ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS

K. Chalkias, F. Mpaldimtsi, D. Hristu-Varsakelis, G. Stephanides

2007

Abstract

Key establishment protocols are among the most important security mechanisms via which two or more parties can generate a common session key to in order to encrypt their communications over an otherwise insecure network. This paper is concerned with the vulnerability of one-pass two-party key establishment protocols to key-compromise impersonation (K-CI) attacks. The latter may occur once an adversary has obtained the long-term private key of an honest party, and represents a serious — but often underestimated — threat. This is because an entity may not be aware that her computer has been compromised and her private key is exposed, and because a successful impersonation attack may result in far greater harm than the reading of past and future conversations. Our aim is to describe two main classes of K-CI attacks that can be mounted against all of the best-known one-pass protocols, including MQV and HMQV. We show that one of the attacks described can be somewhat avoided (though not completely eliminated) through the combined use of digital signatures and time-stamps; however, there still remains a class of K-CI threats for which there is no obvious solution.

References

  1. Ankney, R., Johnson, D., and Matyas, M. (1995). The unified model. In Contribution to X9F1.
  2. ANSI-X9.42 (1998). Agreement of symmetric algorithm keys using Diffie-Hellman. In Working Draft.
  3. ANSI-X9.63 (1998). Elliptic curve key agreement and key transport protocols. In Working Draft.
  4. Bellare, M., Pointcheval, D., and Rogaway, P. (2000). Authenticated key exchange secure against dictionary attacks. In Proceedings EUROCRYPT 2000, LNCS 1807, pp. 139-155. Springer-Verlag.
  5. Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., and Yung, M. (1991). Systematic design of two-party authentication protocols. In Proceedings of Advances in Cryptography - Crypto 7891, LNCS 576, pp. 44-61. Springer-Verlag.
  6. Blake-Wilson, S., Johnson, D., and Menezes, A. (1997). Key agreement protocols and their security analysis. In Proceedings of 6th IMA International Conference on Cryptography and Coding, LNCS 1355, pp. 30-45. Springer-Verlag.
  7. Blake-Wilson, S. and Menezes, A. (1998). Authenticated Diffie-Hellman key agreement protocols. In Proceedings of the 5th annual international workshop - SAC 7898, pp. 339-361. Springer-Verlag.
  8. Boyd, C., Mao, W., and Paterson, K.-G. (2004). Key agreement using statically keyed authenticators. In Proceedings of Applied Cryptography and Network Security - ACNS 7804, LNCS 3089, pp. 248-262. SpringerVerlag.
  9. Diffie, W. and Hellman, M. (1976). New directions in cryptography. In IEEE Transactions on Information Theory 22(6), pp. 644-654.
  10. Goss, K.-C. (1990). Cryptographic method and apparatus for public key exchange with authentication. In U.S. Patent 4956865.
  11. IEEE-1363 (1998). Standard specifications for public key cryptography. In Working Draft.
  12. Jeong, I., Katz, J., and Lee, D. (2004). One-round protocols for two-party authenticated key exchange. In Applied Cryptography and Network Security - ACNS 2004, pp.
  13. Kaliski, B. (2001). An unknown key share attack on the mqv key agreement protocol. In ACM Transactions on Information and System Security, pp. 3649. SpringerVerlag.
  14. Katz, J., Ostrovsky, R., and Yung, M. (2002). Forward secrecy in password-only key exchange protocols. In Proceedings SCN 2002, LNCS 2576, pp. 29-44. Springer-Verlag.
  15. Krawczyk, H. (2005). Hmqv: A high-performance secure diffie- hellman protocol. In Proceedings of Advances in Cryptology - Crypto 7805, LNCS 3621, pp. 546-566. Springer-Verlag.
  16. Kwon, T. (2001). Authentication and key agreement via memorable password. In NDSS 2001 Symposium Conference Proceedings.
  17. LaMacchia, B., Lauter, K., and Mityagin, A. Stronger security of authenticated key exchange. http://citeseer.ist.psu.edu/lamacchia06stronger.html.
  18. Lauter, K. and Mityagin, A. (2001). Authentication and key agreement via memorable password. In NDSS 2001 Symposium Conference Proceedings.
  19. Law, L., Menezes, A., Qu, M., Solinas, J., and Vanstone, S. (1998). An efficient protocol for authenticated key agreement. In Technical report CORR 98-05, University of Waterloo.
  20. Lu, R., Cao, Z., Su, R., and Shao, J. (2005). Pairing-based two-party authenticated key agreement protocol.
  21. Matsumoto, T., Takashima, Y., and Imai, H. (1986). On seeking smart public-key distribution systems. In Transactions of the IECE of Japan, E69, pp. 99-106,.
  22. Menezes, A. (2005). Another look at HMQV. In Cryptology ePrint Archive, Report 2005/205.
  23. NIST (1998). Skipjack and kea algorithm specification.
  24. Oh, S., Kwak, J., and Lee, S.and Won, D. (2003). Security analysis and applications of standard key agreement protocols. In ICCSA (2), pp.191-200. Springer-Verlag.
  25. Strangio, M.-A. (2006). On the resilience of key agreement protocols to key compromise impersonation. In European PKI Workshop on Public Key Infrastructure , LNCS 4043, pp. 233-247. Springer-Verlag.
  26. Zhu, R. W., Tian, X., and Wong, D. S. (2005). Enhancing ck-model for key compromise impersonation resilience and identity-based key exchange. Cryptology ePrint Archive, Report 2005/455. http://eprint.iacr.org/.
Download


Paper Citation


in Harvard Style

Chalkias K., Mpaldimtsi F., Hristu-Varsakelis D. and Stephanides G. (2007). ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 222-228. DOI: 10.5220/0002125702220228


in Bibtex Style

@conference{secrypt07,
author={K. Chalkias and F. Mpaldimtsi and D. Hristu-Varsakelis and G. Stephanides},
title={ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={222-228},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002125702220228},
isbn={978-989-8111-12-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS
SN - 978-989-8111-12-8
AU - Chalkias K.
AU - Mpaldimtsi F.
AU - Hristu-Varsakelis D.
AU - Stephanides G.
PY - 2007
SP - 222
EP - 228
DO - 10.5220/0002125702220228