Paper 2016/1081

Attacks to a proxy-mediated key agreement protocol based on symmetric encryption

David Nuñez, Isaac Agudo, and Javier Lopez


In this paper, we describe several attacks to the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term weak secrets as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the corresponding secret keys. In our work, we show how access to weak secrets can break forward security and lead to key compromise impersonation attacks. Moreover, we demonstrate that this problem cannot be solved even if the affected user revokes his previous secret key and updates it to a new one. In addition, we explain how the choice of a keyed hash as part of the protocol makes it potentially vulnerable to length-extension attacks, depending on the choice of hash function. We illustrate this latter problem experimentally. Finally, we show how a combination of these exploits can be used to set up elaborate attack scenarios.

Available format(s)
Cryptographic protocols
Publication info
Preprint. MINOR revision.
key agreementproxy re-encryption
Contact author(s)
dnunez @ lcc uma es
2016-11-21: received
Short URL
Creative Commons Attribution


      author = {David Nuñez and Isaac Agudo and Javier Lopez},
      title = {Attacks to a proxy-mediated key agreement protocol based on symmetric encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1081},
      year = {2016},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.