Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.6B.207

Introduction to Leakage-Resilient Authenticated Key Exchange Protocols and Their Applications  

Imai, Hideki (Chuo University)
Shin, Seong-Han (Chuo University)
Kobara, Kazukuni (Chuo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.18, no.6B, 2008 , pp. 207-217 More about this Journal
Abstract
Secure channels, indispensable to many applications, can be established by using an authenticated key exchange (AKE) protocol where the involving parties authenticate one another and then share authenticated session keys over insecure networks. In this paper, we introduce a new type of AKE protocols that are especially designed to minimize the damages caused by leakages of stored secrets. Such protocols are called Leakage-Resilient AKE (LR-AKE) protocols, whose motivation, design principles, several constructions, security analysis and applications are explained in detail.
Keywords
authentication; key exchange; leakage-resilience; DH; RSA;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Diffie, W., and Hellman, M.: 'New directions in cryptography', IEEE Trans. Information Theory, 1976, IT-22, (6),pp. 644-654
2 Bellare, M., and Rogaway, P.: 'Provably-secure session key distribution the three party case', Proc. ACM Sym. Theory of Computing, 1995, pp. 57-66
3 IETF: 'Internet key exchange (IKEv2) protocol', 2004, http://tools.ietf.org/html/draft-ietf-ipsec-ikev2-17
4 ISO/IEC 11770-3: 'Information technology - security techniques - key management - part 3: mechanisms using asymmetric techniques', 2008
5 IEEE 1363-2000: 'Standard specifications for public key cryptography' , http://grouper.ieee.org/groups/1363/P1363/index.html
6 Krawczyk, H.: 'HMQV: a high-performance secure Diffie-Hellman protocol', Proc. CRYPTO 2005,2005, pp. 546-566
7 Bellovin, S. M., and Merritt, M .:'Encrypted key exchange: password-based protocols secure against dictionary attacks', Proc. IEEE syrn. Security and Privacy, 1992, pp. 72-84
8 http://jablon.org/passwordlinks.html
9 Gong, L.. 'Optimal authentication protocols resistant to password guessing attacks', Proc. IEEE Computer Security Foundation Workshop, 1995, pp. 24-29
10 Boyarsky, M. K.: 'Public-key cryptography and password protocols: the multi-user case', Proc. ACM Conf. Computer and Communications Security, 1999, pp. 63-72
11 Rackoff, C., and Simon, D.: 'Non-interactive zeroknowledge proof of knowledge and chosen ciphertext attack', Proc. CRYPTO'91, 1992, pp.433-444
12 Franklin, M.: 'A survey of key evolving cryptosystems', Int. J. Security and Networks, 2006,1, (1/2), pp. 46-53   DOI
13 Shin, S. H., Kobara, K., and Imai, H .. 'A simple leakageresilient authenticated key establishment protocol, its extensions, and applications', IEICE Trans. Fundamentals of Electronics, Communications and Computer Sciences, 2005, E88-A, (3), pp. 736-754. A preliminary version appeared at ASIACRYPT 2003
14 Rivest, R. L, Shamir, A, and Adelman, L.: 'A method for obtaining digital signature and public-key cryptosystems', Technical Memo LCS/TM82, 1977
15 Shin, S. H., Fathi, H., Kobara, K., Prasad, N. R., and Imai, H.: 'A new security architecture for personal networks and its performance evaluation', IEICE Trans. Communications, 2008, E91-B, (7), pp. 2255-2264   DOI   ScienceOn
16 Lomas, T., Gong, L., Saltzer, J., and Needham, R.:'Reducing risks from poorly chosen keys', Proc. ACM Syrn. Operating System Principles, 1989, pp. 14-18
17 Dodis, Y., Reyzin, L., and Smith, A.: 'Fuzzy extractors: how to generate strong keys from biometrics and other noisy data', Proc. EUROCRYPT 2004,2004, pp. 523-540
18 Ostrovsky, R., and Yung, M.: 'How to withstand mobile virus attacks', Proc. ACM Sym. Principles of Distributed Computing, 1991, pp. 51-59
