Paper 2007/209

Bilateral Unknown Key-Share Attacks in Key Agreement Protocols

Liqun Chen and Qiang Tang

Abstract

Unknown Key-Share (UKS) resilience is a basic security attribute in authenticated key agreement protocols, whereby two entities A and B should not be able to be coerced into sharing a key between them when in fact either A or B thinks that s/he is sharing the key with another entity C. In this paper we revisit some definitions of this attribute, the existing UKS attacks and the method of proving this attribute in the Bellare-Rogaway (BR) model in the literature. We propose a new UKS attack, which coerces two entities A and B into sharing a key with each other but in fact A thinks that she is sharing the key with another entity C and B thinks that he is sharing the key with another entity D, where C and D might or might not be the same entity. We call this attack a Bilateral Unknown Key-Share(BUKS) attack and refer to the existing UKS attacks, which are against one entity only, as a Unilateral UKS (UUKS) attack. We demonstrate that a few well-known authenticated key agreement protocols, some of which have been proved holding the UUKS resilience property, are vulnerable to the BUKS attack. We then explore a gap between the traditional BR-type proof of UUKS resilience and a BUKS adversary's behaviour, and extend the BR model to cover the BUKS resilience attribute. Finally we provide a simple countermeasure to prevent a key agreement protocol from BUKS attacks.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
authenticated key agreementbilateral unknown key-share resilience
Contact author(s)
liqun chen @ hp com
History
2007-06-05: received
Short URL
https://ia.cr/2007/209
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2007/209,
      author = {Liqun Chen and Qiang Tang},
      title = {Bilateral Unknown Key-Share Attacks in Key Agreement Protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2007/209},
      year = {2007},
      note = {\url{https://eprint.iacr.org/2007/209}},
      url = {https://eprint.iacr.org/2007/209}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.