Paper 2013/398

ASICS: Authenticated Key Exchange Security Incorporating Certification Systems

Colin Boyd, Cas Cremers, Michèle Feltz, Kenneth G. Paterson, Bertram Poettering, and Douglas Stebila

Abstract

Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Full version of the ESORICS 2013 paper
Keywords
authenticated key exchange (AKE)unknown key share (UKS) attackscertification authority (CA)invalid public keysPKI
Contact author(s)
feltzm @ inf ethz ch
History
2015-06-02: revised
2013-06-18: received
See all versions
Short URL
https://ia.cr/2013/398
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/398,
      author = {Colin Boyd and Cas Cremers and Michèle Feltz and Kenneth G.  Paterson and Bertram Poettering and Douglas Stebila},
      title = {ASICS: Authenticated Key Exchange Security Incorporating Certification Systems},
      howpublished = {Cryptology ePrint Archive, Paper 2013/398},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/398}},
      url = {https://eprint.iacr.org/2013/398}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.