Study On Authenticated Key Exchange Protocols And Their Security Models

Key exchange (KE) protocols allow parties to establish a common session key in an un-secured channel, which is used as the key of the symmetric cryptographic algorithm to guar-antee the confidentiality and the integrity of the subsequent communication. Key exchange has been one of the primitives like encryption and signature. Since the Diffie-Hellman pro-tocol is susceptible to Man-In-Middle(MIM) attack, a lot of work have focused on providing it with authentication, i.e. authenticated key exchange (AKE) protocol. However, identify-ing and modeling the exact security requirements for authenticated key exchange protocols have been proven to be a non-trivial task. The thesis does further research on key exchange protocols and security models. The main results are as follows:1. We do research on the famous Blake-Wilson,Johnson and Menezes (BJM97) protocols. We find that BJM97 model fails to model the adversary's capabilities in the public key setting well. We propose the BJM97+model by introducing a new EstablishParty query and using a modified Corrupt query. Notably, the security proof for BJM97 protocol 1 and protocol 2 will not be correct if we examine them in the BJM97+model. Specifically, both of them will no longer be provably secure under the computational Diffie-Hellman (CDH) assumption. We then introduce the modified B JM97 protocol 1 and protocol 2 and prove that they are secure in the BJM97+model under Gap Diffie-Hellman (GDH) assumption.2. We do research on the key exchange protocols in the newly-proposed enhanced Canetti-Krawczyk (eCK) model. Using a new technique proposed by Cash,Kiltz and Shoup in Eurocrypt 2008, we first propose a family of ID-based key exchange pro-tocols in the eCK model, including one-pass,two-pass and three-pass protocols. The main results are as follows:First, we adapt the eCK model to the ID-based setting, and give a new freshness definition for the one-pass protocol. Second, we propose a new two-pass authenticated key exchange protocol HC09, and derive the corresponding one-pass and three-pass authenticated key exchange protocols.Finally, we prove that the protocols are secure in the eCK model under the Bilin-ear Diffie-Hellman (BDH) assumption. To the best of our knowledge, these are the first ID-based authenticated key exchange protocols secure in the eCK model.3. We further do research on the security model of authenticated key exchange protocols. While the freshness definition for two-pass authenticated key exchange protocols is very strong, however, we find that for three-pass definition there are further rooms for improvement. The main results are as follows:First, we further enhance the freshness definition of eCK model for three-pass authenticated key exchange protocol, and propose a new model eCK+by intro-ducing a new notion called strong key compromise impersonation resilience. We point out that the authenticated key exchange protocols proven secure in prior models will no longer secure in the eCK+model.Finally, we introduce a new authenticated key exchange protocol SIG-DH+, which is shown secure in the eCK+model.4. We do research on the insider-resistant group key exchange protocol. So far, all pro-posed group key exchange protocols make use of signatures to resist insider attack. As a result, each participant must verify all other n—1 signatures, which make the protocols considerably inefficient. In the thesis, we propose a new insider-resistant group key protocol without signatures. The main idea is that we use the signature-free two-party authenticated key exchange (2-AKE) protocols, which is used to authenti-cate the messages instead of using signatures. We prove that if the underlying 2-AKE protocol is secure the group key exchange protocol is insider-resistant. Compared to all previous group key exchange protocols using signatures, our protocol is clearly more efficient.