Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Batch exponentiation: a fast DLP-based signature generation strategy
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
Handbook of Applied Cryptography
Handbook of Applied Cryptography
An Efficient Protocol for Authenticated Key Agreement
Designs, Codes and Cryptography
Security Analysis of IKE's Signature-Based Key-Exchange Protocol
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Key Agreement Protocols and Their Security Analysis
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Just fast keying: Key agreement in a hostile internet
ACM Transactions on Information and System Security (TISSEC)
Tor: the second-generation onion router
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
A Modular Security Analysis of the TLS Handshake Protocol
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Comparing the pre- and post-specified peer models for key agreement
International Journal of Applied Cryptography
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Anonymous secure communication in wireless mobile ad-hoc networks
ICUCT'06 Proceedings of the 1st international conference on Ubiquitous convergence technology
Improving efficiency and simplicity of Tor circuit establishment and hidden services
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Stronger security of authenticated key exchange
ProvSec'07 Proceedings of the 1st international conference on Provable security
ID-based key agreement with anonymity for ad hoc networks
EUC'07 Proceedings of the 2007 international conference on Embedded and ubiquitous computing
Pairing-Based Onion Routing with Improved Forward Secrecy
ACM Transactions on Information and System Security (TISSEC)
Constructing certificateless encryption and ID-based encryption from ID-based key agreement
Pairing'10 Proceedings of the 4th international conference on Pairing-based cryptography
Identity-based key agreement with unilateral identity privacy using pairings
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
HMQV: a high-performance secure diffie-hellman protocol
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
On the security of the tor authentication protocol
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
New directions in cryptography
IEEE Transactions on Information Theory
Strongly-secure identity-based key agreement and anonymous extension
ISC'07 Proceedings of the 10th international conference on Information Security
Ace: an efficient key-exchange protocol for onion routing
Proceedings of the 2012 ACM workshop on Privacy in the electronic society
Elligator: elliptic-curve points indistinguishable from uniform random strings
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
An analysis of the EMV channel establishment protocol
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.