정보보호학회논문지 (Journal of the Korea Institute of Information Security & Cryptology)

  • 제18권6B호
  • /
  • Pages.207-217
  • /
  • 2008
  • /
  • 1598-3986(pISSN)
  • /
  • 2288-2715(eISSN)
한국정보보호학회 (Korea Institute of Information Security and Cryptology)
권호 표지
DOI QR코드

DOI QR Code

Introduction to Leakage-Resilient Authenticated Key Exchange Protocols and Their Applications

  • 발행 : 2008.12.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Secure channels, indispensable to many applications, can be established by using an authenticated key exchange (AKE) protocol where the involving parties authenticate one another and then share authenticated session keys over insecure networks. In this paper, we introduce a new type of AKE protocols that are especially designed to minimize the damages caused by leakages of stored secrets. Such protocols are called Leakage-Resilient AKE (LR-AKE) protocols, whose motivation, design principles, several constructions, security analysis and applications are explained in detail.

키워드

참고문헌

  1. Diffie, W., and Hellman, M.: 'New directions in cryptography', IEEE Trans. Information Theory, 1976, IT-22, (6),pp. 644-654
  2. Bellare, M., and Rogaway, P.: 'Provably-secure session key distribution the three party case', Proc. ACM Sym. Theory of Computing, 1995, pp. 57-66
  3. IETF: 'Transport layer security (tis)', http://www.ietf.org/html.charters/tIs-charter.html
  4. IETF: 'Internet key exchange (IKEv2) protocol', 2004, http://tools.ietf.org/html/draft-ietf-ipsec-ikev2-17
  5. ISO/IEC 11770-3: 'Information technology - security techniques - key management - part 3: mechanisms using asymmetric techniques', 2008
  6. IEEE 1363-2000: 'Standard specifications for public key cryptography' , http://grouper.ieee.org/groups/1363/P1363/index.html
  7. Shoup, V.: 'On formal models for secure key exchange', Theory of Cryptography Library, 1999
  8. Krawczyk, H.: 'SIGMA: the 'SIGn-and-Mac' approach to authenticated Diffie-Hellman and its use in the IKE protocols', Proc. CRYPTO 2003, 2003, pp. 400-425
  9. Menezes, A., Qu, M., and Vanstone, S.: 'Some new key agreement protocols providing mutual implicit authentication': Proc. Selected Areas in Cryptography, 1995
  10. Krawczyk, H.: 'HMQV: a high-performance secure Diffie-Hellman protocol', Proc. CRYPTO 2005,2005, pp. 546-566
  11. Bellare, M., and Rogaway, P.: 'Entity authentication and key distribution', Proc. CRYPTO' 93, 1993, pp. 232-249
  12. Bellovin, S. M., and Merritt, M .:'Encrypted key exchange: password-based protocols secure against dictionary attacks', Proc. IEEE syrn. Security and Privacy, 1992, pp. 72-84
  13. IEEE P1363.2: 'Standard specifications for password based public key cryptographic techniques', http://grouper.ieee.org/groups/1363/passwdPK/submissions.html
  14. http://jablon.org/passwordlinks.html
  15. Lomas, T., Gong, L., Saltzer, J., and Needham, R.:'Reducing risks from poorly chosen keys', Proc. ACM Syrn. Operating System Principles, 1989, pp. 14-18
  16. Gong, L., Lomas, T., Needham, R., and Saltzer, J.. 'Protecting poorly-chosen secrets from guessing attacks', IEEE J. Selected Areas in Communications, 1993, 11, (5), pp.648-656 https://doi.org/10.1109/49.223865
  17. Gong, L.. 'Optimal authentication protocols resistant to password guessing attacks', Proc. IEEE Computer Security Foundation Workshop, 1995, pp. 24-29
  18. Halevi, S., and Krawczyk, H.: 'Public-key cryptography and password protocols', ACM Trans. Information and System Security, 1999,2, (3), pp. 230-268 https://doi.org/10.1145/322510.322514
  19. Boyarsky, M. K.: 'Public-key cryptography and password protocols: the multi-user case', Proc. ACM Conf. Computer and Communications Security, 1999, pp. 63-72
  20. Kolesnikov, V., and Rackoff, C .: 'Key exchange using passwords and long keys', Proc. TCC 2006,2006, pp. 100-119
  21. Kolesnikov, V, and Rackoff, C.: 'Password mistyping in two-factor-authenticated key exchange', Proc. ICALP (2), 2008, pp. 702-714
