Paper 2002/120

Security Analysis of IKE's Signature-based Key-Exchange Protocol

Ran Canetti and Hugo Krawczyk

Abstract

We present a security analysis of the Diffie-Hellman key-exchange protocols authenticated with digital signatures used by the Internet Key Exchange (IKE) standard, and of the more comprehensive SIGMA family of key exchange protocols. The analysis is based on an adaptation of the key-exchange security model from [Canetti and Krawczyk, Eurocrypt'01] to the setting where peer identities are not necessarily known or disclosed from the start of the protocol. This is a common practical setting, which includes the case of IKE and other protocols that provide confidentiality of identities over the network. The rigorous study of this ``post-specified peer" model is a further contribution of this paper.

Metadata
Available format(s)
PS
Category
Cryptographic protocols
Publication info
Published elsewhere. Presented at Crypto'2002
Keywords
key exchangeDiffie-HellmanIKEIPSec
Contact author(s)
hugo @ ee technion ac il
History
2002-08-26: revised
2002-08-17: received
See all versions
Short URL
https://ia.cr/2002/120
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2002/120,
      author = {Ran Canetti and Hugo Krawczyk},
      title = {Security Analysis of {IKE}'s Signature-based Key-Exchange Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2002/120},
      year = {2002},
      url = {https://eprint.iacr.org/2002/120}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.