Paper 2005/114

Intrusion-Resilient Secure Channels

Gene Itkis, Robert McNerney Jr., and Scott W. Russell


We propose a new secure communication primitive called an \emph{Intrusion-Resilient Channel (IRC)} that limits the damage resulting from key exposures and facilitates recovery. We define security against passive but mobile and highly adaptive adversaries capable of exposing even expired past secrets. We describe an intuitive channel construction using (as a black box) existing public key cryptosystems. The simplicity of the construction belies the technical challenges in its security proof. Additionally, we outline a general strategy for proving enhanced security for two-party protocols when an IRC is employed to secure all communication. Specifically, given a protocol proved secure against adversaries with restricted access to protocol messages, we show how the use of an IRC allows some of these adversary restrictions to be lifted. Once again, proving the efficacy of our intuitive approach turns out to be non-trivial. We demonstrate the strategy by showing that the intrusion-resilient signature scheme of [IR02] can be made secure against adversaries that expose even expired secrets.

Note: This is the full version. The extended abstract to appear in proceedings of Applied Cryptography and Network Security 2005.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Extended abstract to appear in proceedings of Applied Cryptography and Network Security 2005
Contact author(s)
srussell @ cs bu edu
2005-04-15: received
Short URL
Creative Commons Attribution


      author = {Gene Itkis and Robert McNerney Jr. and Scott W.  Russell},
      title = {Intrusion-Resilient Secure Channels},
      howpublished = {Cryptology ePrint Archive, Paper 2005/114},
      year = {2005},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.