11,170 Hits in 5.9 sec

Reusing Static Keys in Key Agreement Protocols [chapter]

Sanjit Chatterjee, Alfred Menezes, Berkant Ustaoglu
2009 Lecture Notes in Computer Science  
We also propose an enhancement of the extended Canetti-Krawczyk security model and definition for the situation where static public keys are reused in two or more key agreement protocols.  ...  In this paper, we give examples of key establishment protocols that are individually secure, but which are insecure when static key pairs are reused in two of the protocols.  ...  We consider a scenario where parties are permitted to reuse their static public keys in two key agreement protocols, Π 1 and Π 2 .  ... 
doi:10.1007/978-3-642-10628-6_3 fatcat:5won3rndsbd3toy2maahtgzkqm

On reusing ephemeral keys in Diffie-Hellman key agreement protocols

Alfred Menezes, Berkant Ustaoglu
2010 International Journal of Applied Cryptography  
A party may choose to reuse ephemeral public keys in a Diffie-Hellman key agreement protocol in order to reduce its computational workload or to mitigate against denial-of-service attacks.  ...  In this note we highlight the danger of reusing ephemeral keys if domain parameters are not appropriately selected or if public keys are not appropriately validated.  ...  Rather, the attack highlights the danger of reusing ephemeral public keys in a key agreement protocol for which the security analysis assumed that ephemeral public keys are never reused.  ... 
doi:10.1504/ijact.2010.038308 fatcat:xnd6475otbcktclo4o6i5noct4

Exploiting Partial Order of Keys to Verify Security of a Vehicular Group Protocol [article]

Felipe Boeira, Mikael Asplund
2021 arXiv   pre-print
In this paper, we perform a systematic security evaluation of a vehicular platooning protocol through a thorough analysis of the protocol and security standards.  ...  We show that our order-aware approach makes the verification feasible and proves strong authenticity properties along with secrecy of all keys used throughout the protocol.  ...  Allowing reuse of lemmas (and thereby ordering of them according to the key hierarchy) does help with the final authenticity lemma which is to prove injective agreement on the pair-wise keys ppk 1 and  ... 
arXiv:2105.02664v2 fatcat:st2ykgpkanctvp2rcvwiec6yum

Batch Computations Revisited: Combining Key Computations and Batch Verifications [chapter]

René Struik
2011 Lecture Notes in Computer Science  
We consider the effect of combining the key computation step in particular key agreement protocols, such as ECMQV and static-DH, with verifying particular elliptic curve equations, such as those related  ...  In particular, we show that one can securely combine ECDSA signature verification and ECMQV and static-ECDH key computations, resulting in significant performance improvements, due to saving on doubling  ...  Static-ECDH with ECDSA * Signatures In this section, we illustrate how combining the key computation step in the elliptic curve authenticated public-key key agreement protocol Static-ECDH with the ECDSA  ... 
doi:10.1007/978-3-642-19574-7_9 fatcat:i3lmfbcq6fhejft3pioyti72ga

Authenticated Diffe-Hellman Key Agreement Protocols [chapter]

Simon Blake-Wilson, Alfred Menezes
1999 Lecture Notes in Computer Science  
This paper surveys recent work on the design and analysis of key agreement protocols that are based on the intractability of the Diffie-Hellman problem.  ...  The focus is on protocols that have been standardized, or are in the process of being standardized, by organizations such as ANSI, IEEE, ISO/IEC, and NIST.  ...  key agreement protocols, while in §5 we discuss protocols for authenticated key agreement with key confirmation.  ... 
doi:10.1007/3-540-48892-8_26 fatcat:akczicmnxfbn5p6qvsirvnfune

A Parallel Key Generation Algorithm for Efficient Diffie-Hellman Key Agreement

Yun Chen, Xin Chen, Yi Mu
2006 2006 International Conference on Computational Intelligence and Security  
In this paper, we propose a novel key generation algorithm for DH agreement that derives computational efficiency from constructing a parallel architecture.  ...  In this paper, we propose a novel key generation algorithm for DH agreement that derives computational efficiency from constructing a parallel architecture.  ...  To enhance security, a system usually requires a DH key agreement working in an ephemeral-static mode where the recipient has a static key pair, but the sender fleshly generates an ephemeral key pair for  ... 
doi:10.1109/iccias.2006.295289 fatcat:3nr5yezbifag7dqfamdaz6223q

Cryptanalysis of Improved One-round Lin-Li's Tripartite Key Agreement Protocol

Meng-Hui Lim, Sanggon Lee, Hoonjae Lee
2008 International Conference on Advanced Communication Technology, ICACT  
Recently, we have improved a one-round tripartite authenticated key agreement protocol proposed by Lin-Li due to its vulnerability to the forging attack in our previous report.  ...  A tripartite authenticated key agreement protocol is designed for three entities to communicate securely over an open network particularly with a shared key.  ...  In general, a key agreement protocol is called authenticated if the protocol is able to ensure that the session key is known only to the intended entities in a protocol run.  ... 
doi:10.1109/icact.2008.4494161 fatcat:qqnompjhdfbn3ie7rwtcrjogjy

Assessment of the Key-Reuse Resilience of NewHope [chapter]

