Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Handbook of Applied Cryptography
Handbook of Applied Cryptography
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
Comparing the pre- and post-specified peer models for key agreement
International Journal of Applied Cryptography
Stronger security of authenticated key exchange
ProvSec'07 Proceedings of the 1st international conference on Provable security
A new security model for authenticated key agreement
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Deniable internet key exchange
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
A secure and efficient authenticated Diffie-Hellman protocol
EuroPKI'09 Proceedings of the 6th European conference on Public key infrastructures, services and applications
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
ProvSec'11 Proceedings of the 5th international conference on Provable security
On the importance of public-key validation in the MQV and HMQV key agreement protocols
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On robust key agreement based on public key authentication
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Hi-index | 0.00 |
The Canetti---Krawczyk (CK) model remains widely used for the analysis of key agreement protocols. We recall the CK model, and its variant used for the analysis of the HMQV protocol, the CK$_\text{HMQV}$ model; we recall also some of the limitations of these models. Next, we show that the (s)YZ protocols do not achieve their claimed CK$_\text{HMQV}$ security. Furthermore, we show that they do not achieve their claimed computational fairness. Our attack suggests that no two---pass key establishment protocol can achieve this attribute. We show also that the Deniable Internet Key Exchange fails in authentication; this illustrates the inability of capturing some impersonation attacks in the CK model. Besides, we propose a secure, efficient, and deniable protocol, geared to the post peer specified model.