Paper 2005/265

Security Analysis of KEA Authenticated Key Exchange Protocol

Kristin Lauter and Anton Mityagin

Abstract

KEA is a Diffie-Hellman based key-exchange protocol developed by NSA which provides mutual authentication for the parties. It became publicly available in 1998 and since then it was neither attacked nor proved to be secure. We analyze the security of KEA and find that the original protocol is susceptible to a class of attacks. On the positive side, we present a simple modification of the protocol which makes KEA secure. We prove that the modified protocol, called KEA+, satisfies the strongest security requirements for authenticated key-exchange and that it retains some security even if a secret key of a party is leaked. Our security proof is in the random oracle model and uses the Gap Diffie-Hellman assumption. Finally, we show how to add a key confirmation feature to KEA+ (we call the version with key confirmation KEA+C) and discuss the security properties of KEA+C.

Metadata
Available format(s)
PDF PS
Category
Cryptographic protocols
Publication info
Published elsewhere. To appear at PKC 2006
Contact author(s)
amityagin @ cd ucsd edu
History
2006-02-17: revised
2005-08-13: received
See all versions
Short URL
https://ia.cr/2005/265
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2005/265,
      author = {Kristin Lauter and Anton Mityagin},
      title = {Security Analysis of {KEA} Authenticated Key Exchange Protocol},
      howpublished = {Cryptology {ePrint} Archive, Paper 2005/265},
      year = {2005},
      url = {https://eprint.iacr.org/2005/265}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.