One-round Key Exchange Research Articles

Private and Mutual Authentication Protocols for Internet of Things

The Internet of Things (IoT) consists of a range of devices that communicate with other devices that are surrounding them. Secure communications between IoT devices have been an essential requirement. However, most existing authentication protocols fail to provide privacy protection for devices such that sensitive information including device owner’s identity and device type can be leaked. In this paper, based on attribute-based encryption (ABE), we propose two private and mutual authentication protocols to protect the privacy of IoT devices. The first protocol is a three-message key exchange protocol, following the public-key encryption mode of the Internet Key Exchange (IKE). The second protocol is a one-round key exchange protocol, thereby providing simplicity and efficiency of messages communicated between the participants. Both of our protocols can be proved secure in the defined model. Finally, we implement the two protocols in an open source framework.

CLORKE-SFS: Certificateless one-round key exchange protocol with strong forward security in limited communication scenarios

Certificateless one-round key exchange (CL-ORKE) protocols enable each participant to share a common key with only one round of communication which greatly saves communication cost. CL-ORKE protocols can be applied to scenarios with limited communication, such as space communication. Although CL-ORKE protocols have been researched for years, lots of them only consider what secrets can be compromised but ignore the time when the secrets have been corrupted. In CL-ORKE protocols, the reveal of the long-term key attacks can be divided into two different attacks according to the time of the long-term key revealed: the attack to weak Forward Security (wFS) and the attack to strong Forward Security (sFS). Many CLKE protocols did not take into account the sFS property or considered sFS as wFS. In this paper, we first propose a new security model for CL-ORKE protocols which considers the sFS property as well as the Ephemeral Key Reveal attack. Then, we give a CL-ORKE protocol which is called CLORKE-SFS. CLORKE-SFS is provably secure under the proposed model provided the Elliptic Curve Computational Diffie-Hellman (ECCDH) and the Bilinear Computational Diffie-Hellman problem (BCDH) assumption hold. The security model and the protocol may give inspiration for constructing one-round key exchange protocols with perfect forward security in certificateless scenarios.

Cryptanalysis of a generic one‐round key exchange protocol with strong security

In Public-Key Cryptography (PKC) 2015, Bergsma et al. introduced an interesting one-round key exchange protocol (which will be referred to as BJS scheme) with strong security in particular for perfect forward secrecy (PFS). In this study, the authors unveil a PFS attack against the BJS scheme. This would simply invalidate its security proof. An improvement is proposed to fix the problem of the BJS scheme with minimum changes.

New constructions for (multiparty) one-round key exchange with strong security

New constructions for (multiparty) one-round key exchange with strong security

One-Round Attribute-Based Key Exchange in the Multi-Party Setting

Attribute-based authenticated key exchange (AB-AKE) is a useful primitive that allows a group of users to establish a shared secret key and at the same time enables fine-grained access control. A straightforward approach to design an AB-AKE protocol is to extend a key exchange protocol using an attribute-based authentication technique. However, insider security is a challenge security issue for AB-AKE in the multi-party setting and cannot be solved using the straightforward approach. In addtion, many existing key exchange protocols for the multi-party setting (e.g., the well-known Burmester-Desmedt protocol) require multiple broadcast rounds to complete the protocol. In this paper, we propose a novel one-round attribute-based key exchange (OAKE) protocol in the multi-party setting. We define the formal security models, including session key security, insider security and user privacy, for OAKE, and prove the security of the proposed protocol under some standard assumptions in the random oracle model.

SignORKE: improving pairing‐based one‐round key exchange without random oracles

The study presents a new efficient way to construct the one-round key exchange (ORKE) without random oracles based on standard hard complexity assumptions. The authors propose a (PKI-based) ORKE protocol which is more computational efficient than existing pairing-based ORKE protocols without random oracles in the post-specified peer setting. The core idea of this construction is to integrate the consistency check of the ephemeral public key and the verification of the signature into the session key generation. This enables us to roughly save two pairing operations. The authors just call this kind of scheme that is deeply composed by signature and one-round key exchange as SignORKE. The authors’ protocol is shown to be secure in a variant of the Canetti–Krawczyk security model which covers the majority of state-of-the-art active attacks.

Simpler Generic Constructions for Strongly Secure One-round Key Exchange from Weaker Assumptions

Simpler Generic Constructions for Strongly Secure One-round Key Exchange from Weaker Assumptions

One-round Secure Key Exchange Protocol With Strong Forward Secrecy

Security models for key exchange protocols have been researched for years, however, lots of them only focus on what secret can be compromised but they do not differentiate the timing of secrets compromise, such as the extended Canetti-Krawczyk (eCK) model. In this paper, we propose a new security model for key exchange protocols which can not only consider what keys can be compromised as well as when they are compromised. The proposed security model is important to the security proof of the key exchange protocols with forward secrecy (either weak forward secrecy (wFS) or strong forward secrecy (sFS)). In addition, a new kind of key compromise impersonation (KCI) attacks which is called strong key compromise impersonation (sKCI) attack is proposed. Finally, we provide a new one-round key exchange protocol called mOT+ based on mOT protocol. The security of the mOT+ is given in the new model. It can provide the properties of sKCI-resilience and sFS and it is secure even if the ephemeral key reveal query is considered.

Beyond eCK: perfect forward secrecy under actor compromise and ephemeral-key reveal

We show that it is possible to achieve perfect forward secrecy (PFS) in two-message or one-round key exchange (KE) protocols even in the presence of very strong active adversaries that can reveal random values of sessions and compromise long-term secret keys of parties. We provide two new game-based security models for KE protocols with increasing security guarantees, namely, eCK\(^{w}\) and eCK-PFS. The eCK\(^{w}\) model is a slightly stronger variant of the extended Canetti–Krawczyk (eCK) security model. The eCK-PFS model captures PFS in the presence of eCK\(^{w}\) adversaries. We propose a security-strengthening transformation (i. e., a compiler) from eCK\(^{w}\) to eCK-PFS that can be applied to protocols that only achieve security in a weaker model than eCK\(^{w}\), which we call eCK\(^{\text {passive}}\). We show that, given a two-message Diffie–Hellman type protocol secure in eCK\(^{\text {passive}}\), our transformation yields a two-message protocol that is secure in eCK-PFS. We demonstrate how our transformation can be applied to concrete KE protocols. In particular, our methodology allows us to prove the security of the first known one-round protocol that achieves PFS under actor compromise and ephemeral-key reveal.

One-round key exchange in the standard model

We consider one-round key exchange protocols secure in the standard model. The security analysis uses the powerful security model of Canetti and Krawczyk and a natural extension of it to the ID-based setting. It is shown how Key-Encapsulation Mechanisms (KEMs) can be used in a generic way to obtain two different protocol designs with progressively stronger security guarantees. A detailed analysis of the performance of the protocols is included; surprisingly, when instantiated with specific KEM constructions, the resulting protocols are competitive with the best previous schemes that have proofs only in the Random Oracle Model.