STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Efficient and Non-interactive Non-malleable Commitment
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks
Proceedings of the 7th International Workshop on Security Protocols
Secure Device Pairing based on a Visual Channel (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Loud and Clear: Human-Verifiable Authentication Based on Audio
ICDCS '06 Proceedings of the 26th IEEE International Conference on Distributed Computing Systems
Stateful public-key cryptosystems: how to encrypt with one 160-bit exponentiation
Proceedings of the 13th ACM conference on Computer and communications security
Simple and effective defense against evil twin access points
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Blink 'Em All: Scalable, User-Friendly and Secure Initialization of Wireless Sensor Nodes
CANS '09 Proceedings of the 8th International Conference on Cryptology and Network Security
Efficient device pairing using "Human-comparable" synchronized audiovisual patterns
ACNS'08 Proceedings of the 6th international conference on Applied cryptography and network security
An optimal non-interactive message authentication protocol
CT-RSA'06 Proceedings of the 2006 The Cryptographers' Track at the RSA conference on Topics in Cryptology
Secure communications over insecure channels based on short authenticated strings
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
SAS-Based authenticated key agreement
PKC'06 Proceedings of the 9th international conference on Theory and Practice of Public-Key Cryptography
Efficient mutual data authentication using manually authenticated strings
CANS'06 Proceedings of the 5th international conference on Cryptology and Network Security
Hi-index | 0.00 |
Serge Vaudenay [20] introduced a notion of Message Authentication (MA) protocols in the Short Authenticated String (SAS) model. A SAS-MA protocol authenticates arbitrarily long messages sent over insecure channels as long as the sender and the receiver can additionally send a very short, e.g. 20 bit, authenticated message to each other. The main practical application of a SAS-MA protocol is Authenticated Key Agreement (AKA) in this communication model, i.e. SAS-AKA, which can be used for so-called "pairing" of wireless devices. Subsequent work [9,12,10] showed three-round SAS-AKA protocols. However, the Diffie-Hellman (DH) based SAS-AKA protocol of [10] requires choosing fresh DH exponents in each protocol instance, while the generic SAS-AKA construction given by [12] applies only to AKA protocols which have no shared state between protocol sessions. Therefore, both prior works exclude the most efficient, although not perfect-forward-secret, AKA protocols that re-use private keys (for encryption-based AKAs) or DH exponents (for DH-based AKAs) across multiple protocol sessions. In this paper, we propose a novel three-round encryption-based SAS-AKA protocol, using non-malleable commitments and CCA-secure encryption as tools, which we show secure (but without perfect-forward secrecy) if each player reuses its private/public key across protocol sessions. The cost of this protocol is dominated by a single public key encryption for one party and a decryption for the other, assuming the Random Oracle Model (ROM). When implemented with RSA encryption the new SAS-AKA protocol is especially attractive if the two devices being paired have asymmetric computational power (e.g., a desktop and a keyboard).