Securing group key exchange against strong corruptions.

In group key exchange (GKE) protocols users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. ... Undoubtedly, security impact of strong corruptions is serious, and thus specifying appropriate security requirements and designing secure GKE protocols appears an interesting yet challenging task -the ... Acknowledgements The authors wish to thank Berkant Ustaoglu for his comments on key registration attacks. ...

doi:10.1145/1368310.1368347 dblp:conf/ccs/BressonM08 fatcat:z67ldwvdwjb6dgoo4hynij5pom

Reference to this paper should be made as follows: Bresson, E. and Manulis, M. (2008) 'Securing group key exchange against strong corruptions and key registration attacks', Int. J. ... In Group Key Exchange (GKE) protocols, users usually extract the group key using some auxiliary (ephemeral) secret information generated during the execution. ... Acknowledgement The authors wish to thank Berkant Ustaoglu for his comments on key registration attacks. ...

doi:10.1504/ijact.2008.021083 fatcat:v2hmfgdsmvd47dh7j7tufyxcau

In fact, the absence of trust relationship is the main feature of group key exchange (when compared to group key transport) protocols. ... Index Terms Group key exchange, Malicious participants, Key control, Contributiveness, Security model, Compiler IET PROCEEDINGS INFORMATION SECURITY, SPECIAL ISSUE ON GOCP [3] and multi-party protocols ... INTRODUCTION Group Key Exchange protocols (GKE) is a method of key establishment characterized by the fact that no secure channels are needed and, more important, no party is allowed to choose the key ...

doi:10.1049/iet-ifs:20070113 fatcat:g4opm7vezref7iosouqzy6hhzu

DOAJ

Protocols for authenticated key exchange (AKE) allow parties within an insecure network to establish a common session key which can then be used to secure their future communication. ... (termed "AKE-security"), and that our definition implies all previously-suggested notions of security against insider attacks. ... The following claims serve as useful "sanity checks" for our definition: Claim 2 Any UC-secure group key-exchange protocol is AKE-secure (in the strong corruption model). ...

doi:10.1145/1102120.1102146 dblp:conf/ccs/KatzS05 fatcat:eika753xurct7c3vodpdoxvs3i

We prove that the modified protocol, called KEA+, satisfies the strongest security requirements for authenticated key-exchange and that it retains some security even if a secret key of a party is leaked ... KEA is a Diffie-Hellman based key-exchange protocol developed by NSA which provides mutual authentication for the parties. ... is only needed to ensure security against strong adversaries (who can reveal ephemeral secret keys). ...

doi:10.1007/11745853_25 fatcat:7c5tvsnfhvaubg6yee7qsafqmm

Key exchange protocols are essential for building a secure communication channel over an insecure open network. ... In this paper, we mount a replay attack on Zhao and Gu's protocol and thereby show that unlike the claim of provable security, the protocol is not secure against leakage of ephemeral secret keys. ... For this reason, key exchange protocols proven AKE-secure in a model that allows strong corruption ought to be resistant against any attacks similar to ours. ...

doi:10.9708/jksci/2012.17.9.091 fatcat:qun2xlqtijenha3ijzlhi7wnhq

Open Access

We begin from existing formal security models and refine them to incorporate major missing details (e.g., strong-corruption and concurrent sessions). ... Authenticated Diffie-Hellman key exchange allows two principals communicating over a public network, and each holding public/private keys, to agree on a shared secret value. ... Protocols for group Diffie-Hellman key exchange need to achieve forward-secrecy even when facing strong-corruption. Contributions. ...

doi:10.1007/3-540-46035-7_21 fatcat:xmjcaeous5hl3oqqru2d4fzyfa

A deniable authenticated key exchange (DAKE) protocol establishes a secure channel without producing cryptographic evidence of communication. ... DAKEZ and XZDH provide forward secrecy against active adversaries, and all three protocols can provide forward secrecy against future quantum adversaries while remaining classically secure if attacks against ... Acknowledgments The authors would like to thank Makulf Kohlweiss and the anonymous reviewers for their insightful comments and feedback, Alfredo Rial Duran for his exceptionally detailed verification of our security ...

doi:10.1515/popets-2018-0003 dblp:journals/popets/UngerG18 fatcat:w4k3paha5zcgvkj46gs33zwe4i

DOAJ

Authenticated Key Exchange protocols enable several parties to establish a shared cryptographically strong key over an insecure network using various authentication means, such as strong cryptographic ... Introduction Key exchange protocols are cryptographic primitives used to provide several users (two or more), communicating over a public unreliable channel, with a secure session key. ... Group Password-Based Authenticated Key Exchange For groups, while the first proposals were extensions of the group Diffie-Hellman key exchange [38, 20, 17] , the Burmester and Desmedt construction [21 ...

