Access the full text.
Sign up today, get DeepDyve free for 14 days.
Loading next page...
/lp/springer_journal/strengthening-the-security-of-authenticated-key-exchange-against-bad-VQjXGYhTfw
References (31)
-
M. Bellare, P. Rogaway (1993)
Entity Authentication and Key Distribution -
Michèle Feltz, C. Cremers (2014)
On the Limits of Authenticated Key Exchange Security with an Application to Bad RandomnessIACR Cryptol. ePrint Arch., 2014
-
C. Brzuska, M. Fischlin, B. Warinschi, S. Williams (2011)
Composability of bellare-rogaway key exchange protocols -
S. Kamara, Jonathan Katz (2008)
How to Encrypt with a Malicious Random Number Generator -
T. Pornin (2013)
Deterministic Usage of the Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA)RFC, 6979
-
test-session(s): If s = s * or if s is not the origin-session for session s * , then S aborts -
B. Schneier, Matt Fredrikson, Tadayoshi Kohno, T. Ristenpart (2015)
Surreptitiously Weakening Cryptographic SystemsIACR Cryptol. ePrint Arch., 2015
-
A. Lenstra, James Hughes, Maxime Augier, Joppe Bos, T. Kleinjung, Christophe Wachter (2012)
Public Keys -
T. Ristenpart, Scott Yilek (2010)
When Good Randomness Goes Bad: Virtual Machine Reset Vulnerabilities and Hedging Deployed Cryptography -
M. Bellare, D. Pointcheval, P. Rogaway (2000)
Authenticated Key Exchange Secure against Dictionary AttacksIACR Cryptol. ePrint Arch., 2000
-
R. Canetti, H. Krawczyk (2001)
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels -
D. Bernstein, T. Lange, R. Niederhagen (2015)
Dual EC: A Standardized Back DoorIACR Cryptol. ePrint Arch., 2015
-
M. Bellare, P. Rogaway (1995)
Provably secure session key distribution: the three party case -
N. Koblitz, A. Menezes (2015)
The random oracle model: a twenty-year retrospectiveDesigns, Codes and Cryptography, 77
-
C. Cremers, Michèle Feltz (2012)
Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key revealDesigns, Codes and Cryptography, 74
-
Scott Yilek (2010)
Resettable Public-Key Encryption: How to Encrypt on a Virtual Machine -
(2013)
able to foil basic safeguards of privacy on web -
H. Krawczyk (2005)
HMQV: A High-Performance Secure Diffie-Hellman Protocol -
Brian LaMacchia, K. Lauter, Anton Mityagin (2006)
Stronger Security of Authenticated Key ExchangeIACR Cryptol. ePrint Arch., 2006
-
C. Boyd, C. Cremers, Michèle Feltz, K. Paterson, Bertram Poettering, D. Stebila (2013)
ASICS: authenticated key exchange security incorporating certification systemsInternational Journal of Information Security, 16
-
returns it to M and stores the entry σ 1 , σ 2 , σ 3 ,P i ,P j -
Kim-Kwang Choo, C. Boyd, Yvonne Hitchcock (2005)
Examining Indistinguishability-Based Proof Models for Key Establishment Protocols -
randomness(s): If s status = ⊥, then S returns ⊥. Otherwise, S returns s rand . 8. session-key(s): If s status = accepted -
T. Okamoto, D. Pointcheval (2001)
The Gap-Problems: A New Class of Problems for the Security of Cryptographic Schemes -
(2013)
Google admits an Android crypto PRNG flaw led to Bitcoin heist -
Guomin Yang, Shanshan Duan, D. Wong, C. Tan, Huaxiong Wang (2011)
Authenticated Key Exchange under Bad RandomnessIACR Cryptol. ePrint Arch., 2011
-
S. Blake-Wilson, D. Johnson, A. Menezes (1997)
Key Agreement Protocols and Their Security Analysis -
M. Bellare, Björn Tackmann (2016)
Nonce-Based Cryptography: Retaining Security When Randomness FailsIACR Cryptol. ePrint Arch., 2016
-
M. Bellare, Zvika Brakerski, M. Naor, T. Ristenpart, G. Segev, H. Shacham, Scott Yilek (2009)
Hedged Public-Key Encryption: How to Protect against Bad RandomnessIACR Cryptol. ePrint Arch., 2012
-
Berkant Ustaoglu (2008)
Obtaining a secure and efficient key agreement protocol from (H)MQV and NAXOSDesigns, Codes and Cryptography, 46
-
If r = l s * and h = sk or if r = l s and h = skB , then S aborts. Otherwise S simulates a random oracle as in the simulation relative to event DL ∧ K
- Publisher
- Springer Journals
- Copyright
- Copyright © 2017 by Springer Science+Business Media New York
- Subject
- Mathematics; Combinatorics; Coding and Information Theory; Data Structures, Cryptology and Information Theory; Data Encryption; Discrete Mathematics in Computer Science; Information and Communication, Circuits
- ISSN
- 0925-1022
- eISSN
- 1573-7586
- DOI
- 10.1007/s10623-017-0337-5
- Publisher site
- See Article on Publisher Site
Abstract
Recent history has revealed that many random number generators (RNGs) used in cryptographic algorithms and protocols were not providing appropriate randomness, either by accident or on purpose. Subsequently, researchers have proposed new algorithms and protocols that are less dependent on the RNG. One exception is that all prominent authenticated key exchange (AKE) protocols are insecure given bad randomness, even when using good long-term keying material. We analyse the security of AKE protocols in the presence of adversaries that can perform attacks based on chosen randomness, i.e., attacks in which the adversary controls the randomness used in protocol sessions. We propose novel stateful protocols, which modify memory shared among a user’s sessions, and show in what sense they are secure against this worst case randomness failure. We develop a stronger security notion for AKE protocols that captures the security that we can achieve under such failures, and prove that our main protocol is correct in this model. Our protocols make substantially weaker assumptions on the RNG than existing protocols.
Journal
Designs, Codes and Cryptography – Springer Journals
Published: Feb 13, 2017