FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes

Previous Article
Index calculus in the trace zero variety
AMC Home
This Issue
Next Article
The nonassociative algebras used to build fast-decodable space-time block codes

November 2015, 9(4): 471-514. doi: 10.3934/amc.2015.9.471

FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes

Mohammad Sadeq Dousti ^1, and Rasool Jalili ^1,

1.	Data & Network Security Lab, Department of Computer Engineering, Sharif University of Technology, Tehran, Iran, Iran

Received March 2014 Revised March 2015 Published November 2015

Abstract
Related Papers

This paper suggests a model and a definition for forward-secure authenticated key exchange (AKE) protocols, which can be satisfied without depending on the Diffie--Hellman assumption. The basic idea is to use key-evolving schemes (KES), where the long-term keys of the system get updated regularly and irreversibly. Protocols conforming to our model can be highly efficient, since they do not require the resource-intensive modular exponentiations of the Diffie--Hellman protocol. We also introduce a protocol, called FORSAKES, and prove rigorously that it is a forward-secure AKE protocol in our model. FORSAKES is a very efficient protocol, and can be implemented by merely using hash functions.

Keywords: provable security, security model., Authenticated key exchange protocol, forward security, key evolving schemes.

Mathematics Subject Classification: Primary: 94A62; Secondary: 68M12, 94A6.

Citation: Mohammad Sadeq Dousti, Rasool Jalili. FORSAKES: A forward-secure authenticated key exchange protocol based on symmetric key-evolving schemes. Advances in Mathematics of Communications, 2015, 9 (4) : 471-514. doi: 10.3934/amc.2015.9.471

References:

