ASICS : authenticated key exchange security incorporating certification systems

Boyd, Colin, Cremers, Cas, Feltz, Michele, Paterson, Kenneth G., Bertram, Poettering, & Stebila, Douglas (2013) ASICS : authenticated key exchange security incorporating certification systems. Lecture Notes in Computer Science [Computer Security - ESORICS 2013: 18th European Symposium on Research in Computer Security, Egham, UK, September 9-13, 2013, Proceedings], 8134, pp. 381-399.

View at publisher


Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.

Impact and interest:

2 citations in Scopus
Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

80 since deposited on 14 Aug 2013
11 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 61829
Item Type: Journal Article
Refereed: Yes
Keywords: Authenticated key exchange (AKE),, Unknown key share (UKS) attacks, Certification authority (CA), Invalid public keys (PKI)
DOI: 10.1007/978-3-642-40203-6_22
ISSN: 0302-9743
Divisions: Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
Copyright Owner: Copyright 2013 [please consult the author]
Deposited On: 14 Aug 2013 23:41
Last Modified: 14 Apr 2014 16:31

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page