article

Some attacks upon authenticated group key agreement protocols

Authors:

Olivier Pereira,

Jean-Jacques QuisquaterAuthors Info & Claims

Journal of Computer Security, Volume 11, Issue 4

Pages 555 - 580

Published: 01 July 2003 Publication History

Abstract

During the last few years, a number of authenticated group key agreement protocols have been proposed in the literature. We observed that the efforts in this domain were mostly dedicated to the improvement of their performance in term of bandwidth or computational requirements, but that there were very few systematic studies on their security properties. In this paper, we tried to develop a systematic way to analyse protocol suites extending the Diffie-Hellman key-exchange scheme to a group setting and presented in the context of the Cliques project. This led us to propose a very simple machinery that allowed us to manually pinpoint several unpublished attacks against the main security properties claimed in the definition of these protocols (implicit key agreement, perfect forward secrecy, resistance to known-key attacks).

References

[1]

{1} M. Abadi and P. Rogaway, Reconciling two views of cryptography, in: Proceedings of the IFIP International Conference on Theoretical Computer Science 2000, LNCS Vol. 1872, 2000, pp. 3-22.]]

[2]

{2} G. Ateniese, M. Steiner and G. Tsudik, New multi-party authentication services and key agreement protocols, IEEE Journal on Selected Areas in Communication18(4) (2000), 628-639.]]

Digital Library

[3]

{3} M. Bellare and P. Rogaway, Entity authentication and key distribution, in: Proceedings of Advances in Cryptology: Crypto'93, LNCS Vol. 773, 1994, pp. 232-249.]]

Digital Library

[4]

{4} S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis, in: Cryptography and Coding, LNCS Vol. 1355, 1997, pp. 30-45.]]

[5]

{5} E. Bresson, O. Chevassut and D. Pointcheval, Provably authenticated group Diffie-Hellman key exchange-the dynamic case, in: Advances in Cryptology-Proceedings of AsiaCrypt 2001, C. Boyd, ed., LNCS Vol. 2248, 2001, pp. 290-309.]]

[6]

{6} E. Bresson, O. Chevassut and D. Pointcheval, Dynamic group diffie-hellman key exchange under standard assumptions, in: Advances in Cryptology - Proceedings of Eurocrypt 2002, L. Knudsen, ed., LNCS Vol. 2332, 2002, pp. 321-336.]]

[7]

{7} J. Bryans and S. Schneider, CSP, PVS, and a recursive authentication protocol, in: Proceedings of the DIMACS Workshop on Formal Verification of Security Protocols, 1997.]]

[8]

{8} M. Burrows, M. Abadi and R. Needham, A logic of authentication, ACM Transactions on Computer Systems8(1) (1990), 18-36.]]

Digital Library

[9]

{9} A. Durante, R. Focardi and R. Gorrieri, CVS: A tool for the analysis of cryptographic protocols, in: Proceedings of the 12-th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 1999, pp. 203-212.]]

[10]

{10} J. Guttman, F.J. Thayer Fábrega and L. Zuck, The faithfulness of abstract protocol analysis: Message authentication, in: Proceedings of the 8th ACM Conference on Computer and Communications Security, P. Samarati, ed., ACM Press, 2001, pp. 186-195.]]

[11]

{11} Y. Kim, A. Perrig and G. Tsudik, Communication-efficient group key agreement, in: Proceedings of IFIP-SEC 2001, Kluwer Publishers, 2001, pp. 229-244.]]

[12]

{12} G. Lowe, Some new attacks upon security protocols, in: Proceedings of 9th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 1996, pp. 162-169.]]

[13]

{13} G. Lowe, A hierarchy of authentication specifications, in: Proceedings of 10th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 1997, pp. 31-44.]]

[14]

{14} G. Lowe, Casper: A compiler for the analysis of security protocols, Journal of Computer Security6 (1998), 53-84.]]

[15]

{15} W. Marrero, E. Clarke and S. Jha, A model checker for authentication protocols, in: Proceedings of the DIMACS Workshop on Formal Verification of Security Protocols, 1997.]]

[16]

{16} C. Meadows, The NRL protocol analyzer: an overview, Journal of Logic Programming26(2) (1996), 113-131.]]

[17]

{17} C. Meadows, Extending formal cryptographic protocol analysis techniques for group protocols and low-level cryptographic primitives, in: Proceedings of the Workshop on Issues in the Theory of Security, 2000, pp. 1-4.]]

[18]

{18} A.J. Menezes, P.C. van Oorschot and S.A. Vanstone, in: Handbook of Applied Cryptography, Chapter 12, CRC Press, 1999, pp. 489-541.]]

[19]

{19} L.C. Paulson, Mechanised proofs for a recursive authentication protocol, in: Proceedings of the 10-th IEEE Computer Security Foundations Workshop, IEEE Computer Society Press, 1997, pp. 84-95.]]

[20]

{20} L.C. Paulson, The inductive approach to verifying cryptographic protocols, Journal of Computer Security6 (1998), 85-128.]]