[1]	A. Banerjee, C. Peikert and A. Rosen, Pseudorandom functions and lattices, in Advances in Cryptology-EUROCRYPT 2012, Springer, Cambridge, United Kingdom, 7237 (2012), 719-737. doi: 10.1007/978-3-642-29011-4_42.
[2]	D. Basin, C. Cremers and S. Meier, Provably repairing the ISO/IEC 9798 standard for entity authentication, in Principles of Security and Trust, Springer, 7215 (2012), 129-148. doi: 10.1007/978-3-642-28641-4_8.
[3]	M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication, in Advances in Cryptology-CRYPTO '96, Springer, Santa Barbara, CA, USA, 1109 (1996), 1-15. doi: 10.1007/3-540-68697-5_1.
[4]	M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract), in Proceedings of the $30^{th}$ Annual ACM Symposium on Theory of Computing （STOC '98）, ACM, Dallas, TX, USA, 1998, 419-428. doi: 10.1145/276698.276854.
[5]	M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks, in Advances in Cryptology-EUROCRYPT '00, Springer, Bruges, Belgium, 1807 (2000), 139-155. doi: 10.1007/3-540-45539-6_11.
[6]	M. Bellare and P. Rogaway, Entity authentication and key distribution, in Advances in Cryptology-CRYPTO '93, Springer, Santa Barbara, CA, USA, 773 (1993), 232-249. doi: 10.1007/3-540-48329-2_21.
[7]	M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, in Proceedings of the $1^{st}$ Annual ACM Conference on Computer and Communications Security （CCS '93）, ACM, Fairfax, VA, USA, 1993, 62-73. doi: 10.1145/168588.168596.
[8]	M. Bellare and P. Rogaway, Provably secure session key distribution: The three party case, in Proceedings of the $27^{th}$ Annual ACM Symposium on Theory of Computing （STOC '95）, ACM, Las Vegas, NV, USA, 1995, 57-66. doi: 10.1145/225058.225084.
[9]	M. Bellare and P. Rogaway, The exact security of digital signatures-how to sign with RSA and Rabin, in Advances in Cryptology-EUROCRYPT '96, Springer, Saragossa, Spain, 1070 (1996), 399-416. doi: 10.1007/3-540-68339-9_34.
[10]	R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, Systematic design of two-party authentication protocols, in Advances in Cryptology-CRYPTO '91, Springer, Santa Barbara, CA, USA, 576 (1992), 44-61. doi: 10.1007/3-540-46766-1_3.
[11]	A. Biryukov, J. Lano and B. Preneel, Cryptanalysis of the alleged SecurID hash function, in Selected Areas in Cryptography (SAC 2003), Springer, Windsor, ON, Canada, 3006 (2004), 130-144, Extended version available from http://eprint.iacr.org/2003/162. doi: 10.1007/978-3-540-24654-1_10.
[12]	A. Biryukov, J. Lano and B. Preneel, Recent attacks on alleged SecurID and their practical implications, Computers & Security, 24 (2005), 364-370. doi: 10.1016/j.cose.2005.04.006.
[13]	S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis, in Proceedings of the $6^{th}$ IMA International Conference on Cryptography and Coding (IMACC '97), Springer, Cirencester, UK, 1355 (1997), 30-45. doi: 10.1007/BFb0024447.
[14]	S. Blake-Wilson and A. Menezes, Entity authentication and authenticated key transport protocols: Employing asymmetric techniques, in Security Protocols, Lecture Notes in Computer Science, Springer, Paris, France, 1361 (2005), 137-158. doi: 10.1007/BFb0028166.
[15]	C. Boyd, Hidden assumptions in cryptographic protocols, IEE Proceedings of Computers and Digital Techniques, 137 (1990), 433-436. doi: 10.1049/ip-e.1990.0054.
[16]	C. Boyd and A. Mathuria, Protocols for authentication and key establishment, Springer, 2003. doi: 10.1007/978-3-662-09527-0.
[17]	C. Brzuska, M. Fischlin, N. P. Smart, B. Warinschi and S. C. Williams, Less is more: Relaxed yet composable security notions for key exchange, International Journal of Information Security, 12 (2013), 267-297. doi: 10.1007/s10207-013-0192-y.
[18]	C. Brzuska, M. Fischlin, B. Warinschi and S. C. Williams, Composability of Bellare-Rogaway key exchange protocols, in Proceedings of the $18^{th}$ ACM Conference on Computer and Communications Security (CCS 2011), ACM, Chicago, IL, USA, 2011, 51-62. doi: 10.1145/2046707.2046716.
[19]	J. Camenisch, A. Lysyanskaya and G. Neven, Practical yet universally composable two-server password-authenticated secret sharing, in Proceedings of the $19^{th}$ ACM Conference on Computer and Communications Security (CCS 2012), ACM, Raleigh, NC, USA, 2012, 525-536. doi: 10.1145/2382196.2382252.
[20]	R. Canetti, Universally composable security: A new paradigm for cryptographic protocols (extended abstract), in Proceedings of the $42^{nd}$ Annual IEEE Symposium on Foundations of Computer Science (FOCS '01), IEEE Computer Society, Washington, DC, USA, 2001, 136-145, See [21] for the full version.
