Author | Conference | Journal | Organization | Year | DOI
Look for results that meet for the following criteria:
Academic
Publications
Reusing Static Keys in Key Agreement Protocols
Edit
Reusing Static Keys in Key Agreement Protocols   (Citations: 3)
BibTex | RIS | RefWorks Download
Contrary to conventional cryptographic wisdom, the NIST SP 800-56A standard ex- plicitly allows the use of a static key pair in more than one of the key establishment protocols described in the standard. In this paper, we give examples of key establishment protocols that are individually secure, but which are insecure when static key pairs are reused in two of the protocols. We also propose an enhancement of the extended Canetti-Krawczyk security model and definition for the situation where static public keys are reused in two or more key agreement protocols.
Conference: International Conference on Cryptology - INDOCRYPT , pp. 39-56, 2009
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
More »
    • ...Recent work studied the effect of reusing static key pairs among different key agreement protocols [4]...
    • ...Note that such reuse is explicitly allowed by the NIST standard [12], but can lead to a Combined Security Analysis of the One- and Three-Pass UM 59 security vulnerability [4]...
    • ...In fact, this is precisely the attack scenario that was considered in [4]...
    • ...To circumvent the protocol interference attack of [4] on one- and three-pass UM in the combined model, one-pass UM (see §3.2) is modified by including the protocol identifier UM1 (in addition to the ephemeral public key X )i n the optional input Λ to the key derivation function...

    Sanjit Chatterjeeet al. Combined Security Analysis of the One and Three-Pass Unified Model Key...

    • ...This is a little surprising since the KAS1 and KAS2 protocols have noticeably different security attributes and, as observed in [6], interference attacks on the runs of two protocols can render one of the protocols insecure...

    Sanjit Chatterjeeet al. A Generic Variant of NIST’s KAS2 Key Agreement Protocol

    • ...Even if static keys are shared only among key agreement protocols, security is not necessarily guaranteed as exposed in [6]...
    • ...Recently, Chatterjee, Menezes, and Ustao˘ glu [6] showed that Bob’s static information use influences security of session keys at Alice should Alice and Bob engage in sessions...
    • ...In our proposal, we explicitly consider four protocol types: between parties that use ID-based algorithms, parties that use certificates, and the mixture of the two. 2 As said, [6] dem-...
    • ...Remark The model is extension of the combined model presented in [6], which in turn is based on the model presented in [17]...

    Berkant Ustaoğlu. Integrating identity-based and certificate-based authenticated key exc...

Order by:

Citations (3)

Share this on | Contribute to Academic