ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS

K. Chalkias; F. Mpaldimtsi; D. Hristu-Varsakelis; G. Stephanides

doi:10.5220/0002125702220228

ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS

K. Chalkias, F. Mpaldimtsi, D. Hristu-Varsakelis, G. Stephanides

2007

Abstract

Key establishment protocols are among the most important security mechanisms via which two or more parties can generate a common session key to in order to encrypt their communications over an otherwise insecure network. This paper is concerned with the vulnerability of one-pass two-party key establishment protocols to key-compromise impersonation (K-CI) attacks. The latter may occur once an adversary has obtained the long-term private key of an honest party, and represents a serious — but often underestimated — threat. This is because an entity may not be aware that her computer has been compromised and her private key is exposed, and because a successful impersonation attack may result in far greater harm than the reading of past and future conversations. Our aim is to describe two main classes of K-CI attacks that can be mounted against all of the best-known one-pass protocols, including MQV and HMQV. We show that one of the attacks described can be somewhat avoided (though not completely eliminated) through the combined use of digital signatures and time-stamps; however, there still remains a class of K-CI threats for which there is no obvious solution.

Download

Paper Citation

in Harvard Style

Chalkias K., Mpaldimtsi F., Hristu-Varsakelis D. and Stephanides G. (2007). ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS . In Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007) ISBN 978-989-8111-12-8, pages 222-228. DOI: 10.5220/0002125702220228

in Bibtex Style

@conference{secrypt07,
author={K. Chalkias and F. Mpaldimtsi and D. Hristu-Varsakelis and G. Stephanides},
title={ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS},
booktitle={Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)},
year={2007},
pages={222-228},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002125702220228},
isbn={978-989-8111-12-8},
}

in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2007)
TI - ON THE KEY-COMPROMISE IMPERSONATION VULNERABILITY OF ONE-PASS KEY ESTABLISHMENT PROTOCOLS
SN - 978-989-8111-12-8
AU - Chalkias K.
AU - Mpaldimtsi F.
AU - Hristu-Varsakelis D.
AU - Stephanides G.
PY - 2007
SP - 222
EP - 228
DO - 10.5220/0002125702220228