doi:10.1007/978-3-642-30057-8_23 fatcat:cetvmb537zdevkofgsn3v2idx4

Non-interactive key exchange (NIKE) is a fundamental but much-overlooked cryptographic primitive. ... We also study the relationship between NIKE and public key encryption (PKE), showing that a secure NIKE scheme can be generically converted into an IND-CCA secure PKE scheme. ... key exchange. ...

doi:10.1007/978-3-642-36362-7_17 fatcat:hvgvzoal6jev3lw2govgwqojke

We extend the well-known Tree-Diffie-Hellman technique used for the design of group key exchange (GKE) protocols with robustness, i.e. with resistance to faults resulting from possible system crashes, ... We propose a fully robust GKE protocol using the novel tree replication technique: our basic protocol version ensures security against outsider adversaries whereas its extension addresses optional insider ... Introduction and contributions In group key exchange (GKE) protocols, users interact over a network to exchange contributions and finally compute a common group key which is suitable for subsequent cryptographic ...

doi:10.1007/978-3-642-10433-6_33 fatcat:gzgcypbd7ve7npago2dnvdbsza

We provide a characterisation of how strong forward secrecy can be achieved in one-round key exchange. ... Most one-round key exchange protocols provide only weak forward secrecy at best. ... In the next section we review definitions of strong and weak forward secrecy in modern security models for key exchange. ...

doi:10.1007/978-3-642-25516-8_27 fatcat:ebnqhzcbxnd4xi3lixrl4cqxuq

In both cases security has been evaluated against an adversary who can corrupt participants. ... In this paper we consider an adaptive adversary who can both corrupt participants and also access the keys of conference of his choice. ... A SECURITY MODEL FOR NICKDSS AGAINST ACTIVE ADVERSARIES In the security model of group key exchange, the adversary is active and has access to Send, Corrupt, Reveal and Test oracles. ...

doi:10.1145/1368310.1368349 dblp:conf/ccs/Safavi-NainiJ08 fatcat:hv6vxya6hfcodpyaq7ghoqruum

As for MTI/C0, no formal security result was available to our knowledge. Security Model. Informally, we want to model resistance of a key exchange protocol against active and adaptive attackers. ... This game models the semantic security (and even the forward-secrecy, if the corruption of players is allowed). ... Finally, we sum up in section 6 the key design choices that help make a signature-less key exchange protocol secure. The security model, which is the classical one, is reviewed in appendix A. ...

doi:10.1007/11832072_11 fatcat:ssnsbdrzsvcsxbe5bm4jlj5dbi

We treat the security of group key exchange (GKE) in the universal composability (UC) framework. Analyzing GKE protocols in the UC framework naturally addresses attacks by malicious insiders. ... Canetti and Krawczyk [15] show that their earlier game-based notion of SK-security [13] for two-party key exchange (2PKE) is equivalent to a relaxed notion of UC-security. ... Introduction A group key exchange (GKE) protocol allows a group of parties to agree upon a common session key over a public network. ...

doi:10.1145/1533057.1533079 dblp:conf/ccs/GorantlaBN09 fatcat:tspykq6iajhgvlu52imroto63q

Securing group key exchange against strong corruptions

Preserved Fulltext

Securing group key exchange against strong corruptions and key registration attacks

Preserved Fulltext

Contributory group key exchange in the presence of malicious participants

Preserved Fulltext

Modeling insider attacks on group key-exchange protocols

Preserved Fulltext

Security Analysis of KEA Authenticated Key Exchange Protocol [chapter]

Preserved Fulltext

A Security Analysis of Zhao and Gu's Key Exchange Protocol Zhao와 Gu가 제안한 키 교환 프로토콜의 안전성 분석

Preserved Fulltext

Dynamic Group Diffie-Hellman Key Exchange under Standard Assumptions [chapter]

Preserved Fulltext

Improved Strongly Deniable Authenticated Key Exchanges for Secure Messaging

Preserved Fulltext

Password-Based Authenticated Key Exchange [chapter]

Preserved Fulltext

Non-Interactive Key Exchange [chapter]

Preserved Fulltext

Fully Robust Tree-Diffie-Hellman Group Key Exchange [chapter]

Preserved Fulltext

On Forward Secrecy in One-Round Key Exchange [chapter]

Preserved Fulltext

Non-interactive conference key distribution and its applications

Preserved Fulltext

About the Security of MTI/C0 and MQV [chapter]

Preserved Fulltext

Universally composable contributory group key exchange

Preserved Fulltext

A Security Analysis of Zhao and Gu's Key Exchange Protocol
Zhao와 Gu가 제안한 키 교환 프로토콜의 안전성 분석