[21]	R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, Cryptology ePrint Archive, Report 2000/067, 2005, Available from http://eprint.iacr.org/2000/067. See [20] for the conference version. doi: 10.1109/SFCS.2001.959888.
[22]	R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme, in Advances in Cryptology-Eurocrypt 2003, Springer, Warsaw, Poland, 2656 (2003), 255-271, See [23] for the journal version. doi: 10.1007/3-540-39200-9_16.
[23]	R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme, Journal of Cryptology, 20 (2007), 265-294, See [22] for the conference version. doi: 10.1007/s00145-006-0442-5.
[24]	R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie, Universally composable password-based key exchange, in Advances in Cryptology-EUROCRYPT 2005, Springer, Aarhus, Denmark, 3494 (2005), 404-421, Full version is available from http://eprint.iacr.org/2005/196. doi: 10.1007/11426639_24.
[25]	R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, in Advances in Cryptology-EUROCRYPT '01, Springer, Innsbruck, Austria, 2045 (2001), 453-474, Full version is available at http://eprint.iacr.org/2001/040. doi: 10.1007/3-540-44987-6_28.
[26]	R. Canetti and H. Krawczyk, Universally composable notions of key exchange and secure channels (extended abstract), in Advances in Cryptology-EUROCRYPT '02, Springer, Amsterdam, The Netherlands, 2332 (2002), 337-351, Full version is available at http://eprint.iacr.org/2002/059. doi: 10.1007/3-540-46035-7_22.
[27]	T. Cao, E. Bertino and H. Lei, Security analysis of the SASI protocol, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 73-77. doi: 10.1109/TDSC.2008.32.
[28]	H.-Y. Chien, SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity, IEEE Transactions on Dependable and Secure Computing, 4 (2007), 337-340. doi: 10.1109/TDSC.2007.70226.
[29]	K.-K. R. Choo, Secure key establishment, Springer, 2009. doi: 10.1007/978-0-387-87969-7.
[30]	K.-K. R. Choo, C. Boyd and Y. Hitchcock, Examining indistinguishability-based proof models for key establishment protocols, in Advances in Cryptology-ASIACRYPT '05, Springer, Chennai, India, 3788 (2005), 585-604. doi: 10.1007/11593447_32.
[31]	K.-K. R. Choo, C. Boyd, Y. Hitchcock and G. Maitland, On session identifiers in provably secure protocols: The Bellare-Rogaway three-party key distribution protocol revisited, in Security in Communication Networks (SCN 2004), Springer, Amalfi, Italy, 3352 (2005), 351-366. doi: 10.1007/978-3-540-30598-9_25.
[32]	J. Clark and J. Jacob, On the security of recent protocols, Information Processing Letters (IPL), 56 (1995), 151-155. doi: 10.1016/0020-0190(95)00136-Z.
[33]	J. Clark and J. Jacob, A survey of authentication protocol literature: Version 1.0, 1997,, Available from , ().
[34]	S. Contini and Y. L. Yin, Fast software-based attacks on SecurID, in Fast Software Encryption (FSE 2004), Springer, Delhi, India, 3017 (2004), 454-471. doi: 10.1007/978-3-540-25937-4_29.
[35]	C. Cremers, Examining indistinguishability-based security models for key exchange protocols: The case of CK, CK-HMQV, and eCK, in Proceedings of the $6^{th}$ ACM Symposium on Information, Computer and Communications Security (ASIACCS '11), ACM, Hong Kong, China, 2011, 80-91. doi: 10.1145/1966913.1966925.
[36]	C. J. Cremers, Session-state reveal is stronger than ephemeral key reveal: Attacking the NAXOS authenticated key exchange protocol, in Proceedings of the $7^{th}$ International Conference on Applied Cryptography and Network Security (ACNS '09), Springer, Paris-Rocquencourt, France, 5536 (2009), 20-33. doi: 10.1007/978-3-642-01957-9_2.
[37]	D. E. Denning and G. M. Sacco, Timestamps in key distribution protocols, Communications of the ACM, 24 (1981), 533-536. doi: 10.1145/358722.358740.
[38]	W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, IT-22 (1976), 644-654. doi: 10.1109/TIT.1976.1055638.
[39]	W. Diffie, P. C. Oorschot and M. J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, 2 (1992), 107-125. doi: 10.1007/BF00124891.
[40]	M. S. Dousti and R. Jalili, Efficient Statistical Zero-Knowledge Authentication Protocols for Smart Cards Secure Against Active & Concurrent Attacks, Cryptology ePrint Archive, 2013, Available from http://eprint.iacr.org/2013/709. See [41] for the journal version.
