Formally and Practically Relating the CK, CK-HMQV, and eCK Security Models for Authenticated Key Exchange
METADATA ONLY
Loading...
Author / Producer
Date
2009
Publication Type
Report
ETH Bibliography
yes
Citations
Altmetric
METADATA ONLY
Data
Rights / License
Abstract
Many recent key exchange (KE) protocols have been proven secure in the CK, CK-HMQV, or eCK security models. The exact relation between these security models, and hence between the security guarantees provided by the protocols, is unclear. First, we show that the CK, CK-HMQV, and eCK security models are formally incomparable. Second, we show that these models are also practically incomparable, by providing for each model attacks that are not considered by the other models. Our analysis enables us to find several previously unreported flaws in existing protocol security proofs. We identify the causes of these flaws and show how they can be avoided.
Permanent link
Publication status
published
External links
Editor
Book title
Journal / series
Volume
2009 (253)
Pages / Article No.
Publisher
International Association for Cryptologic Research
Event
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Security Models; Authenticated Key Exchange; Session-state; Ephemeral-key; Perfect Forward Secrecy; Weak Perfect Forward Secrecy; Key Compromise Impersonation; Matching sessions; Partnering
Organisational unit
03634 - Basin, David / Basin, David
Notes
Received 1 June 2009, Last revised 27 July 2010.