Modeling key compromise impersonation attacks on group key exchange protocols
Gorantla, Choudary, Boyd, Colin, & Gonzalez Nieto, Juan Manuel (2009) Modeling key compromise impersonation attacks on group key exchange protocols. In Public Key Cryptography 2009, March 18-20, 2009, Irvine, CA, USA.
|Submitted Version (PDF 231kB) |
Administrators only | Request a copy from author
A key exchange protocol allows a set of parties to agree upon a secret session key over a public network. Two-party key exchange (2PKE) protocols have been rigorously analyzed under various models considering different adversarial actions. However, the analysis of group key exchange (GKE) protocols has not been as extensive as that of 2PKE protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for the case of GKE protocols. We first model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure even against outsider KCI attacks. The attacks on these protocols demonstrate the necessity of considering KCI resilience for GKE protocols. Finally, we give a new proof of security for an existing GKE protocol under the revised model assuming random oracles.
Impact and interest:
Citation countsare sourced monthly fromand citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
|Item Type:||Conference Paper|
|Keywords:||cryptographic protocols, Group Key Exchange, Key Compromise Impersonation, Insider Attacks|
|Subjects:||Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > DATA FORMAT (080400) > Data Encryption (080402)|
Australian and New Zealand Standard Research Classification > INFORMATION AND COMPUTING SCIENCES (080000) > COMPUTER SOFTWARE (080300) > Computer System Security (080303)
|Divisions:||Past > QUT Faculties & Divisions > Faculty of Science and Technology|
Past > Institutes > Information Security Institute
|Copyright Owner:||Copyright 2009 Springer.|
|Deposited On:||06 Jul 2009 15:00|
|Last Modified:||29 Feb 2012 23:55|
Repository Staff Only: item control page