group members. A secret handshake protocol allows two users to mutually verify another’s authenticity without revealing their own identity. In a secret handshake Verification if the verification succeeds the users may compute a common shared key for furt...
متن کاملA New Unlinkable Secret Handshakes Scheme Based on Zss
Secret handshakes (SH) scheme is a key agreement protocol between two members of the same group. Under this scheme two members share a common key if and only if they both belong to the same group. If the protocol fails none of the parties involved get any idea about the group affiliation of the other. Moreover if the transcript of communication is available to a third party, she/he does not get...
متن کامل