Authenticated key exchange under bad randomness

Guomin Yang; Shanshan Duan; Duncan S. Wong; Chik How Tan; Huaxiong Wang

doi:10.1007/978-3-642-27576-0_10

Authenticated key exchange under bad randomness

Guomin Yang^*, Shanshan Duan, Duncan S. Wong, Chik How Tan, Huaxiong Wang

^*Corresponding author for this work

Department of Computing

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

8 Citations (Scopus)

Abstract

We initiate the formal study on authenticated key exchange (AKE) under bad randomness. This could happen when (1) an adversary compromises the randomness source and hence directly controls the randomness of each AKE session; and (2) the randomness repeats in different AKE sessions due to reset attacks. We construct two formal security models, Reset-1 and Reset-2, to capture these two bad randomness situations respectively, and investigate the security of some widely used AKE protocols in these models by showing that they become insecure when the adversary is able to manipulate the randomness. On the positive side, we propose simple but generic methods to make AKE protocols secure in Reset-1 and Reset-2 models. The methods work in a modular way: first, we strengthen a widely used AKE protocol to achieve Reset-2 security, then we show how to transform any Reset-2 secure AKE protocol to a new one which also satisfies Reset-1 security.

Original language	English
Title of host publication	Financial Cryptography and Data Security
Subtitle of host publication	15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers
Editors	George Danezis
Place of Publication	Berlin
Publisher	Springer, Springer Nature
Pages	113-126
Number of pages	14
ISBN (Electronic)	9783642275760
ISBN (Print)	9783642275753
DOIs	https://doi.org/10.1007/978-3-642-27576-0_10
Publication status	Published - 2012
Event	15th International Conference on Financial Cryptography and Data Security, FC 2011 - Gros Islet, Saint Lucia Duration: 28 Feb 2011 → 4 Mar 2011

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	7035 LNCS
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Other

Other	15th International Conference on Financial Cryptography and Data Security, FC 2011
Country	Saint Lucia
City	Gros Islet
Period	28/02/11 → 4/03/11

Keywords

Authenticated Key Exchange
Bad Randomness
Resettable Cryptography

Access to Document

10.1007/978-3-642-27576-0_10

Link to publication in Scopus

Fingerprint Dive into the research topics of 'Authenticated key exchange under bad randomness'. Together they form a unique fingerprint.

Cite this

Yang, G., Duan, S., Wong, D. S., Tan, C. H., & Wang, H. (2012). Authenticated key exchange under bad randomness. In G. Danezis (Ed.), Financial Cryptography and Data Security: 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers (pp. 113-126). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7035 LNCS). Springer, Springer Nature. https://doi.org/10.1007/978-3-642-27576-0_10

Yang, Guomin ; Duan, Shanshan ; Wong, Duncan S. ; Tan, Chik How ; Wang, Huaxiong. / Authenticated key exchange under bad randomness. Financial Cryptography and Data Security: 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers. editor / George Danezis. Berlin : Springer, Springer Nature, 2012. pp. 113-126 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inbook{767c7a0f4a0a4badbae1b971544f333a,

title = "Authenticated key exchange under bad randomness",

abstract = "We initiate the formal study on authenticated key exchange (AKE) under bad randomness. This could happen when (1) an adversary compromises the randomness source and hence directly controls the randomness of each AKE session; and (2) the randomness repeats in different AKE sessions due to reset attacks. We construct two formal security models, Reset-1 and Reset-2, to capture these two bad randomness situations respectively, and investigate the security of some widely used AKE protocols in these models by showing that they become insecure when the adversary is able to manipulate the randomness. On the positive side, we propose simple but generic methods to make AKE protocols secure in Reset-1 and Reset-2 models. The methods work in a modular way: first, we strengthen a widely used AKE protocol to achieve Reset-2 security, then we show how to transform any Reset-2 secure AKE protocol to a new one which also satisfies Reset-1 security.",

keywords = "Authenticated Key Exchange, Bad Randomness, Resettable Cryptography",

author = "Guomin Yang and Shanshan Duan and Wong, {Duncan S.} and Tan, {Chik How} and Huaxiong Wang",

year = "2012",

doi = "10.1007/978-3-642-27576-0_10",

language = "English",

isbn = "9783642275753",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer, Springer Nature",

pages = "113--126",

editor = "George Danezis",

booktitle = "Financial Cryptography and Data Security",

address = "United States",

note = "15th International Conference on Financial Cryptography and Data Security, FC 2011 ; Conference date: 28-02-2011 Through 04-03-2011",

