Cryptology ePrint Archive: Report 2005/265
Security Analysis of KEA Authenticated Key Exchange Protocol
Kristin Lauter and Anton Mityagin
Abstract: KEA is a Diffie-Hellman based key-exchange protocol
developed by NSA which provides mutual authentication for the
parties. It became publicly available in 1998 and since then it was
neither attacked nor proved to be secure. We analyze the security of
KEA and find that the original protocol is susceptible to a class of
attacks. On the positive side, we present a simple modification of
the protocol which makes KEA secure. We prove that the modified
protocol, called KEA+, satisfies the strongest security requirements
for authenticated key-exchange and that it retains some security
even if a secret key of a party is leaked. Our security proof is in
the random oracle model and uses the Gap Diffie-Hellman assumption.
Finally, we show how to add a key confirmation feature to KEA+ (we
call the version with key confirmation KEA+C) and discuss the
security properties of KEA+C.
Category / Keywords: cryptographic protocols /
Publication Info: To appear at PKC 2006
Date: received 12 Aug 2005, last revised 16 Feb 2006
Contact author: amityagin at cd ucsd edu
Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation
Version: 20060217:002157 (All versions of this report)
Short URL: ia.cr/2005/265
[ Cryptology ePrint archive ]