Using encryption for authentication in large networks of computers
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Short Signatures from the Weil Pairing
Journal of Cryptology
Protocols for Authentication and Key Establishment
Protocols for Authentication and Key Establishment
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
New directions in cryptography
IEEE Transactions on Information Theory
Information Sciences: an International Journal
| Hi-index | 0.89 |
We introduce an extended Key Compromise Impersonation (KCI) attack against two-party key establishment protocols, where an adversary has access to both long-term and ephemeral secrets of a victim. Such an attack poses serious threats to both key authentication and key confirmation properties of a key agreement protocol, and it seems practical because the adversary could obtain the victim@?s ephemeral secret in a number of methods; for example, by installing some Trojan horse into the victim@?s computer platform or by exploiting the imperfectness of the pseudo-random number generator in the platform. We demonstrate that the 3-pass HMQV protocol, which is secure against the standard KCI attack, is vulnerable to this new attack. Furthermore, we show a countermeasure to prevent such an attack.