Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK

Authors:
Cas Cremers
Affiliations:
ETH Zurich, Zurich, Switzerland
Venue:
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Year:
2011

Citing 20
Cited 7

Provably secure session key distribution: the three party case

STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
An Efficient Protocol for Authenticated Key Agreement

Designs, Codes and Cryptography
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Universally Composable Notions of Key Exchange and Secure Channels

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Authenticated Multi-Party Key Agreement

ASIACRYPT '96 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOS

Designs, Codes and Cryptography
Comparing the Pre- and Post-specified Peer Models for Key Agreement

ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
One-round key exchange in the standard model

International Journal of Applied Cryptography
Partnership in key exchange protocols

Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Session-state Reveal Is Stronger Than Ephemeral Key Reveal: Attacking the NAXOS Authenticated Key Exchange Protocol

ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
A New Efficient and Strongly Secure Authenticated Key Exchange Protocol

IAS '09 Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 01
Strongly Secure Authenticated Key Exchange without NAXOS' Approach

IWSEC '09 Proceedings of the 4th International Workshop on Security: Advances in Information and Computer Security
An eCK-Secure Authenticated Key Exchange Protocol without Random Oracles

ProvSec '09 Proceedings of the 3rd International Conference on Provable Security
Stronger security of authenticated key exchange

ProvSec'07 Proceedings of the 1st international conference on Provable security
Authenticated key exchange and key encapsulation in the standard model

ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Examining indistinguishability-based proof models for key establishment protocols

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
On session identifiers in provably secure protocols: the Bellare-Rogaway three-party key distribution protocol revisited

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
HMQV: a high-performance secure diffie-hellman protocol

CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

SP 800-56A. Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography (Revised)

Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage

ProvSec'11 Proceedings of the 5th international conference on Provable security
Characterization of strongly secure authenticated key exchanges without NAXOS technique

IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Strongly secure authenticated key exchange from factoring, codes, and lattices

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
A complementary analysis of the (s)YZ and DIKE protocols

AFRICACRYPT'12 Proceedings of the 5th international conference on Cryptology in Africa
Sufficient condition for ephemeral key-leakage resilient tripartite key exchange

ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Sufficient condition for identity-based authenticated key exchange resilient to leakage of secret keys

ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
OAKE: a new family of implicitly authenticated diffie-hellman protocols

Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Many recent key exchange (KE) protocols have been proven secure in the CK, CK-HMQV, or eCK security models. The exact relation between these security models, and hence the relation between the security guarantees provided by the protocols, is unclear. We show first that the CK, CK-HMQV, and eCK security models are formally incomparable. Second, we show that these models are also practically incomparable, by providing for each model attacks on protocols from the literature that are not considered by the other models. Third, our analysis enables us to find previously unreported flaws in protocol security proofs from the literature. We identify the causes of these flaws and show how they can be avoided.