[41]	M. S. Dousti and R. Jalili, An efficient statistical zero-knowledge authentication protocol for smart cards,, International Journal of Computer Mathematics, (). doi: 10.1080/00207160.2015.1011629.
[42]	U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity (extended abstract), in Proceedings of the $19^{th}$ Annual ACM Symposium on Theory of Computing (STOC '87), New York, NY, USA, 1987, 210-217, See [43] for the journal version. doi: 10.1007/BF02351717.
[43]	U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptology, 1 (1988), 77-94, See [42] for the conference version. doi: 10.1007/BF02351717.
[44]	O. Goldreich, S. Goldwasser and S. Micali, How to construct random functions, Journal of the ACM (JACM), 33 (1986), 792-807. doi: 10.1145/6490.6503.
[45]	C. G. Günther, An identity-based key-exchange protocol, in Advances in Cryptology-EUROCRYPT '89, Springer, Houthalen, Belgium, 1989, 29-37. doi: 10.1007/3-540-46885-4_5.
[46]	D. Hofheinz, J. Müller-Quade and R. Steinwandt, Initiator-resilient universally composable key exchange, in Proceedings of the $8^{th}$ European Symposium on Research in Computer Security (ESORICS 2003), Springer, Gjøvik, Norway, 2908 (2003), 61-84. doi: 10.1007/978-3-540-39650-5_4.
[47]	J. Katz and Y. Lindell, Introduction to Modern Cryptography: Principles and Protocols, 1st edition, Chapman & Hall/CRC, 2007.
[48]	H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol (extended abstract), in Advances in Cryptology-CRYPTO'05, Springer, Santa Barbara, CA, USA, 3621 (2005), 546-566, Full version is available at http://eprint.iacr.org/2005/176. doi: 10.1007/11535218_33.
[49]	B. LaMacchia, K. Lauter and A. Mityagin, Stronger security of authenticated key exchange, in Proceedings of the $1^{st}$ International Conference on Provable Security (ProvSec '07), Springer, Wollongong, Australia, 4784 (2007), 1-16. doi: 10.1007/978-3-540-75670-5_1.
[50]	L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone, An efficient protocol for authenticated key agreement, Designs, Codes and Cryptography, 28 (2003), 119-134. doi: 10.1023/A:1022595222606.
[51]	C. Lenzen, T. Locher, P. Sommer and R. Wattenhofer, Clock synchronization: Open problems in theory and practice, in International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2010), Springer, 5901 (2010), 61-70. doi: 10.1007/978-3-642-11266-9_5.
[52]	A. Menezes, Another look at HMQV, Journal of Mathematical Cryptology, 1 (2007), 47-64, Available from http://eprint.iacr.org/2005/205. doi: 10.1515/JMC.2007.004.
[53]	A. Menezes, M. Qu and S. Vanstone, Some new key agreement protocols providing implicit authentication, in Presented at the Workshop on Selected Areas in Cryptography (SAC '95), 1995, 22-32.
[54]	R. M. Needham and M. D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, 21 (1978), 993-999. doi: 10.1145/359657.359659.
[55]	D. Otway and O. Rees, Efficient and timely mutual authentication, ACM SIGOPS Operating Systems Review, 21 (1987), 8-10. doi: 10.1145/24592.24594.
[56]	R. C.-W. Phan, Cryptanalysis of a new ultralightweight RFID authentication protocol-SASI, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 316-320. doi: 10.1109/TDSC.2008.33.
[57]	A. P. Sarr, P. Elbaz-Vincent and J.-C. Bajard, A new security model for authenticated key agreement, in Proceedings of the $7^{th}$ International Conference on Security and Cryptography for Networks (SCN '10), Springer, Amalfi, Italy, 6280 (2010), 219-234. doi: 10.1007/978-3-642-15317-4_15.
[58]	V. Shoup, On formal models for secure key exchange, Technical report, IBM Zurich Research Lab, 1999, Version 4 is available at http://eprint.iacr.org/1999/012.
[59]	V. Shoup and A. Rubin, Session key distribution using smart cards, in Advances in Cryptology-EUROCRYPT '96, Springer, Saragossa, Spain, 1070 (2001), 321-331. doi: 10.1007/3-540-68339-9_28.
[60]	H.-M. Sun, W.-C. Ting and K.-H. Wang, On the security of Chien's ultralightweight RFID authentication protocol, IEEE Transactions on Dependable and Secure Computing, 8 (2011), 315-317. doi: 10.1109/TDSC.2009.26.
[61]	I. Wiener, Sample SecurID token emulator with token secret import, 2000,, Available from , (): 2000.
[62]	K. Yoneyama and Y. Zhao, Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage, in Proceedings of the $5^{th}$ International Conference on Provable Security (ProvSec 2011), Springer, Xi'an, China, 6980 (2011), 348-365. doi: 10.1007/978-3-642-24316-5_25.

