JUCS - Journal of Universal Computer Science 14(3): 416-440, doi: 10.3217/jucs-014-03-0416
Bilateral Unknown Key-Share Attacks in Key Agreement Protocols
Liqun Chen‡, Qiang Tang§‡ Hewlett-Packard Laboratories, Bristol, United Kingdom§ École Normale Supérieure, Paris, France
Corresponding author: Liqun Chen ( liqun.chen@hp.com ) Citation:
Chen L, Tang Q (2008) Bilateral Unknown Key-Share Attacks in Key Agreement Protocols. JUCS - Journal of Universal Computer Science 14(3): 416-440. https://doi.org/10.3217/jucs-014-03-0416 |  |
Abstract
Unknown Key-Share (UKS) resilience is a basic security attribute in authenticated key agreement protocols. In this paper we revisit the definitions of this attribute and the method of proving this attribute under the Bellare-Rogaway (BR) model in the literature. We propose a new type of UKS attack, which coerces two entities A and B into sharing a key with each other but in fact A thinks that he is sharing the key with another entity C and B thinks that he is sharing the key with another entity D, where C and D might or might not be the same entity. We call this attack a Bilateral Unknown Key-Share (BUKS) attack. We demonstrate that a few well-known authenticated key agreement protocols are vulnerable to this attack. We then explore a gap between the conventional BR-type proof and a BUKS adversary's behavior, and extend the BR model to cover the BUKS resilience attribute. At the end of the paper, we provide a general countermeasure and its security proof under the extended model and the assumption that a collision-resistance function exists.
Keywords
authenticated key agreement, unknown key-share resilience, bilateral unknown key-share resilience, the Bellare-Rogaway model