Filters








34 Hits in 3.6 sec

On the Importance of Public-Key Validation in the MQV and HMQV Key Agreement Protocols [chapter]

Alfred Menezes, Berkant Ustaoglu
2006 Lecture Notes in Computer Science  
The attacks illustrate the importance of performing some form of public-key validation in Diffie-Hellman key agreement protocols, and furthermore highlight the dangers of relying on security proofs for  ...  In this paper, we present some attacks on HMQV and MQV that are successful if public keys are not properly validated.  ...  Acknowledgements We would like to thank Daniel Panario for his help with the proof of Lemma 1. We also thank Darrel Hankerson for his comments on earlier drafts of this paper.  ... 
doi:10.1007/11941378_11 fatcat:zzgpymtcurhozjgwr4wggd4uai

Another look at HMQV

Alfred Menezes
2007 Journal of Mathematical Cryptology  
The HMQV protocols are 'hashed variants' of the MQV key agreement protocols.  ...  We propose HMQV-1, patched versions of the HMQV protocols that resists our attacks (but do not have any performance advantages over MQV).  ...  Our attacks exploit the omission in the HMQV protocols of public-key validation of static and ephemeral public keys.  ... 
doi:10.1515/jmc.2007.004 fatcat:xhpausnl5zanvoigdce7rxwcfe

On Robust Key Agreement Based on Public Key Authentication [chapter]

Feng Hao
2010 Lecture Notes in Computer Science  
Our new key agreement protocol, YAK, has comparable computational efficiency to the MQV and HMQV protocols with clear advantages on security.  ...  This paper discusses public-key authenticated key agreement protocols. First, we critically analyze several authenticated key agreement protocols and uncover various theoretical and practical flaws.  ...  ACKNOWLEDGMENT We thank Alfred Menezes and Berkant Ustaoglu for their generous advice and invaluable comments.We thank Lihong Yang for helping improve the readability.  ... 
doi:10.1007/978-3-642-14577-3_33 fatcat:z77bu4w6hjgxvhisauqp2b6caa

On robust key agreement based on public key authentication

Feng Hao
2012 Security and Communication Networks  
Our new key agreement protocol, YAK, has comparable computational efficiency to the MQV and HMQV protocols with clear advantages on security.  ...  This paper discusses public-key authenticated key agreement protocols. First, we critically analyze several authenticated key agreement protocols and uncover various theoretical and practical flaws.  ...  ACKNOWLEDGMENT We thank Alfred Menezes and Berkant Ustaoglu for their generous advice and invaluable comments.We thank Lihong Yang for helping improve the readability.  ... 
doi:10.1002/sec.550 fatcat:g4hjha2qivh47brmlohzzshj2a

Two Types of Key-Compromise Impersonation Attacks against One-Pass Key Establishment Protocols [chapter]

K. Chalkias, F. Baldimtsi, D. Hristu-Varsakelis, G. Stephanides
2008 Communications in Computer and Information Science  
Our aim is to describe two main classes of K-CI attacks that can be mounted against all of the best-known one-pass protocols, including MQV and HMQV.  ...  result in far greater harm than the reading of past and future conversations.  ...  -The HMQV protocol by [19, 26] that was proposed as an alternative of MQV. There are two one-pass variants, HMQV(1) and HMQV (2) , which are quite similar to one another.  ... 
doi:10.1007/978-3-540-88653-2_17 fatcat:svyaolsndzhg5i3urusu5qirqq

On the Security of the (F)HMQV Protocol [chapter]

Augustin P. Sarr, Philippe Elbaz–Vincent
2016 Lecture Notes in Computer Science  
Next, we revisit the FHMQV building blocks, design and security arguments; we clarify the security and efficiency separation between HMQV and FHMQV, showing the advantages of FH-MQV over HMQV.  ...  The HMQV protocol is under consideration for IEEE P1363 standardization. We provide a complementary analysis of the HMQV protocol.  ...  We clarified also both the security and efficiency separation between HMQV and FHMQV, showing that even if ephemeral keys are validated in HMQV, the FH-MQV protocol is strictly stronger than HMQV both  ... 
doi:10.1007/978-3-319-31517-1_11 fatcat:m7vbwosoyzf3rjf6anoynw5sr4

A Secure and Efficient Authenticated Diffie–Hellman Protocol [chapter]

Augustin P. Sarr, Philippe Elbaz-Vincent, Jean-Claude Bajard
2010 Lecture Notes in Computer Science  
Ephemeral public key validation is voluntarily omitted in [11] , but the HMQV protocol is known to be insecure if ephemeral keys are not correctly validated [18, 17] .  ...  arguments), which preserves the remarkable performance of the (H)MQV protocols and resists the attacks we present. and G * is the set of non-identity elements in G; all public keys are supposed to belong  ...  The authors would like to thank Netheos R&D for supporting this work. We also thank the EuroPKI 2009 reviewers for their useful comments.  ... 
doi:10.1007/978-3-642-16441-5_6 fatcat:fbbqx3gjrnez5exoxtqmfjtbf4

