Mathematics / Matematik
Permanent URI for this collectionhttps://hdl.handle.net/11147/8
Browse
4 results
Search Results
Conference Object Citation - WoS: 34On the Importance of Public-Key Validation in the Mqv and Hmqv Key Agreement Protocols(Springer Verlag, 2006) Menezes, Alfred; Ustaoğlu, BerkantHMQV is a hashed variant of the MQV key agreement protocol proposed by Krawczyk at CRYPTO 2005. In this paper, we present some attacks on HMQV and MQV that are successful if public keys are not properly validated. In particular, we present an attack on the two-pass HMQV protocol that does not require knowledge of the victim's ephemeral private keys. The attacks illustrate the importance of performing some form of public-key validation in Diffie-Hellman key agreement protocols, and furthermore highlight the dangers of relying on security proofs for discrete-logarithm protocols where a concrete representation for the underlying group is not specified.Conference Object Citation - WoS: 4Reusing Static Keys in Key Agreement Protocols(Springer Verlag, 2009) Chatterjee, Sanjit; Menezes, Alfred; Ustaoğlu, BerkantContrary to conventional cryptographic wisdom, the NIST SP 800-56A standard explicitly allows the use of a static key pair in more than one of the key establishment protocols described in the standard. In this paper, we give examples of key establishment protocols that are individually secure, but which are insecure when static key pairs are reused in two of the protocols. We also propose an enhancement of the extended Canetti-Krawczyk security model and definition for the situation where static public keys are reused in two or more key agreement protocols. © 2009 Springer-Verlag.Conference Object Security Arguments for the Um Key Agreement Protocol in the Nist Sp 800-56a Standard(Association for Computing Machinery (ACM), 2008) Menezes, Alfred; Ustaoğlu, BerkantThe Unified Model (UM) key agreement protocol is an efficient Diffie-Hellman scheme that has been included in many cryptographic standards, most recently in the NIST SP 800-56A standard. The UM protocol is believed to possess all important security attributes including key authentication and secrecy, resistance to unknown key-share attacks, forward secrecy, resistance to known-session key attacks, and resistance to leakage of ephemeral private keys, but is known to succumb to key-compromise impersonation attacks. In this paper we present a strengthening of the Canetti-Krawczyk security definition for key agreement that captures resistance to all important attacks that have been identified in the literature with the exception of key-compromise impersonation attacks. We then present a reductionist security proof that the UM protocol satisfies this new definition in the random oracle model under the Gap Diffie-Hellman assumption. Copyright 2008 ACM.Conference Object Citation - WoS: 19Comparing the Pre- and Post-Specified Peer Models for Key Agreement(Springer Verlag, 2008) Menezes, Alfred; Ustaoğlu, BerkantIn the pre-specified peer model for key agreement, it is assumed that a party knows the identifier of its intended communicating peer when it commences a protocol run. On the other hand, a party in the post-specified peer model for key agreement does not know the identifier of its communicating peer at the outset, but learns the identifier during the protocol run. In this paper we compare the security assurances provided by the Canetti-Krawczyk security definitions for key agreement in the pre- and post-specified peer models. We give examples of protocols that are secure in one model but insecure in the other. We also enhance the Canetti-Krawczyk security models and definitions to encompass a class of protocols that are executable and secure in both the pre- and post-specified peer models. © 2008 Springer-Verlag Berlin Heidelberg.