Abstract
Blockchains and other public ledger structures promise a new way to create globally consistent event logs and other records. We make use of this consistency property to detect and prevent man-in-the-middle attacks in a key exchange such as Diffie-Hellman or ECDH. Essentially, the MitM attack creates an inconsistency in the world views of the two honest parties, and they can detect it with the help of the ledger. Thus, there is no need for prior knowledge or trusted third parties apart from the distributed ledger. To prevent impersonation attacks, we require user interaction. It appears that, in some applications, the required user interaction is reduced in comparison to other user-assisted key-exchange protocols.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Blockstack, December 2016. https://blockstack.org
Comodo fraud incident, January 2017. https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html
DigiNotar SSL certificate hack amounts to cyberwar, says expert, January 2017. https://www.theguardian.com/technology/2011/sep/05/diginotar-certificate-hack-cyberwar
Yahoo hack: 1bn accounts compromised by biggest data breach in history, January 2017. https://www.theguardian.com/technology/2016/dec/14/yahoo-hack-security-of-one-billion-accounts-breached
Alliance, Z., et al.: Zigbee Specification (2006)
Aura, T., Nikander, P., Leiwo, J.: DOS-resistant authentication with client puzzles. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds.) Security Protocols 2000. LNCS, vol. 2133, pp. 170–177. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44810-1_22
Barrdear, J., Kumhof, M.: The macroeconomics of central bank issued digital currencies (2016)
Basin, D., Cremers, C., Kim, T.H.J., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: attack resilient public-key infrastructure. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 382–393. ACM (2014)
Bellovin, S.M., Merritt, M.: Encrypted key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of the Computer Society Symposium on Research in Security and Privacy, pp. 72–84. IEEE (1992)
Blossom, E.: The VP1 protocol for voice privacy devices version 1.2 (1999)
Boyko, V., MacKenzie, P., Patel, S.: Provably secure password-authenticated key exchange using Diffie-Hellman. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 156–171. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-45539-6_12
Bui, T., Aura, T.: Application of public ledgers to revocation in distributed access control. https://arxiv.org/abs/1608.06592
Chase, M., Meiklejohn, S.: Transparency overlays and applications. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 168–179. ACM (2016)
Dierks, T.: The transport layer security (TLS) protocol version 1.2. RFC 5246 (2008)
Diffie, W., Van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Crypt. 2(2), 107–125 (1992)
Electronic Frontier Foundation: National security letters, July 2015. https://www.eff.org/issues/national-security-letters
Gehrmann, C., Mitchell, C.J., Nyberg, K.: Manual authentication for wireless devices. RSA Cryptobytes 7(1), 29–37 (2004)
Gellman, B.: The FBI’s secret scrutiny, July 2015. http://www.washingtonpost.com/wp-dyn/content/article/2005/11/05/AR2005110501366.html
Gupta, P., Shmatikov, V.: Security analysis of voice-over-IP protocols. In: Proceedings of the Computer Security Foundations Symposium, pp. 49–63. IEEE (2007)
Hao, F., Ryan, P.: J-PAKE: authenticated key exchange without PKI. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds.) Transactions on Computational Science XI. LNCS, vol. 6480, pp. 192–206. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-17697-5_10
IEEE Standards 802.11 WG, Part 11: Wireless LAN medium access control (MAC) and physical layer (PHY) specifications
IEEE Standards 802.15 1–2005, Part 15.1: Wireless medium access control (MAC) and physical layer (PHY) specifications for wireless personal area networks (WPANs) (2005)
Jablon, D.P.: Strong password-only authenticated key exchange. ACM SIGCOMM Comput. Commun. Rev. 26(5), 5–26 (1996)
Kalodner, H., Carlsten, M., Ellenbogen, P., Bonneau, J., Narayanan, A.: An empirical study of Namecoin and lessons for decentralized namespace design. In: Proceedings of the Workshop on the Economics of Information Security (WEIS) (2015)
Kim, T.H.J., Huang, L.S., Perring, A., Jackson, C., Gligor, V.: Accountable key infrastructure (AKI): a proposal for a public-key validation infrastructure. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 679–690 (2013)
Laur, S., Nyberg, K.: Efficient mutual data authentication using manually authenticated strings. In: Pointcheval, D., Mu, Y., Chen, K. (eds.) CANS 2006. LNCS, vol. 4301, pp. 90–107. Springer, Heidelberg (2006). https://doi.org/10.1007/11935070_6
Laurie, B., Langley, A., Kasper, E.: Certificate transparency. RFC 6962, IETF (2013)
Lichtblau, E.: Judge tells Apple to help unlock iPhone used by San Bernardino Gunman, July 2015. http://www.nytimes.com/2016/02/17/us/judge-tells-apple-to-help-unlock-san-bernardino-gunmans-iphone.html
Melara, M.S., Blankstein, A., Bonneau, J., Felten, E.W., Freedman, M.J.: CONIKS: Bringing key transparency to end users. In: Proceedings of the USENIX Security Symposium, pp. 383–398 (2015)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)
O’leary, D., D’agostino, V., Re, S.R., Burney, J., Hoffman, A.: Method and system for processing internet payments using the electronic funds transfer network, US Patent Application number 13/789,826 (2013)
Petraschek, M., Hoeher, T., Jung, O., Hlavacs, H., Gansterer, W.N.: Security and usability aspects of man-in-the-middle attacks on ZRTP. J. Univ. Comput. Sci. 14(5), 673–692 (2008)
Ryan, M.D.: Enhanced certificate transparency and end-to-end encrypted mail. In: Proceedings of the Network and Distributed System Security Symposium (2014)
Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5
Shin, L.: Canada has been experimenting with a digital fiat currency called CAD-COIN (2016), March 2017
Szalachowski, P., Chuat, L., Perrig, A.: PKI Safety Net (PKISN): addressing the too-big-to-be-revoked problem of the TLS ecosystem. In: 1st IEEE European Symposium on Security and Privacy (2016)
Szalachowski, P., Matsumoto, S., Perrig, A.: PoliCert: secure and flexible TLS certificate management. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pp. 406–417. ACM (2014)
Vaudenay, S.: Secure communications over insecure channels based on short authenticated strings. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 309–326. Springer, Heidelberg (2005). https://doi.org/10.1007/11535218_19
Wood, G.: Ethereum: A secure decentralised generalised transaction ledger. Ethereum Project Yellow Paper (2014)
Wu, T.D.: The secure remote password protocol. In: Proceedings of the Internet Society Symposium on Network and Distributed System Security, vol. 98, pp. 97–111 (1998)
Yu, J., Ryan, M., Cremers, C.: DECIM: detecting endpoint compromise in messaging. Technical report (2015)
Zimmermann, P., Johnston, A., Callas, J.: ZRTP: media path key agreement for unicast secure RTP. RFC 6189 (2011)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Bui, T., Aura, T. (2017). Key Exchange with the Help of a Public Ledger. In: Stajano, F., Anderson, J., Christianson, B., Matyáš, V. (eds) Security Protocols XXV. Security Protocols 2017. Lecture Notes in Computer Science(), vol 10476. Springer, Cham. https://doi.org/10.1007/978-3-319-71075-4_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-71075-4_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-71074-7
Online ISBN: 978-3-319-71075-4
eBook Packages: Computer ScienceComputer Science (R0)