show all references

References:

[1]	A. Banerjee, C. Peikert and A. Rosen, Pseudorandom functions and lattices, in Advances in Cryptology-EUROCRYPT 2012, Springer, Cambridge, United Kingdom, 7237 (2012), 719-737. doi: 10.1007/978-3-642-29011-4_42.
[2]	D. Basin, C. Cremers and S. Meier, Provably repairing the ISO/IEC 9798 standard for entity authentication, in Principles of Security and Trust, Springer, 7215 (2012), 129-148. doi: 10.1007/978-3-642-28641-4_8.
[3]	M. Bellare, R. Canetti and H. Krawczyk, Keying hash functions for message authentication, in Advances in Cryptology-CRYPTO '96, Springer, Santa Barbara, CA, USA, 1109 (1996), 1-15. doi: 10.1007/3-540-68697-5_1.
[4]	M. Bellare, R. Canetti and H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract), in Proceedings of the $30^{th}$ Annual ACM Symposium on Theory of Computing （STOC '98）, ACM, Dallas, TX, USA, 1998, 419-428. doi: 10.1145/276698.276854.
[5]	M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks, in Advances in Cryptology-EUROCRYPT '00, Springer, Bruges, Belgium, 1807 (2000), 139-155. doi: 10.1007/3-540-45539-6_11.
[6]	M. Bellare and P. Rogaway, Entity authentication and key distribution, in Advances in Cryptology-CRYPTO '93, Springer, Santa Barbara, CA, USA, 773 (1993), 232-249. doi: 10.1007/3-540-48329-2_21.
[7]	M. Bellare and P. Rogaway, Random oracles are practical: A paradigm for designing efficient protocols, in Proceedings of the $1^{st}$ Annual ACM Conference on Computer and Communications Security （CCS '93）, ACM, Fairfax, VA, USA, 1993, 62-73. doi: 10.1145/168588.168596.
[8]	M. Bellare and P. Rogaway, Provably secure session key distribution: The three party case, in Proceedings of the $27^{th}$ Annual ACM Symposium on Theory of Computing （STOC '95）, ACM, Las Vegas, NV, USA, 1995, 57-66. doi: 10.1145/225058.225084.
[9]	M. Bellare and P. Rogaway, The exact security of digital signatures-how to sign with RSA and Rabin, in Advances in Cryptology-EUROCRYPT '96, Springer, Saragossa, Spain, 1070 (1996), 399-416. doi: 10.1007/3-540-68339-9_34.
[10]	R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, Systematic design of two-party authentication protocols, in Advances in Cryptology-CRYPTO '91, Springer, Santa Barbara, CA, USA, 576 (1992), 44-61. doi: 10.1007/3-540-46766-1_3.
[11]	A. Biryukov, J. Lano and B. Preneel, Cryptanalysis of the alleged SecurID hash function, in Selected Areas in Cryptography (SAC 2003), Springer, Windsor, ON, Canada, 3006 (2004), 130-144, Extended version available from http://eprint.iacr.org/2003/162. doi: 10.1007/978-3-540-24654-1_10.
[12]	A. Biryukov, J. Lano and B. Preneel, Recent attacks on alleged SecurID and their practical implications, Computers & Security, 24 (2005), 364-370. doi: 10.1016/j.cose.2005.04.006.
[13]	S. Blake-Wilson, D. Johnson and A. Menezes, Key agreement protocols and their security analysis, in Proceedings of the $6^{th}$ IMA International Conference on Cryptography and Coding (IMACC '97), Springer, Cirencester, UK, 1355 (1997), 30-45. doi: 10.1007/BFb0024447.
[14]	S. Blake-Wilson and A. Menezes, Entity authentication and authenticated key transport protocols: Employing asymmetric techniques, in Security Protocols, Lecture Notes in Computer Science, Springer, Paris, France, 1361 (2005), 137-158. doi: 10.1007/BFb0028166.
[15]	C. Boyd, Hidden assumptions in cryptographic protocols, IEE Proceedings of Computers and Digital Techniques, 137 (1990), 433-436. doi: 10.1049/ip-e.1990.0054.
[16]	C. Boyd and A. Mathuria, Protocols for authentication and key establishment, Springer, 2003. doi: 10.1007/978-3-662-09527-0.
[17]	C. Brzuska, M. Fischlin, N. P. Smart, B. Warinschi and S. C. Williams, Less is more: Relaxed yet composable security notions for key exchange, International Journal of Information Security, 12 (2013), 267-297. doi: 10.1007/s10207-013-0192-y.
[18]	C. Brzuska, M. Fischlin, B. Warinschi and S. C. Williams, Composability of Bellare-Rogaway key exchange protocols, in Proceedings of the $18^{th}$ ACM Conference on Computer and Communications Security (CCS 2011), ACM, Chicago, IL, USA, 2011, 51-62. doi: 10.1145/2046707.2046716.
[19]	J. Camenisch, A. Lysyanskaya and G. Neven, Practical yet universally composable two-server password-authenticated secret sharing, in Proceedings of the $19^{th}$ ACM Conference on Computer and Communications Security (CCS 2012), ACM, Raleigh, NC, USA, 2012, 525-536. doi: 10.1145/2382196.2382252.
