109

urn:lsid:arphahub.com:pub:3dc5f44e-8666-58db-bc76-a455210e8891

JUCS - Journal of Universal Computer Science

jucs

0948-695X 0948-6968

Journal of Universal Computer Science

10.3217/jucs-014-03-0416

28955

Research Article

E.3 - DATA ENCRYPTION H.1.1 - Systems and Information Theory H.4.3 - Communications Applications

Bilateral Unknown Key-Share Attacks in Key Agreement Protocols

Chen

Liqun

liqun.chen@hp.com 1 Tang

Qiang

Hewlett-Packard Laboratories, Bristol, United Kingdom

Hewlett-Packard Laboratories

Bristol

United Kingdom 2

École Normale Supérieure, Paris, France

École Normale Supérieure

Paris

France

Corresponding author: Liqun Chen (liqun.chen@hp.com).

Academic editor:

2008

01 02 2008

14 3 416 440 6A5C9924-C622-5740-90E5-493B9EC0B2F2 7000108

Liqun Chen, Qiang Tang

This article is freely available under the J.UCS Open Content License.

Abstract

Unknown Key-Share (UKS) resilience is a basic security attribute in authenticated key agreement protocols. In this paper we revisit the definitions of this attribute and the method of proving this attribute under the Bellare-Rogaway (BR) model in the literature. We propose a new type of UKS attack, which coerces two entities A and B into sharing a key with each other but in fact A thinks that he is sharing the key with another entity C and B thinks that he is sharing the key with another entity D, where C and D might or might not be the same entity. We call this attack a Bilateral Unknown Key-Share (BUKS) attack. We demonstrate that a few well-known authenticated key agreement protocols are vulnerable to this attack. We then explore a gap between the conventional BR-type proof and a BUKS adversary's behavior, and extend the BR model to cover the BUKS resilience attribute. At the end of the paper, we provide a general countermeasure and its security proof under the extended model and the assumption that a collision-resistance function exists.