Strongly leakage resilient authenticated key exchange, revisited

Authenticated Key Exchange (AKE) protocols allow two (or multiple) parties to authenticate each other and agree on a common secret key, which is essential for establishing a secure communication channel over a public network. AKE protocols form a central component in many network security standards...

Full description

Saved in:
Bibliographic Details
Main Authors: YANG, Guomin, CHEN, Rongmao, MU, Yi, SUSILO, Willy, GUO Fuchun, LI, Jie
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Online Access:https://ink.library.smu.edu.sg/sis_research/7303
https://ink.library.smu.edu.sg/context/sis_research/article/8306/viewcontent/s10623_019_00656_3.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8306
record_format dspace
spelling sg-smu-ink.sis_research-83062022-09-29T07:38:16Z Strongly leakage resilient authenticated key exchange, revisited YANG, Guomin CHEN, Rongmao MU, Yi SUSILO, Willy GUO Fuchun, LI, Jie Authenticated Key Exchange (AKE) protocols allow two (or multiple) parties to authenticate each other and agree on a common secret key, which is essential for establishing a secure communication channel over a public network. AKE protocols form a central component in many network security standards such as IPSec, TLS/SSL, and SSH. However, it has been demonstrated that many standardized AKE protocols are vulnerable to side-channel and key leakage attacks. In order to defend against such attacks, leakage resilient (LR-) AKE protocols have been proposed in the literature. Nevertheless, most of the existing LR-AKE protocols only focused on the resistance to long-term key leakage, while in reality leakage of ephemeral secret key (or randomness) can also occur due to various reasons such as the use of poor randomness sources or insecure pseudo-random number generators (PRNGs). In this paper, we revisit the strongly leakage resilient AKE protocol (CT-RSA'16) that aimed to resist challenge-dependent leakage on both long-term and ephemeral secret keys. We show that there is a security issue in the design of the protocol and propose an improved version that can fix the problem. In addition, we extend the protocol to a more general framework that can be efficiently instantiated under various assumptions, including hybrid instantiations that can resist key leakage attacks while preserving session key security against future quantum machines. 2019-12-01T08:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7303 info:doi/10.1007/s10623-019-00656-3 https://ink.library.smu.edu.sg/context/sis_research/article/8306/viewcontent/s10623_019_00656_3.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Authenticated key exchange Key leakage Weak randomness Databases and Information Systems Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Authenticated key exchange
Key leakage
Weak randomness
Databases and Information Systems
Information Security
spellingShingle Authenticated key exchange
Key leakage
Weak randomness
Databases and Information Systems
Information Security
YANG, Guomin
CHEN, Rongmao
MU, Yi
SUSILO, Willy
GUO Fuchun,
LI, Jie
Strongly leakage resilient authenticated key exchange, revisited
description Authenticated Key Exchange (AKE) protocols allow two (or multiple) parties to authenticate each other and agree on a common secret key, which is essential for establishing a secure communication channel over a public network. AKE protocols form a central component in many network security standards such as IPSec, TLS/SSL, and SSH. However, it has been demonstrated that many standardized AKE protocols are vulnerable to side-channel and key leakage attacks. In order to defend against such attacks, leakage resilient (LR-) AKE protocols have been proposed in the literature. Nevertheless, most of the existing LR-AKE protocols only focused on the resistance to long-term key leakage, while in reality leakage of ephemeral secret key (or randomness) can also occur due to various reasons such as the use of poor randomness sources or insecure pseudo-random number generators (PRNGs). In this paper, we revisit the strongly leakage resilient AKE protocol (CT-RSA'16) that aimed to resist challenge-dependent leakage on both long-term and ephemeral secret keys. We show that there is a security issue in the design of the protocol and propose an improved version that can fix the problem. In addition, we extend the protocol to a more general framework that can be efficiently instantiated under various assumptions, including hybrid instantiations that can resist key leakage attacks while preserving session key security against future quantum machines.
format text
author YANG, Guomin
CHEN, Rongmao
MU, Yi
SUSILO, Willy
GUO Fuchun,
LI, Jie
author_facet YANG, Guomin
CHEN, Rongmao
MU, Yi
SUSILO, Willy
GUO Fuchun,
LI, Jie
author_sort YANG, Guomin
title Strongly leakage resilient authenticated key exchange, revisited
title_short Strongly leakage resilient authenticated key exchange, revisited
title_full Strongly leakage resilient authenticated key exchange, revisited
title_fullStr Strongly leakage resilient authenticated key exchange, revisited
title_full_unstemmed Strongly leakage resilient authenticated key exchange, revisited
title_sort strongly leakage resilient authenticated key exchange, revisited
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/7303
https://ink.library.smu.edu.sg/context/sis_research/article/8306/viewcontent/s10623_019_00656_3.pdf
_version_ 1770576298874241024