[20]	R. Canetti, Universally composable security: A new paradigm for cryptographic protocols (extended abstract), in Proceedings of the $42^{nd}$ Annual IEEE Symposium on Foundations of Computer Science (FOCS '01), IEEE Computer Society, Washington, DC, USA, 2001, 136-145, See [21] for the full version.
[21]	R. Canetti, Universally composable security: A new paradigm for cryptographic protocols, Cryptology ePrint Archive, Report 2000/067, 2005, Available from http://eprint.iacr.org/2000/067. See [20] for the conference version. doi: 10.1109/SFCS.2001.959888.
[22]	R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme, in Advances in Cryptology-Eurocrypt 2003, Springer, Warsaw, Poland, 2656 (2003), 255-271, See [23] for the journal version. doi: 10.1007/3-540-39200-9_16.
[23]	R. Canetti, S. Halevi and J. Katz, A forward-secure public-key encryption scheme, Journal of Cryptology, 20 (2007), 265-294, See [22] for the conference version. doi: 10.1007/s00145-006-0442-5.
[24]	R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie, Universally composable password-based key exchange, in Advances in Cryptology-EUROCRYPT 2005, Springer, Aarhus, Denmark, 3494 (2005), 404-421, Full version is available from http://eprint.iacr.org/2005/196. doi: 10.1007/11426639_24.
[25]	R. Canetti and H. Krawczyk, Analysis of key-exchange protocols and their use for building secure channels, in Advances in Cryptology-EUROCRYPT '01, Springer, Innsbruck, Austria, 2045 (2001), 453-474, Full version is available at http://eprint.iacr.org/2001/040. doi: 10.1007/3-540-44987-6_28.
[26]	R. Canetti and H. Krawczyk, Universally composable notions of key exchange and secure channels (extended abstract), in Advances in Cryptology-EUROCRYPT '02, Springer, Amsterdam, The Netherlands, 2332 (2002), 337-351, Full version is available at http://eprint.iacr.org/2002/059. doi: 10.1007/3-540-46035-7_22.
[27]	T. Cao, E. Bertino and H. Lei, Security analysis of the SASI protocol, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 73-77. doi: 10.1109/TDSC.2008.32.
[28]	H.-Y. Chien, SASI: A new ultralightweight RFID authentication protocol providing strong authentication and strong integrity, IEEE Transactions on Dependable and Secure Computing, 4 (2007), 337-340. doi: 10.1109/TDSC.2007.70226.
[29]	K.-K. R. Choo, Secure key establishment, Springer, 2009. doi: 10.1007/978-0-387-87969-7.
[30]	K.-K. R. Choo, C. Boyd and Y. Hitchcock, Examining indistinguishability-based proof models for key establishment protocols, in Advances in Cryptology-ASIACRYPT '05, Springer, Chennai, India, 3788 (2005), 585-604. doi: 10.1007/11593447_32.
[31]	K.-K. R. Choo, C. Boyd, Y. Hitchcock and G. Maitland, On session identifiers in provably secure protocols: The Bellare-Rogaway three-party key distribution protocol revisited, in Security in Communication Networks (SCN 2004), Springer, Amalfi, Italy, 3352 (2005), 351-366. doi: 10.1007/978-3-540-30598-9_25.
[32]	J. Clark and J. Jacob, On the security of recent protocols, Information Processing Letters (IPL), 56 (1995), 151-155. doi: 10.1016/0020-0190(95)00136-Z.
[33]	J. Clark and J. Jacob, A survey of authentication protocol literature: Version 1.0, 1997,, Available from , ().
[34]	S. Contini and Y. L. Yin, Fast software-based attacks on SecurID, in Fast Software Encryption (FSE 2004), Springer, Delhi, India, 3017 (2004), 454-471. doi: 10.1007/978-3-540-25937-4_29.
[35]	C. Cremers, Examining indistinguishability-based security models for key exchange protocols: The case of CK, CK-HMQV, and eCK, in Proceedings of the $6^{th}$ ACM Symposium on Information, Computer and Communications Security (ASIACCS '11), ACM, Hong Kong, China, 2011, 80-91. doi: 10.1145/1966913.1966925.
[36]	C. J. Cremers, Session-state reveal is stronger than ephemeral key reveal: Attacking the NAXOS authenticated key exchange protocol, in Proceedings of the $7^{th}$ International Conference on Applied Cryptography and Network Security (ACNS '09), Springer, Paris-Rocquencourt, France, 5536 (2009), 20-33. doi: 10.1007/978-3-642-01957-9_2.
[37]	D. E. Denning and G. M. Sacco, Timestamps in key distribution protocols, Communications of the ACM, 24 (1981), 533-536. doi: 10.1145/358722.358740.
[38]	W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, IT-22 (1976), 644-654. doi: 10.1109/TIT.1976.1055638.
[39]	W. Diffie, P. C. Oorschot and M. J. Wiener, Authentication and authenticated key exchanges, Designs, Codes and Cryptography, 2 (1992), 107-125. doi: 10.1007/BF00124891.
[40]	M. S. Dousti and R. Jalili, Efficient Statistical Zero-Knowledge Authentication Protocols for Smart Cards Secure Against Active & Concurrent Attacks, Cryptology ePrint Archive, 2013, Available from http://eprint.iacr.org/2013/709. See [41] for the journal version.
