ASICS : authenticated key exchange security incorporating certification systems
Boyd, Colin, Cremers, Cas, Feltz, Michele, Paterson, Kenneth G., Bertram, Poettering, & Stebila, Douglas (2013) ASICS : authenticated key exchange security incorporating certification systems. Lecture Notes in Computer Science [Computer Security - ESORICS 2013: 18th European Symposium on Research in Computer Security, Egham, UK, September 9-13, 2013, Proceedings], 8134, pp. 381-399.
Most security models for authenticated key exchange (AKE) do not explicitly model the associated certification system, which includes the certification authority (CA) and its behaviour. However, there are several well-known and realistic attacks on AKE protocols which exploit various forms of malicious key registration and which therefore lie outside the scope of these models. We provide the first systematic analysis of AKE security incorporating certification systems (ASICS). We define a family of security models that, in addition to allowing different sets of standard AKE adversary queries, also permit the adversary to register arbitrary bitstrings as keys. For this model family we prove generic results that enable the design and verification of protocols that achieve security even if some keys have been produced maliciously. Our approach is applicable to a wide range of models and protocols; as a concrete illustration of its power, we apply it to the CMQV protocol in the natural strengthening of the eCK model to the ASICS setting.
Impact and interest:
Citation counts are sourced monthly from and citation databases.
These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.
Citations counts from theindexing service can be viewed at the linked Google Scholar™ search.
Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.
|Item Type:||Journal Article|
|Keywords:||Authenticated key exchange (AKE),, Unknown key share (UKS) attacks, Certification authority (CA), Invalid public keys (PKI)|
|Divisions:||Current > Schools > School of Electrical Engineering & Computer Science
Current > QUT Faculties and Divisions > Science & Engineering Faculty
|Copyright Owner:||Copyright 2013 [please consult the author]|
|Deposited On:||14 Aug 2013 23:41|
|Last Modified:||14 Apr 2014 16:31|
Repository Staff Only: item control page