International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 18 April 2014

Qianying Zhang, Shijun Zhao, Dengguo Feng
ePrint Report ePrint Report
UKS (unknown key-share) attacks are now common attacks to Authenticated Key Exchange (AKE) protocols. We summarize two popular countermeasures against UKS attacks on the implicitly authenticated key exchange protocols. The first one forces the CA to check the possession of private keys during registration, which is impractical for the CA. The second one adds identities in the derivation of the session key, which leads to modify the protocols already used in practice. By using the key protection capability of hardware security chips, such as TPM or TCM, we propose a new way to prevent UKS attacks that needs no check of possession of private keys and no addition of identities during the derivation of the session key. We modify the CK model to adapt the protocols using hardware security chips. We then implement a protocol once used in NSA, called KEA and subject to UKS attacks, using TCM chips. Our implementation, called tKEA, is secure under our security model. To show the generality of our way, we also show that our new way can prevent UKS attacks on the MQV protocol.

Expand

Additional news items may be found on the IACR news page.