Aurélie Bauer, Henri Gilbert, Guénaël Renault, Mélissa Rossi
2019 Lecture Notes in Computer Science  
In the case of the CPA-KEM instance of NewHope, they confirm that key reuse (e.g. key caching at server side) should be strictly avoided, even for an extremely short duration.  ...  This attack model turns out to be relevant in key reuse situations since an attacker may then be able to access such an oracle repeatedly with the same key -either directly or using faults or side channels  ...  Previous work The danger of accessing a key mismatch oracle within some key agreement protocols in a key share reuse context has been already exposed several times.  ... 
doi:10.1007/978-3-030-12612-4_14 fatcat:er47wsrnozeodbulezbbwd5lp4

Forwarding Scheme Extension for Fast and Secure Handoff in Hierarchical MIPv6 [chapter]

Hoseong Jeon, Jungmuk Lim, Hyunseung Choo, Gyung-Leen Park
2005 Lecture Notes in Computer Science  
In this paper, we propose a forwarding scheme extension for fast and secure handoff that can reduce a handoff delay while maintaining a security level by a forwarding and session key exchange mechanism  ...  For this reason, the Hierarchical Mobile IPv6 (HMIPv6) protocol [2] and the Authentication, Authorization, and Accounting (AAA) protocol [3] are proposed.  ...  Session Key Exchange Mechanism: The Diffie-Hellman key agreement protocol depends on the discrete logarithm using two system parameters p and g.  ... 
doi:10.1007/11428848_62 fatcat:whyyp3uonzhvxf4r3suzgr5e2a

Cryptography Standards in Quantum Time: New Wine in an Old Wineskin?

Lidong Chen
2017 IEEE Security and Privacy  
The scope of the call covers all public-key cryptographic primitives currently standardized by NIST, which are public-key encryption, key agreement, and digital signatures schemes.  ...  Now that public-key cryptography schemes like Diffie-Hellman key agreement ([2]) and RSA digital signatures ([3]) have become indispensable for our digitized life, the recent progress made on quantum computers  ...  Public-key reuse In a Diffie-Hellman key agreement scheme, a public key can be ephemeral or static.  ... 
doi:10.1109/msp.2017.3151339 pmid:29333107 pmcid:PMC5766008 fatcat:z3gurwsxvvef3m6zrcq3tswacu

Security arguments for the UM key agreement protocol in the NIST SP 800-56A standard

Alfred Menezes, Berkant Ustaoglu
2008 Proceedings of the 2008 ACM symposium on Information, computer and communications security - ASIACCS '08  
The Unified Model (UM) key agreement protocol is an efficient Diffie-Hellman scheme that has been included in many cryptographic standards, most recently in the NIST SP 800-56A standard.  ...  In this paper we present a strengthening of the Canetti-Krawczyk security definition for key agreement that captures resistance to all important attacks that have been identified in the literature with  ...  (The desirable security properties of key agreement protocols are listed in Appendix A.)  ... 
doi:10.1145/1368310.1368348 dblp:conf/ccs/MenezesU08 fatcat:5jnr3r5henerlc62j7tfvxw4ea

Post-Quantum Static-Static Key Agreement Using Multiple Protocol Instances [chapter]

Reza Azarderakhsh, David Jao, Christopher Leonardi
2017 Lecture Notes in Computer Science  
Some key agreement protocols leak information about secret keys if dishonest participants use specialized public keys.  ...  We consider this transformation in the context of various post-quantum key agreement schemes and analyze the attacker's success probabilities (which depend on the details of the underlying key agreement  ...  This work is supported in parts by the grants NIST-60NANB17D184, NIST-60NANB16D246, and NSF CNS-1661557.  ... 
doi:10.1007/978-3-319-72565-9_3 fatcat:z5larb3xcrebtc7pn37wql4ehy

A Generic Variant of NIST's KAS2 Key Agreement Protocol [chapter]

Sanjit Chatterjee, Alfred Menezes, Berkant Ustaoglu
2011 Lecture Notes in Computer Science  
We propose a generic three-pass key agreement protocol that is based on a certain kind of trapdoor one-way function family.  ...  The generic protocol also has a hybrid implementation, where one party has an RSA key pair and the other party has a discrete log key pair.  ...  The hybrid protocol, the KAS1 protocol, and some concerns with reusing static key pairs in more than one protocol are briefly discussed in §6.  ... 
doi:10.1007/978-3-642-22497-3_23 fatcat:lhue4ocbuvcwnkzwbznwcgk7ni

Anonymity and one-way authentication in key exchange protocols

Ian Goldberg, Douglas Stebila, Berkant Ustaoglu
2012 Designs, Codes and Cryptography  
It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication.  ...  We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity.  ...  The string ntor assures thatB is aware about the key agreement protocol for which the static public key B is used.  ... 
doi:10.1007/s10623-011-9604-z fatcat:tgxqgbvrszedpj2rxfkizlf2di

Towards Denial-of-Service-Resilient Key Agreement Protocols [chapter]

Douglas Stebila, Berkant Ustaoglu
2009 Lecture Notes in Computer Science  
Denial of service resilience is an important practical consideration for key agreement protocols in any hostile environment such as the Internet.  ...  In this work we propose a formal definition of denial of service resilience, a model for secure authenticated key agreement, and show how security and denial of service resilience can be considered in  ...  A Secure DoS-Resilient Key Agreement Protocol Our DoS-CMQV protocol, given in Fig. 1 , is an adaptation of the CMQV [Ust08] secure authenticated key agreement protocol.  ... 
doi:10.1007/978-3-642-02620-1_27 fatcat:y3g3lnqvnvd43jbg6fecz5snj4
« Previous Showing results 1 — 15 out of 11,170 results