[41]	M. S. Dousti and R. Jalili, An efficient statistical zero-knowledge authentication protocol for smart cards,, International Journal of Computer Mathematics, (). doi: 10.1080/00207160.2015.1011629.
[42]	U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity (extended abstract), in Proceedings of the $19^{th}$ Annual ACM Symposium on Theory of Computing (STOC '87), New York, NY, USA, 1987, 210-217, See [43] for the journal version. doi: 10.1007/BF02351717.
[43]	U. Feige, A. Fiat and A. Shamir, Zero-knowledge proofs of identity, Journal of Cryptology, 1 (1988), 77-94, See [42] for the conference version. doi: 10.1007/BF02351717.
[44]	O. Goldreich, S. Goldwasser and S. Micali, How to construct random functions, Journal of the ACM (JACM), 33 (1986), 792-807. doi: 10.1145/6490.6503.
[45]	C. G. Günther, An identity-based key-exchange protocol, in Advances in Cryptology-EUROCRYPT '89, Springer, Houthalen, Belgium, 1989, 29-37. doi: 10.1007/3-540-46885-4_5.
[46]	D. Hofheinz, J. Müller-Quade and R. Steinwandt, Initiator-resilient universally composable key exchange, in Proceedings of the $8^{th}$ European Symposium on Research in Computer Security (ESORICS 2003), Springer, Gjøvik, Norway, 2908 (2003), 61-84. doi: 10.1007/978-3-540-39650-5_4.
[47]	J. Katz and Y. Lindell, Introduction to Modern Cryptography: Principles and Protocols, 1st edition, Chapman & Hall/CRC, 2007.
[48]	H. Krawczyk, HMQV: A high-performance secure Diffie-Hellman protocol (extended abstract), in Advances in Cryptology-CRYPTO'05, Springer, Santa Barbara, CA, USA, 3621 (2005), 546-566, Full version is available at http://eprint.iacr.org/2005/176. doi: 10.1007/11535218_33.
[49]	B. LaMacchia, K. Lauter and A. Mityagin, Stronger security of authenticated key exchange, in Proceedings of the $1^{st}$ International Conference on Provable Security (ProvSec '07), Springer, Wollongong, Australia, 4784 (2007), 1-16. doi: 10.1007/978-3-540-75670-5_1.
[50]	L. Law, A. Menezes, M. Qu, J. Solinas and S. Vanstone, An efficient protocol for authenticated key agreement, Designs, Codes and Cryptography, 28 (2003), 119-134. doi: 10.1023/A:1022595222606.
[51]	C. Lenzen, T. Locher, P. Sommer and R. Wattenhofer, Clock synchronization: Open problems in theory and practice, in International Conference on Current Trends in Theory and Practice of Computer Science (SOFSEM 2010), Springer, 5901 (2010), 61-70. doi: 10.1007/978-3-642-11266-9_5.
[52]	A. Menezes, Another look at HMQV, Journal of Mathematical Cryptology, 1 (2007), 47-64, Available from http://eprint.iacr.org/2005/205. doi: 10.1515/JMC.2007.004.
[53]	A. Menezes, M. Qu and S. Vanstone, Some new key agreement protocols providing implicit authentication, in Presented at the Workshop on Selected Areas in Cryptography (SAC '95), 1995, 22-32.
[54]	R. M. Needham and M. D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, 21 (1978), 993-999. doi: 10.1145/359657.359659.
[55]	D. Otway and O. Rees, Efficient and timely mutual authentication, ACM SIGOPS Operating Systems Review, 21 (1987), 8-10. doi: 10.1145/24592.24594.
[56]	R. C.-W. Phan, Cryptanalysis of a new ultralightweight RFID authentication protocol-SASI, IEEE Transactions on Dependable and Secure Computing, 6 (2009), 316-320. doi: 10.1109/TDSC.2008.33.
[57]	A. P. Sarr, P. Elbaz-Vincent and J.-C. Bajard, A new security model for authenticated key agreement, in Proceedings of the $7^{th}$ International Conference on Security and Cryptography for Networks (SCN '10), Springer, Amalfi, Italy, 6280 (2010), 219-234. doi: 10.1007/978-3-642-15317-4_15.
[58]	V. Shoup, On formal models for secure key exchange, Technical report, IBM Zurich Research Lab, 1999, Version 4 is available at http://eprint.iacr.org/1999/012.
[59]	V. Shoup and A. Rubin, Session key distribution using smart cards, in Advances in Cryptology-EUROCRYPT '96, Springer, Saragossa, Spain, 1070 (2001), 321-331. doi: 10.1007/3-540-68339-9_28.
[60]	H.-M. Sun, W.-C. Ting and K.-H. Wang, On the security of Chien's ultralightweight RFID authentication protocol, IEEE Transactions on Dependable and Secure Computing, 8 (2011), 315-317. doi: 10.1109/TDSC.2009.26.
[61]	I. Wiener, Sample SecurID token emulator with token secret import, 2000,, Available from , (): 2000.
[62]	K. Yoneyama and Y. Zhao, Taxonomical security consideration of authenticated key exchange resilient to intermediate computation leakage, in Proceedings of the $5^{th}$ International Conference on Provable Security (ProvSec 2011), Springer, Xi'an, China, 6980 (2011), 348-365. doi: 10.1007/978-3-642-24316-5_25.