A New Security Model for Authenticated Key Agreement [chapter]

Augustin P. Sarr, Philippe Elbaz-Vincent, Jean-Claude Bajard
2010 Lecture Notes in Computer Science  
For X ∈ G, the lowercase x denotes the discrete logarithm of X in base G. The identity of a party with public key A is denoted ( is supposed to contain A).  ...  The Canetti-Krawczyk (CK) and extended Canetti-Krawczyk (eCK) security models, are widely used to provide security arguments for key agreement protocols.  ...  of key agreement protocols; and security arguments for recent protocols are usually provided in the (e)CK models.  ... 
doi:10.1007/978-3-642-15317-4_15 fatcat:bvcjyc5thbcu7fqbjwwwjcwcba

ASICS: Authenticated Key Exchange Security Incorporating Certification Systems [chapter]

Colin Boyd, Cas Cremers, Michèle Feltz, Kenneth G. Paterson, Bertram Poettering, Douglas Stebila
2013 Lecture Notes in Computer Science  
However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models.  ...  Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS  ...  of the key agreement protocol.  ... 
doi:10.1007/978-3-642-40203-6_22 fatcat:a4dcmjwt7beczmkd7v3og7qg7u

Time for a Paradigm Shift in Our Disciplinary Culture? [chapter]

Neal Koblitz
2017 Lecture Notes in Computer Science  
In that paper Krawczyk described his modified version of the Menezes-Qu-Vanstone key agreement protocols, which he called HMQV.  ...  The omitted MQV step was a public key validation that had been introduced to prevent known attacks.  ... 
doi:10.1007/978-3-319-61273-7_2 fatcat:skj63eq23bhg3a3u6bbmpfrq7m

ASICS: authenticated key exchange security incorporating certification systems

Colin Boyd, Cas Cremers, Michèle Feltz, Kenneth G. Paterson, Bertram Poettering, Douglas Stebila
2016 International Journal of Information Security  
However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models.  ...  Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS  ...  Acknowledgements C.B. and D.S. were supported by Australian Research Council (ARC) Discovery Project DP130104304. C.C. was supported by ETH Research Grant ETH-30 09-3.  ... 
doi:10.1007/s10207-015-0312-y fatcat:66cqzcyn2bfitbk4t6tu3hu3ii

Security Protocols in a Nutshell [article]

Mohsen Toorani
2016 arXiv   pre-print
Furthermore, a survey on computational security models for authenticated key exchange (AKE) and password-authenticated key exchange (PAKE) protocols, as the most important and well-studied type of security  ...  It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of protocols.  ...  Acknowledgment The author would like to thank Øyvind Ytrehus for helpful comments and discussions.  ... 
arXiv:1605.09771v2 fatcat:mkbc3in6tvdo7madnvqaxogbfq

Making the Diffie-Hellman Protocol Identity-Based [chapter]

Dario Fiore, Rosario Gennaro
2010 Lecture Notes in Computer Science  
when one includes the transmission and verification of certificates in the MQV protocol, which are not required in an id-based scheme).  ...  The design of our protocol was inspired by MQV (the most efficient authenticated Diffie-Hellman based protocol in the public-key model) and indeed its performance is competitive with respect to MQV (especially  ...  Comparison with PKI-based protocols. We also compare our protocol to MQV [26] , and its provably secure version HMQV [25] , which is the most efficient protocol in the public-key setting.  ... 
doi:10.1007/978-3-642-11925-5_12 fatcat:3ilbhmpmnredbf4g3zi6xp2sp4

Comparing the pre- and post-specified peer models for key agreement

Alfred Menezes, Berkant Ustaoglu
2009 International Journal of Applied Cryptography  
On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run.  ...  We give examples of protocols that are secure in one model but insecure in the other.  ...  The Σ 0 protocol [5] is a simplified version of one of the IKE key agreement protocols.  ... 
doi:10.1504/ijact.2009.023472 fatcat:rfx3uszmpja4demogh2z3nvvcy

Secure off-the-record messaging

Mario Di Raimondo, Rosario Gennaro, Hugo Krawczyk
2005 Proceedings of the 2005 ACM workshop on Privacy in the electronic society - WPES '05  
In this paper we present a security analysis of OTR showing that, while the overall concept of the system is valid and attractive, the protocol suffers from security shortcomings due to the use of an insecure  ...  key-exchange protocol and other problematic design choices.  ...  of the scheme) and then computed a valid MAC on it (since old MAC keys are made public).  ... 
doi:10.1145/1102199.1102216 dblp:conf/wpes/RaimondoGK05 fatcat:jfr2gvrt35crzd67strre3t4jm
« Previous Showing results 1 — 15 out of 34 results