Paper 2014/369

On the Limits of Authenticated Key Exchange Security with an Application to Bad Randomness

Michèle Feltz and Cas Cremers

Abstract

State-of-the-art authenticated key exchange (AKE) protocols are proven secure in game-based security models. These models have considerably evolved in strength from the original Bellare-Rogaway model. However, so far only informal impossibility results, which suggest that no protocol can be secure against stronger adversaries, have been sketched. At the same time, there are many different security models being used, all of which aim to model the strongest possible adversary. In this paper we provide the first systematic analysis of the limits of game-based security models. Our analysis reveals that different security goals can be achieved in different relevant classes of AKE protocols. From our formal impossibility results, we derive strong security models for these protocol classes and give protocols that are secure in them. In particular, we analyse the security of AKE protocols in the presence of adversaries who can perform attacks based on chosen randomness, in which the adversary controls the randomness used in protocol sessions. Protocols that do not modify memory shared among sessions, which we call stateless protocols, are insecure against chosen-randomness attacks. We propose novel stateful protocols that provide resilience even against this worst case randomness failure, thereby weakening the security assumptions required on the random number generator.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
authenticated key exchange (AKE)security modelsimpossibility resultsstateless protocolsstateful protocolsbad randomnesschosen-randomness
Contact author(s)
mmc feltz @ gmail com
History
2014-05-27: received
Short URL
https://ia.cr/2014/369
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/369,
      author = {Michèle Feltz and Cas Cremers},
      title = {On the Limits of Authenticated Key Exchange Security with an Application to Bad Randomness},
      howpublished = {Cryptology {ePrint} Archive, Paper 2014/369},
      year = {2014},
      url = {https://eprint.iacr.org/2014/369}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.