[1]	Yu-Chi Chen. Security analysis of public key encryption with filtered equality test. Advances in Mathematics of Communications, 2021 doi: 10.3934/amc.2021053
[2]	Giacomo Micheli. Cryptanalysis of a noncommutative key exchange protocol. Advances in Mathematics of Communications, 2015, 9 (2) : 247-253. doi: 10.3934/amc.2015.9.247
[3]	Neal Koblitz, Alfred Menezes. Critical perspectives on provable security: Fifteen years of "another look" papers. Advances in Mathematics of Communications, 2019, 13 (4) : 517-558. doi: 10.3934/amc.2019034
[4]	Yang Lu, Jiguo Li. Forward-secure identity-based encryption with direct chosen-ciphertext security in the standard model. Advances in Mathematics of Communications, 2017, 11 (1) : 161-177. doi: 10.3934/amc.2017010
[5]	Meenakshi Kansal, Ratna Dutta, Sourav Mukhopadhyay. Group signature from lattices preserving forward security in dynamic setting. Advances in Mathematics of Communications, 2020, 14 (4) : 535-553. doi: 10.3934/amc.2020027
[6]	Ramprasad Sarkar, Mriganka Mandal, Sourav Mukhopadhyay. Quantum-safe identity-based broadcast encryption with provable security from multivariate cryptography. Advances in Mathematics of Communications, 2022 doi: 10.3934/amc.2022026
[7]	Neal Koblitz, Alfred Menezes. Another look at security definitions. Advances in Mathematics of Communications, 2013, 7 (1) : 1-38. doi: 10.3934/amc.2013.7.1
[8]	Isabelle Déchène. On the security of generalized Jacobian cryptosystems. Advances in Mathematics of Communications, 2007, 1 (4) : 413-426. doi: 10.3934/amc.2007.1.413
[9]	Xinwei Gao. Comparison analysis of Ding's RLWE-based key exchange protocol and NewHope variants. Advances in Mathematics of Communications, 2019, 13 (2) : 221-233. doi: 10.3934/amc.2019015
[10]	Yvo Desmedt, Niels Duif, Henk van Tilborg, Huaxiong Wang. Bounds and constructions for key distribution schemes. Advances in Mathematics of Communications, 2009, 3 (3) : 273-293. doi: 10.3934/amc.2009.3.273
[11]	Iris Anshel, Derek Atkins, Dorian Goldfeld, Paul E. Gunnells. Ironwood meta key agreement and authentication protocol. Advances in Mathematics of Communications, 2021, 15 (3) : 397-413. doi: 10.3934/amc.2020073
[12]	Palash Sarkar, Subhadip Singha. Verifying solutions to LWE with implications for concrete security. Advances in Mathematics of Communications, 2021, 15 (2) : 257-266. doi: 10.3934/amc.2020057
[13]	Roberto Civino, Riccardo Longo. Formal security proof for a scheme on a topological network. Advances in Mathematics of Communications, 2021 doi: 10.3934/amc.2021009
[14]	Riccardo Aragona, Alessio Meneghetti. Type-preserving matrices and security of block ciphers. Advances in Mathematics of Communications, 2019, 13 (2) : 235-251. doi: 10.3934/amc.2019016
[15]	Archana Prashanth Joshi, Meng Han, Yan Wang. A survey on security and privacy issues of blockchain technology. Mathematical Foundations of Computing, 2018, 1 (2) : 121-147. doi: 10.3934/mfc.2018007
[16]	Philip Lafrance, Alfred Menezes. On the security of the WOTS-PRF signature scheme. Advances in Mathematics of Communications, 2019, 13 (1) : 185-193. doi: 10.3934/amc.2019012
[17]	Mohamed Baouch, Juan Antonio López-Ramos, Blas Torrecillas, Reto Schnyder. An active attack on a distributed Group Key Exchange system. Advances in Mathematics of Communications, 2017, 11 (4) : 715-717. doi: 10.3934/amc.2017052
[18]	Felipe Cabarcas, Daniel Cabarcas, John Baena. Efficient public-key operation in multivariate schemes. Advances in Mathematics of Communications, 2019, 13 (2) : 343-371. doi: 10.3934/amc.2019023
[19]	Jian Mao, Qixiao Lin, Jingdong Bian. Application of learning algorithms in smart home IoT system security. Mathematical Foundations of Computing, 2018, 1 (1) : 63-76. doi: 10.3934/mfc.2018004
[20]	Liqun Qi, Zheng yan, Hongxia Yin. Semismooth reformulation and Newton's method for the security region problem of power systems. Journal of Industrial and Management Optimization, 2008, 4 (1) : 143-153. doi: 10.3934/jimo.2008.4.143

2020 Impact Factor: 0.935

Tools

Metrics

Other articles
by authors

on AIMS
Mohammad Sadeq Dousti Rasool Jalili
on Google Scholar
Mohammad Sadeq Dousti Rasool Jalili

[Back to Top]