19 Bellare, M., and Rogaway, P.; 'Random oracles are practical: a paradigm for designing efficient protocols', Proc. ACM CCS'93, 1993, pp. 62-73
20 Fathi, H., Shin, S. H., Kobara, K., Chakraborty, S., Imai, H., and Prasad, R.: 'LR-AKE-based AAA for network mobility (NEMO) over wireless links', IEEE J. Selected Areas in Communications, 2006, 24, (9), pp. 1725-1737   DOI   ScienceOn
21 Shoup, V.: 'On formal models for secure key exchange', Theory of Cryptography Library, 1999
22 IEEE P1363.2: 'Standard specifications for password based public key cryptographic techniques', http://grouper.ieee.org/groups/1363/passwdPK/submissions.html
23 Jakobsson, M., and Myers, S.: 'Phishing and countermeasures' (John Wiley and Sons Inc, 2006)
24 Kolesnikov, V, and Rackoff, C.: 'Password mistyping in two-factor-authenticated key exchange', Proc. ICALP (2), 2008, pp. 702-714
25 Gong, L., Lomas, T., Needham, R., and Saltzer, J.. 'Protecting poorly-chosen secrets from guessing attacks', IEEE J. Selected Areas in Communications, 1993, 11, (5), pp.648-656   DOI   ScienceOn
26 Krawczyk, H.: 'SIGMA: the 'SIGn-and-Mac' approach to authenticated Diffie-Hellman and its use in the IKE protocols', Proc. CRYPTO 2003, 2003, pp. 400-425
27 Anderson, R., and Kuhn, M.: 'Low cost attacks on tamper resistant devices', Proc. Security Protocols, 1997, pp. 125-136
28 Boneh, D.: 'The decisional Diffie-Hellman problem', Proc. ANTS-IV, 1998, pp. 48-63
29 Itkis, G.: 'Forward security - adaptive cryptography: time evolution', Handbook of Information Security, 2006, 3, chapter 199 H. Bidgoli (Ed). Wiley Publishers
30 Shin, S. H., Kobara, K., and Imai, H.: 'A secure authenticated key exchange protocol for credential services', IEICE Trans. Fundamentals of Electronics, Communications and Computer Sciences, 2008, E91-A, (1), pp. 139-149   DOI   ScienceOn
31 Krawczyk, H., Bellare, M, and Canetti, R .. 'HMAC: keyedhashing for message authentication', IETF RFC 2104, 1997
32 IETF: 'Transport layer security (tis)', http://www.ietf.org/html.charters/tIs-charter.html
33 Menezes, A., Qu, M., and Vanstone, S.: 'Some new key agreement protocols providing mutual implicit authentication': Proc. Selected Areas in Cryptography, 1995
34 Bellare, M., and Rogaway, P.: 'Entity authentication and key distribution', Proc. CRYPTO' 93, 1993, pp. 232-249
35 Kolesnikov, V., and Rackoff, C .: 'Key exchange using passwords and long keys', Proc. TCC 2006,2006, pp. 100-119
36 Fathi, H., Shin, S. H., Kobara, K., Chakraborty, S., Imai, H., and Prasad, R.: 'Leakage-resilient security architecture for mobile IPv6 in wireless overlay networks', IEEE J. Selected Areas in Communications, 2005, 23, (11), pp. 2182-2193   DOI   ScienceOn
37 Halevi, S., and Krawczyk, H.: 'Public-key cryptography and password protocols', ACM Trans. Information and System Security, 1999,2, (3), pp. 230-268   DOI
38 Robert, R.: 'CSI computer crime & security survey', 2008, available at http://www.gocsi.com/
39 Shamir, A: 'How to share a secret', Communications of the ACM, 1979,22, (11), pp. 612-613   DOI   ScienceOn
40 Shin, S. H., Kobara, K., and Imai, H.: 'An efficient and leakage-resilient RSA-based authenticated key exchange protocol with tight security reduction', IEICE Trans. Fundamentals of Electronics, Communications and Computer Sciences, 2007, E90-A, (2), pp. 474-490   DOI   ScienceOn
41 http://www.user-groups.net/safenet/computer_theft.html
42 Anderson, R., and Kuhn, M.: 'Tamper resistance - a cautionary note', Proc. USENIX Workshop on Electronic Commerce, 1996, pp. 1-11
43 Lawrence, A. G., Martin, P. L., William, L., and Robert R .:'CSI/FBI computer crime and security survey', CSI, 2006, http://i.cmpnet.com/gocsi/db area/pdfs/fbi/FBI2006.pdf
44 Gentry, C., MacKenzie, P., and Ramzan, Z.: 'A method for making password-based key exchange resilient to server compromise', Proc. CRYPTO 2006,2006, pp. 142-159