IACR News item: 14 November 2013
Maurizio Adriano Strangio
ePrint Report
In a 2005 IACR report, Wang published an efficient identity-based key agreement protocol (IDAK) suitable for resource constraint devices.
The author shows that the IDAK key agreement protocol is secure in the Bellare-Rogaway model with random oracles and also provides an ad-hoc security proof claiming that the IDAK protocol is not vulnerable to Key Compromise Impersonation attacks.
In this report, we claim that the IDAK protocol is vulnerable to key-compromise impersonation attacks. Indeed, Wang\'s results are valid only for a passive adversary that can corrupt parties or reveal certain session-specific data but is not allowed to manipulate protocol transcripts; a model considering this type of adversary is unable to afford KCI resilience.
Additional news items may be found on the IACR news page.