Abstract
The Canetti–Krawczyk (CK) model remains widely used for the analysis of key agreement protocols. We recall the CK model, and its variant used for the analysis of the HMQV protocol, the CK\(_\text{HMQV}\) model; we recall also some of the limitations of these models. Next, we show that the (s)YZ protocols do not achieve their claimed CK\(_\text{HMQV}\) security. Furthermore, we show that they do not achieve their claimed computational fairness. Our attack suggests that no two–pass key establishment protocol can achieve this attribute. We show also that the Deniable Internet Key Exchange fails in authentication; this illustrates the inability of capturing some impersonation attacks in the CK model. Besides, we propose a secure, efficient, and deniable protocol, geared to the post peer specified model.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)
Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer (2003)
Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)
Choo, K.-K.R.: Refuting the Security Claims of Mathuria and Jain (2005) Key Agreement Protocols. International Journal of Network Security 7(1), 15–23 (2005)
Cremers C.: Formally and Practically Relating the CK, CK–HMQV, and eCK Security Models for Authenticated Key Exchange. Cryptology ePrint Archive, Report 2009/253 (2009)
Cremers, C.: Examining Indistinguishability–Based Security Models for Key Exchange Protocols: The case of CK, CK–HMQV, and eCK. In: Proc. of the 6th ACM Symposium on Information, Computer and Communications Security. ACM (2011)
Hao, F.: On Robust Key Agreement Based on Public Key Authentication. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 383–390. Springer, Heidelberg (2010)
Harkins D., Kaufman C., Kivinen T., Kent S., Perlman R.: Design Rationale for IKEv2. IPSec Working Group Internet Draft (2002), http://tools.ietf.org/html/draft-ietf-ipsec-ikev2-rationale-00
IEEE P1363: Draft Standard for Public Key Cryptography. IEEE (2009)
Krawczyk, H.: SIGMA: The ‘SIGn-and-MAc’ Approach to Authenticated Diffie-Hellman and Its Use in the IKE Protocols. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 400–425. Springer, Heidelberg (2003)
Krawczyk, H.: HMQV: A High-Performance Secure Diffie-Hellman Protocol. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 546–566. Springer, Heidelberg (2005)
Krawczyk H.: HMQV: A High Performance Secure Diffie–Hellman Protocol. Cryptology ePrint Archive, Report Report 2005/176 (2005)
LaMacchia, B., Lauter, K., Mityagin, A.: Stronger Security of Authenticated Key Exchange. In: Susilo, W., Liu, J.K., Mu, Y. (eds.) ProvSec 2007. LNCS, vol. 4784, pp. 1–16. Springer, Heidelberg (2007)
Maurer, U.M., Wolf, S.: Diffie-Hellman Oracles. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 268–282. Springer, Heidelberg (1996)
Menezes, A., Ustaoglu, B.: On the Importance of Public-Key Validation in the MQV and HMQV Key Agreement Protocols. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 133–147. Springer, Heidelberg (2006)
Menezes, A.: Another Look at HMQV. Journal of Mathematical Cryptology 1, 148–175 (2007)
Menezes, A., Ustaoglu, B.: Comparing the Pre– and Post–specified Peer Models for Key Agreement. International Journal of Applied Cryptography 1(3), 236–250 (2009)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press (1996)
Pointcheval, D., Stern, J.: Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology 13, 361–396 (2000)
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A Secure and Efficient Authenticated Diffie–Hellman Protocol. In: Martinelli, F., Preneel, B. (eds.) EuroPKI 2009. LNCS, vol. 6391, pp. 83–98. Springer, Heidelberg (2010)
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.C.: A Secure and Efficient Authenticated Diffie–Hellman Protocol (extended version). Cryptology ePrint Archive, Report 2009/408 (2009)
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.-C.: A New Security Model for Authenticated Key Agreement. In: Garay, J.A., De Prisco, R. (eds.) SCN 2010. LNCS, vol. 6280, pp. 219–234. Springer, Heidelberg (2010)
Sarr, A.P., Elbaz-Vincent, P., Bajard, J.C.: A New Security Model for Authenticated Key Agreement (extended version). Cryptology ePrint Archive, Report 2010/237 (2010)
Yao, A.C., Zhao, Y.: Method and Structure for Self–Sealed Joint Proof–of–Knowledge and Diffie-Hellman Key-Exchange Protocols. In: PCT 2009 (2009), http://www.wipo.int/patentscope/search/en/detail.jsf;jsessionid=C14F61855C476745B13CFDB74D848875.wapp2?docId=WO2009056048&recNum=1&tab=PCTDocuments&maxRec=&office=&prevFilter=&sortOption=&queryString= (accessed September 26, 2011)
Yao, A.C., Zhao, Y.: A New Family of Practical Non-Malleable Protocols. Cryptology ePrint Archive, Report 2011/035 (2011)
Yao, A.C., Zhao, Y.: A New Family of Practical Non-Malleable Protocols. CoRR abs/1105.1071 (2011)
Yao, A.C., Zhao, Y.: Deniable Internet Key Exchange. In: Zhou, J., Yung, M. (eds.) ACNS 2010. LNCS, vol. 6123, pp. 329–348. Springer, Heidelberg (2010)
Yoneyama, K., Zhao, Y.: Taxonomical Security Consideration of Authenticated Key Exchange Resilient to Intermediate Computation Leakage. In: Boyen, X., Chen, X. (eds.) ProvSec 2011. LNCS, vol. 6980, pp. 348–365. Springer, Heidelberg (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sarr, A.P., Elbaz–Vincent, P. (2012). A Complementary Analysis of the (s)YZ and DIKE Protocols. In: Mitrokotsa, A., Vaudenay, S. (eds) Progress in Cryptology - AFRICACRYPT 2012. AFRICACRYPT 2012. Lecture Notes in Computer Science, vol 7374. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31410-0_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-31410-0_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-31409-4
Online ISBN: 978-3-642-31410-0
eBook Packages: Computer ScienceComputer Science (R0)