}

Yang, G, Duan, S, Wong, DS, Tan, CH & Wang, H 2012, Authenticated key exchange under bad randomness. in G Danezis (ed.), Financial Cryptography and Data Security: 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 7035 LNCS, Springer, Springer Nature, Berlin, pp. 113-126, 15th International Conference on Financial Cryptography and Data Security, FC 2011, Gros Islet, Saint Lucia, 28/02/11. https://doi.org/10.1007/978-3-642-27576-0_10

Authenticated key exchange under bad randomness. / Yang, Guomin; Duan, Shanshan; Wong, Duncan S.; Tan, Chik How; Wang, Huaxiong.

Financial Cryptography and Data Security: 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers. ed. / George Danezis. Berlin : Springer, Springer Nature, 2012. p. 113-126 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 7035 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Authenticated key exchange under bad randomness

AU - Yang, Guomin

AU - Duan, Shanshan

AU - Wong, Duncan S.

AU - Tan, Chik How

AU - Wang, Huaxiong

PY - 2012

Y1 - 2012

N2 - We initiate the formal study on authenticated key exchange (AKE) under bad randomness. This could happen when (1) an adversary compromises the randomness source and hence directly controls the randomness of each AKE session; and (2) the randomness repeats in different AKE sessions due to reset attacks. We construct two formal security models, Reset-1 and Reset-2, to capture these two bad randomness situations respectively, and investigate the security of some widely used AKE protocols in these models by showing that they become insecure when the adversary is able to manipulate the randomness. On the positive side, we propose simple but generic methods to make AKE protocols secure in Reset-1 and Reset-2 models. The methods work in a modular way: first, we strengthen a widely used AKE protocol to achieve Reset-2 security, then we show how to transform any Reset-2 secure AKE protocol to a new one which also satisfies Reset-1 security.

AB - We initiate the formal study on authenticated key exchange (AKE) under bad randomness. This could happen when (1) an adversary compromises the randomness source and hence directly controls the randomness of each AKE session; and (2) the randomness repeats in different AKE sessions due to reset attacks. We construct two formal security models, Reset-1 and Reset-2, to capture these two bad randomness situations respectively, and investigate the security of some widely used AKE protocols in these models by showing that they become insecure when the adversary is able to manipulate the randomness. On the positive side, we propose simple but generic methods to make AKE protocols secure in Reset-1 and Reset-2 models. The methods work in a modular way: first, we strengthen a widely used AKE protocol to achieve Reset-2 security, then we show how to transform any Reset-2 secure AKE protocol to a new one which also satisfies Reset-1 security.

KW - Authenticated Key Exchange

KW - Bad Randomness

KW - Resettable Cryptography

UR - http://www.scopus.com/inward/record.url?scp=84863141981&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-27576-0_10

DO - 10.1007/978-3-642-27576-0_10

M3 - Chapter

AN - SCOPUS:84863141981

SN - 9783642275753

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 113

EP - 126

BT - Financial Cryptography and Data Security

A2 - Danezis, George

PB - Springer, Springer Nature

CY - Berlin

T2 - 15th International Conference on Financial Cryptography and Data Security, FC 2011

Y2 - 28 February 2011 through 4 March 2011

ER -

Yang G, Duan S, Wong DS, Tan CH, Wang H. Authenticated key exchange under bad randomness. In Danezis G, editor, Financial Cryptography and Data Security: 15th International Conference, FC 2011, Gros Islet, St. Lucia, February 28 - March 4, 2011, Revised Selected Papers. Berlin: Springer, Springer Nature. 2012. p. 113-126. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-642-27576-0_10