  22. Rackoff, C., and Simon, D.: 'Non-interactive zeroknowledge proof of knowledge and chosen ciphertext attack', Proc. CRYPTO'91, 1992, pp.433-444
  23. Jakobsson, M., and Myers, S.: 'Phishing and countermeasures' (John Wiley and Sons Inc, 2006)
  24. Lawrence, A. G., Martin, P. L., William, L., and Robert R .:'CSI/FBI computer crime and security survey', CSI, 2006, http://i.cmpnet.com/gocsi/db area/pdfs/fbi/FBI2006.pdf
  25. Robert, R.: 'CSI computer crime & security survey', 2008, available at http://www.gocsi.com/
  26. http://www.user-groups.net/safenet/computer_theft.html
  27. Anderson, R., and Kuhn, M.: 'Tamper resistance - a cautionary note', Proc. USENIX Workshop on Electronic Commerce, 1996, pp. 1-11
  28. Anderson, R., and Kuhn, M.: 'Low cost attacks on tamper resistant devices', Proc. Security Protocols, 1997, pp. 125-136
  29. Franklin, M.: 'A survey of key evolving cryptosystems', Int. J. Security and Networks, 2006,1, (1/2), pp. 46-53 https://doi.org/10.1504/IJSN.2006.010822
  30. Itkis, G.: 'Forward security - adaptive cryptography: time evolution', Handbook of Information Security, 2006, 3, chapter 199 H. Bidgoli (Ed). Wiley Publishers
  31. Shin, S. H., Kobara, K., and Imai, H .. 'A simple leakageresilient authenticated key establishment protocol, its extensions, and applications', IEICE Trans. Fundamentals of Electronics, Communications and Computer Sciences, 2005, E88-A, (3), pp. 736-754. A preliminary version appeared at ASIACRYPT 2003
  32. Shin, S. H., Kobara, K., and Imai, H.: 'An efficient and leakage-resilient RSA-based authenticated key exchange protocol with tight security reduction', IEICE Trans. Fundamentals of Electronics, Communications and Computer Sciences, 2007, E90-A, (2), pp. 474-490 https://doi.org/10.1093/ietfec/e90-a.2.474
  33. Ostrovsky, R., and Yung, M.: 'How to withstand mobile virus attacks', Proc. ACM Sym. Principles of Distributed Computing, 1991, pp. 51-59
  34. Boneh, D.: 'The decisional Diffie-Hellman problem', Proc. ANTS-IV, 1998, pp. 48-63
  35. Krawczyk, H., Bellare, M, and Canetti, R .. 'HMAC: keyedhashing for message authentication', IETF RFC 2104, 1997
  36. Shamir, A: 'How to share a secret', Communications of the ACM, 1979,22, (11), pp. 612-613 https://doi.org/10.1145/359168.359176
  37. Bellare, M., and Rogaway, P.; 'Random oracles are practical: a paradigm for designing efficient protocols', Proc. ACM CCS'93, 1993, pp. 62-73
  38. Rivest, R. L, Shamir, A, and Adelman, L.: 'A method for obtaining digital signature and public-key cryptosystems', Technical Memo LCS/TM82, 1977
  39. Gentry, C., MacKenzie, P., and Ramzan, Z.: 'A method for making password-based key exchange resilient to server compromise', Proc. CRYPTO 2006,2006, pp. 142-159
  40. Shin, S. H., Kobara, K., and Imai, H.: 'A secure authenticated key exchange protocol for credential services', IEICE Trans. Fundamentals of Electronics, Communications and Computer Sciences, 2008, E91-A, (1), pp. 139-149 https://doi.org/10.1093/ietfec/e91-a.1.139
  41. Fathi, H., Shin, S. H., Kobara, K., Chakraborty, S., Imai, H., and Prasad, R.: 'Leakage-resilient security architecture for mobile IPv6 in wireless overlay networks', IEEE J. Selected Areas in Communications, 2005, 23, (11), pp. 2182-2193 https://doi.org/10.1109/JSAC.2005.856838
  42. Fathi, H., Shin, S. H., Kobara, K., Chakraborty, S., Imai, H., and Prasad, R.: 'LR-AKE-based AAA for network mobility (NEMO) over wireless links', IEEE J. Selected Areas in Communications, 2006, 24, (9), pp. 1725-1737 https://doi.org/10.1109/JSAC.2006.875111
  43. Shin, S. H., Fathi, H., Kobara, K., Prasad, N. R., and Imai, H.: 'A new security architecture for personal networks and its performance evaluation', IEICE Trans. Communications, 2008, E91-B, (7), pp. 2255-2264 https://doi.org/10.1093/ietcom/e91-b.7.2255
  44. Dodis, Y., Reyzin, L., and Smith, A.: 'Fuzzy extractors: how to generate strong keys from biometrics and other noisy data', Proc. EUROCRYPT 2004,2004, pp. 523-540