Clearly, when there is no pre-existing credential infrastructure, an adversary can mount successful ``man in the middle'' attacks by modifying the communication between the legitimate endpoints. Still, we show that not all is lost, as long as the adversary's control over the communication is not complete: We present relatively efficient key exchange and secure session protocols that provide the full guarantee of secure communication as long as the adversary fails to intercept even a single message between the legitimate endpoints.
To obtain this guarantee we strengthen the notion of key exchange to require that the keys exchanged in any two sessions are independent of each other as long as each session has at least one honest endpoint, even if both sessions has an adversarial endpoint. We call this notion credential-free key exchange. We then strengthen the existing notion of secure session protocols to provide the above guarantee given a CFKE (existing definitions and constructions are insufficient for this purpose). We provide two alternative definitions and constructions of CFKE, a game-based one with a construction in the RO model, and a UC one with a construction in the CRS model.
Category / Keywords: foundations / Key Exchange, Secure sessions, Credential-free Date: received 24 Oct 2013 Contact author: kolesnikov at research bell-labs com Available format(s): PDF | BibTeX Citation Version: 20131028:200622 (All versions of this report) Short URL: ia.cr/2013/693 Discussion forum: Show discussion | Start new discussion