A Study of Two-Party Certificateless Authenticated Key-Agreement Protocols

Authors:
Colleen Swanson;David Jao
Affiliations:
David R. Cheriton School of Computer Science,;Department of Combinatorics and Optimization, University of Waterloo, Waterloo, Canada N2L 3G1
Venue:
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Year:
2009

Citing 11
Cited 2

A Key Recovery Attack on Discrete Log-based Schemes Using a Prime Order Subgroupp

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard

Proceedings of the 2008 ACM symposium on Information, computer and communications security
A survey of certificateless encryption schemes and security models

International Journal of Information Security
The Uber-Assumption Family

Pairing '08 Proceedings of the 2nd international conference on Pairing-Based Cryptography
Key-Compromise Impersonation Attacks on Some Certificateless Key Agreement Protocols and Two Improved Protocols

ETCS '09 Proceedings of the 2009 First International Workshop on Education Technology and Computer Science - Volume 02
Strongly Secure Certificateless Key Agreement

Pairing '09 Proceedings of the 3rd International Conference Palo Alto on Pairing-Based Cryptography
Self-certified public keys

EUROCRYPT'91 Proceedings of the 10th annual international conference on Theory and application of cryptographic techniques
Stronger security of authenticated key exchange

ProvSec'07 Proceedings of the 1st international conference on Provable security
Certificateless authenticated two-party key agreement protocols

ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
CBE from CL-PKE: a generic construction and efficient schemes

PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
HMQV: a high-performance secure diffie-hellman protocol

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology

Toward pairing-free certificateless authenticated key exchanges

ISC'11 Proceedings of the 14th international conference on Information security
Provably secure certificateless one-way and two-party authenticated key agreement protocol

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We survey the set of all prior two-party certificateless key agreement protocols available in the literature at the time of this work. We find that all of the protocols exhibit vulnerabilities of varying severity, ranging from lack of resistance to leakage of ephemeral keys up to (in one case) a man-in-the-middle attack. Many of the protocols admit key-compromise impersonation attacks despite claiming security against such attacks. In order to describe our results rigorously, we introduce the first known formal security model for two-party authenticated certificateless key agreement protocols. Our model is based on the extended Canetti-Krawczyk model for traditional authenticated key exchange, except that we expand the range of allowable attacks to account for the increased flexibility of the attacker in the certificateless setting.