A Study of Two-Party Certificateless Authenticated Key-Agreement Protocols [chapter]

Colleen Swanson, David Jao
2009 Lecture Notes in Computer Science  
We survey the set of all prior two-party certificateless key agreement protocols available in the literature at the time of this work. We find that all of the protocols exhibit vulnerabilities of varying severity, ranging from lack of resistance to leakage of ephemeral keys up to (in one case) a man-in-the-middle attack. Many of the protocols admit keycompromise impersonation attacks despite claiming security against such attacks. In order to describe our results rigorously, we introduce the
more » ... st known formal security model for two-party authenticated certificateless key agreement protocols. Our model is based on the extended Canetti-Krawczyk model for traditional authenticated key exchange, except that we expand the range of allowable attacks to account for the increased flexibility of the attacker in the certificateless setting.
doi:10.1007/978-3-642-10628-6_4 fatcat:rerln3zqmvhxjhm2sw34ou24ly