Results 1 - 10 of 22

B.: Modeling Leakage of Ephemeral Secrets in Tripartite/Group Key Exchange

by Mark Manulis, Koutarou Suzuki, Berkant Ustaoglu - Information, Security and Cryptology–ICISC’09, Revised Selected Papers. Volume 5984 of LNCS , 2010
"... Abstract. Recent advances in the design and analysis of secure two-party key exchange (2KE) such as the leakage of ephemeral secrets used during the attacked sessions remained unnoticed by the current models for group key exchange (GKE). Focusing on a special case of GKE — the tripartite key exchang ..."
Abstract - Cited by 3 (1 self) - Add to MetaCart
Abstract. Recent advances in the design and analysis of secure two-party key exchange (2KE) such as the leakage of ephemeral secrets used during the attacked sessions remained unnoticed by the current models for group key exchange (GKE). Focusing on a special case of GKE — the tripartite key

Sufficient Condition for Ephemeral Key-Leakage Resilient Tripartite Key Exchange

by Atsushi Fujioka, Mark Manulis, Koutarou Suzuki
"... Abstract. Tripartite (Diffie-Hellman) Key Exchange (3KE), introduced by Joux (ANTS-IV 2000), represents today the only known class of group key exchange protocols, in which computation of unauthenticated session keys requires one round and proceeds with minimal computation and communication overhead ..."
Abstract - Cited by 2 (0 self) - Add to MetaCart
authenticated constructions, all of which enjoy forward secrecy and resilience to ephemeral key-leakage under the gap Bilinear Diffie-Hellman assumption in the random oracle model. 1

Modelling after-the-fact leakage for key exchange

by Janaka Alawatugoda, Douglas Stebila, Colin Boyd - In ASIACCS , 2014
"... Security models for two-party authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of long-term secrets of protocol principals, ..."
Abstract - Cited by 2 (1 self) - Add to MetaCart
, even after the session key is established. We introduce a generic key exchange security model, which can be instantiated allowing bounded or continuous leakage, even when the adversary learns certain ephemeral secrets or session keys. Our model is the strongest known partial-leakage-based security

On Continuous After-the-Fact Leakage-Resilient Key Exchange

by Mohsen Toorani
"... Side-channel attacks are severe type of attack against implementation of cryptographic primitives. Leakage-resilient cryptography is a new theoretical approach to formally address the problem of side-channel attacks. Recently, the Continuous After-the-Fact Leakage (CAFL) security model has been intr ..."
Abstract - Cited by 3 (3 self) - Add to MetaCart
introduced for two-party authenticated key exchange (AKE) protocols. In the CAFL model, an adversary can adaptively request arbitrary leakage of long-term secrets even after the test session is activated. It supports continuous leakage even when the adversary learns certain ephemeral secrets or session keys

Beyond eCK: Perfect Forward Secrecy under Actor Compromise and Ephemeral-Key Reveal ⋆

by Cas Cremers, Michèle Feltz
"... Abstract. We show that it is possible to achieve perfect forward secrecy in two-message or one-round key exchange (KE) protocols that satisfy even stronger security properties than provided by the extended Canetti-Krawczyk (eCK) security model. In particular, we consider perfect forward secrecy in t ..."
Abstract - Cited by 9 (4 self) - Add to MetaCart
in the presence of adversaries that can reveal ephemeral secret keys and the long-term secret keys of the actor of a session (similar to Key Compromise Impersonation). We propose two new game-based security models for KE protocols. First, we formalize a slightly stronger variant of the eCK security model that we

Stronger Secure Authenticated Key Exchange from Factoring, Codes, and Lattices

by Minkyu Kim , Atsushi Fujioka , Berkant Ustaoglu - In Fischlin [22
"... Abstract. LaMacchia, Lauter and Mityagin [15] proposed the extended Canetti-Krawczyk (eCK) model and an AKE protocol, called NAXOS. Unlike previous security models, the adversary in the eCK model is allowed to obtain ephemeral secret information related to the test session, which makes the securit ..."
Abstract - Cited by 12 (1 self) - Add to MetaCart
Abstract. LaMacchia, Lauter and Mityagin [15] proposed the extended Canetti-Krawczyk (eCK) model and an AKE protocol, called NAXOS. Unlike previous security models, the adversary in the eCK model is allowed to obtain ephemeral secret information related to the test session, which makes

Authenticated Key Exchange with Synchronized States

by Zheng Yang
"... Abstract. Nowadays, most of sensitive applications over insecure network are protected by some authenticated secure channel which is highly relies on specific authenticated key exchange (AKE) protocol. Nevertheless, the leakage of authentication credential used in AKE protocol somehow result in unau ..."
Abstract - Add to MetaCart
synchronization framework for AKE, in which we utilize the session key to generate the secret execution states on both sides, and present a new AKESS protocol which is provably secure in the standard model. Our goal is to enhance the security of existing authenticated key exchange with long-lived key (AKELL

Group Key Exchange Secure against Strong Corruptions

by unknown authors
"... Abstract. When a set of users run a group key exchange (GKE) protocol, they usually extract the key from some auxiliary (ephemeral) secret information generated during the execution itself. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets. Undoubtedly, their se ..."
Abstract - Add to MetaCart
Abstract. When a set of users run a group key exchange (GKE) protocol, they usually extract the key from some auxiliary (ephemeral) secret information generated during the execution itself. Strong corruptions are attacks by which an adversary can reveal these ephemeral secrets. Undoubtedly

Efficient eCK-secure Authenticated Key Exchange Protocols in the Standard Model

by Zheng Yang
"... The extended Canetti–Krawczyk (eCK) security models, are widely used to provide security arguments for authenticated key exchange protocols that capture leakage of various kinds of secret information like the long-term private key and session-specific secret state. In this paper, we study the open p ..."
Abstract - Cited by 2 (1 self) - Add to MetaCart
The extended Canetti–Krawczyk (eCK) security models, are widely used to provide security arguments for authenticated key exchange protocols that capture leakage of various kinds of secret information like the long-term private key and session-specific secret state. In this paper, we study the open

Strongly Secure One-round Group Authenticated Key Exchange in the Standard Model

by Yong Li, Zheng Yang
"... One-round group authenticated key exchange (GAKE) protocols typically provide implicit authentication and appealing bind-width efficiency. As a special case of GAKE – the pairing-based one-round tripartite authenticated key exchange (3AKE), recently gains much attention of research community due to ..."
Abstract - Cited by 1 (1 self) - Add to MetaCart
One-round group authenticated key exchange (GAKE) protocols typically provide implicit authentication and appealing bind-width efficiency. As a special case of GAKE – the pairing-based one-round tripartite authenticated key exchange (3AKE), recently gains much attention of research community due
Results 1 - 10 of 22