Cryptology ePrint Archive: Report 2014/241

A New Way to Prevent UKS Attacks Using Trusted Computing

Qianying Zhang and Shijun Zhao and Dengguo Feng

Abstract: UKS (unknown key-share) attacks are common attacks on Authenticated Key Exchange (AKE) protocols. We summarize two popular countermeasures against UKS attacks on implicitly authenticated key exchange protocols. The first one forces the CA to check the possession of private keys during registration, which is impractical for the CA. The second one adds identities in the derivation of the session key, which requires modifying the protocol which might have already been deployed in practice. By leveraging the key protection capability of hardware security chips such as TPM or TCM, we propose a new way to prevent UKS attacks that requires no check of possession of private keys and no addition of identities during the derivation of the session key. We modify the CK model to adapt protocols using hardware security chips. We then implement the KEA protocol once used in NSA, which is subject to UKS attacks, using TCM chips. Our implementation, called tKEA, is secure under our security model. To show the generality, we demonstrate that our new way can prevent UKS attacks on the MQV protocol.

Category / Keywords: UKS attacks, Authenticated Key Exchange, Trusted Computing, KEA, CK model

Date: received 5 Apr 2014, last revised 18 Apr 2014

Contact author: zqyzsj at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20140418:065741 (All versions of this report)

Short URL: ia.cr/2014/241

Discussion forum: Show discussion | Start new discussion