Digital Library

[21]

{21} D. Song, S. Berezin and A. Perrig, Athena: a novel approach to efficient automatic security protocol analysis, Journal of Computer Security9(1,2) (2001), 47-74.]]

[22]

{22} P. Syverson and P. van Oorschot, On unifying some cryptographic protocols logics, in: Proceedings of the IEEE Symposium on Research in Security and Privacy, IEEE Computer Society Press, 1994, pp. 14-24.]]

[23]

{23} F.J. Thayer, J.H. Herzog and J. Guttman, Strand spaces: Proving security protocols correct, Journal of Computer Security7(2/3) (1999), 191-230.]]

Cited By

Paiola MBlanchet B(2018)Verification of security protocols with listsJournal of Computer Security10.5555/2595044.259504621:6(781-816)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/2595044.2595046
Choo K(2018)On the Security Analysis of Lee, Hwang & Lee (2004) and Song & Kim (2000) Key Exchange / Agreement ProtocolsInformatica10.5555/1413878.141387917:4(467-480)Online publication date: 17-Dec-2018
https://dl.acm.org/doi/10.5555/1413878.1413879
Pereira OQuisquater J(2018)On the impossibility of building secure cliques-type authenticated group key agreement protocolsJournal of Computer Security10.5555/1150577.115058114:2(197-246)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/1150577.1150581
Show More Cited By

Index Terms

Some attacks upon authenticated group key agreement protocols
1. Networks
  1. Network protocols
    1. Protocol correctness
      1. Protocol testing and verification
2. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Public key encryption
  2. Security services
    1. Authentication

Recommendations

Security weaknesses of a signature scheme and authenticated key agreement protocols

At ACISP 2012, a novel deterministic identity-based (aggregate) signature scheme was proposed that does not rely on bilinear pairing. The scheme was formally proven to be existentially unforgeable under an adaptive chosen message and identity attack. ...
Certificateless and identity-based authenticated asymmetric group key agreement

Group key agreement (GKA) is one of the traditional ways to guarantee the subsequent secure group communications. However, conventional GKA protocols face two limitations, i.e., they require two or more rounds to establish secure channels and are sender ...
Certificateless authenticated two-party key agreement protocols
ASIAN'06: Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues

In their seminal paper on certificateless public key cryptography, Al-Riyami and Paterson (AP) proposed a certificateless authenticated key agreement protocol. Key agreement protocols are one of the fundamental primitives of cryptography, and allow ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image Journal of Computer Security

Journal of Computer Security Volume 11, Issue 4

Special issue on CSFW14

July 2003

271 pages

ISSN:0926-227X

Issue’s Table of Contents

Publisher

IOS Press

Netherlands

Publication History

Published: 01 July 2003

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 22 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Paiola MBlanchet B(2018)Verification of security protocols with listsJournal of Computer Security10.5555/2595044.259504621:6(781-816)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/2595044.2595046
Choo K(2018)On the Security Analysis of Lee, Hwang & Lee (2004) and Song & Kim (2000) Key Exchange / Agreement ProtocolsInformatica10.5555/1413878.141387917:4(467-480)Online publication date: 17-Dec-2018
https://dl.acm.org/doi/10.5555/1413878.1413879
Pereira OQuisquater J(2018)On the impossibility of building secure cliques-type authenticated group key agreement protocolsJournal of Computer Security10.5555/1150577.115058114:2(197-246)Online publication date: 24-Dec-2018
https://dl.acm.org/doi/10.5555/1150577.1150581
Paiola MBlanchet B(2012)Verification of security protocols with listsProceedings of the First international conference on Principles of Security and Trust10.1007/978-3-642-28641-4_5(69-88)Online publication date: 24-Mar-2012
https://dl.acm.org/doi/10.1007/978-3-642-28641-4_5
Kremer SMercier ATreinen R(2008)Proving Group Protocols Secure Against EavesdroppersProceedings of the 4th international joint conference on Automated Reasoning10.1007/978-3-540-71070-7_9(116-131)Online publication date: 12-Aug-2008
https://dl.acm.org/doi/10.1007/978-3-540-71070-7_9
Bresson EManulis MSchwenk J(2007)On security models and compilers for group key exchange protocolsProceedings of the Security 2nd international conference on Advances in information and computer security10.5555/1778902.1778928(292-307)Online publication date: 29-Oct-2007
https://dl.acm.org/doi/10.5555/1778902.1778928
Steel GBundy A(2005)Attacking Group Multicast Key Management Protocols Using CoralElectronic Notes in Theoretical Computer Science (ENTCS)10.1016/j.entcs.2004.05.023125:1(125-144)Online publication date: 1-Mar-2005
https://dl.acm.org/doi/10.1016/j.entcs.2004.05.023
Choo KBoyd CHitchcock Y(2005)On session key construction in provably-secure key establishment protocolsProceedings of the 1st international conference on Progress in Cryptology in Malaysia10.1007/11554868_9(116-131)Online publication date: 28-Sep-2005
https://dl.acm.org/doi/10.1007/11554868_9

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Issue’s Table of Contents