Strengthening the security of authenticated key exchange against bad randomness
OPEN ACCESS
Loading...
Author / Producer
Date
2018-03
Publication Type
Journal Article
ETH Bibliography
yes
Citations
Altmetric
OPEN ACCESS
Data
Rights / License
Abstract
Recent history has revealed that many random number generators (RNGs) used in cryptographic algorithms and protocols were not providing appropriate randomness, either by accident or on purpose. Subsequently, researchers have proposed new algorithms and protocols that are less dependent on the RNG. One exception is that all prominent authenticated key exchange (AKE) protocols are insecure given bad randomness, even when using good long-term keying material. We analyse the security of AKE protocols in the presence of adversaries that can perform attacks based on chosen randomness, i.e., attacks in which the adversary controls the randomness used in protocol sessions. We propose novel stateful protocols, which modify memory shared among a user’s sessions, and show in what sense they are secure against this worst case randomness failure. We develop a stronger security notion for AKE protocols that captures the security that we can achieve under such failures, and prove that our main protocol is correct in this model. Our protocols make substantially weaker assumptions on the RNG than existing protocols.
Permanent link
Publication status
published
External links
Editor
Book title
Journal / series
Volume
86 (3)
Pages / Article No.
481 - 516
Publisher
Springer
Event
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Authenticated key exchange (AKE); Security models; Stateless protocols; Stateful protocols; Chosen randomness
Organisational unit
03634 - Basin, David / Basin, David
Notes
It was possible to publish this article open access thanks to a Swiss National Licence with the publisher.