Paper 2007/191

Deniable Internet Key-Exchange

Andrew C. C. Yao, Frances F. Yao, Yunlei Zhao, and Bin Zhu

Abstract

In this work, we develop a family of protocols for deniable Internet Key-Exchange (IKE) with the following properties: 1. item Highly practical efficiency, and conceptual simplicity and clarity. 2. Forward and concurrent (non-malleable) deniability against adversaries with arbitrary auxiliary inputs, and better privacy protection of players' roles. 3. Provable security in the Canetti-Krawczyk post-specified-peer model, and maintenance of essential security properties not captured by the Canetti-Krawczyk security model. 4. Compatibility with the widely deployed and standardized SIGMA (i.e., the basis of IKEv2) and (H)MQV protocols, when parties possess DL public-keys. Our protocols could potentially serve, in part, as either the underlying basis or a useful alternative for the next generation of IKE (i.e., IKEv3) of IPsec (in particular, when deniability is desired). In view of the wide deployment and use of IKE and increasing awareness of privacy protection (especially for E-commerce over Internet), this work is naturally of practical interest.

Note: This work was ever given by Yunlei Zhao as a internal technical report during visiting prof. Andrew Yao and prof. Xiaoyun Wang at Tsinghua university in March 2006. This work can be traced back to an internal technical report at Fudan university, July 2005. ============================== Update records: 4 June 2007: ``the general weakness on SW-KE" is added; 14-15 June 2007: more detailed clarifications on SW-KE are added (including ``on provable concurrent security", ``effective reflection attacks", ``explicitly checking non-one of Y", ``on key-confirmation", etc), in a devoted effort to provide clarifications on questions from prof. Stinson and Wu; 21 June, 2007: some additional clarificationsare on our deniable IKE added, including in particular the note on the multiple roles of NMZK_(B, y), the note on privacy protection of players' roles, the note on resistancethat against UKS attacks even with long-term secret-key compromise.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Rump session presentation at Eurocrypt 2007
Contact author(s)
ylzhao @ fudan edu cn
History
2007-06-22: last of 7 revisions
2007-05-23: received
See all versions
Short URL
https://ia.cr/2007/191
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/191,
      author = {Andrew C.  C.  Yao and Frances F.  Yao and Yunlei Zhao and Bin Zhu},
      title = {Deniable Internet Key-Exchange},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/191},
      year = {2007},
      url = {https://eprint.iacr.org/2007/191}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.