On the security analysis of Lee, Hwang & Lee (2004) and Song & Kim (2000) key exchange / agreement protocols

Informatica

Volumn 17, Issue 4, 2006, Pages 467-480

  Choo, Kim Kwang Raymond ^a  

^a AUSTRALIAN INSTITUTE OF CRIMINOLOGY   (Australia)

Author keywords

Information security; Key agreement protocols; Password based key establishment protocols; Provable security

Indexed keywords

EID: 33845665406     PISSN: 08684952     EISSN: None     Source Type: Journal    
DOI: None     Document Type: Review

References (50)

1. Abdalla, M., E. Bresson, O. Chevassut and D. Pointcheval (2006). Password-based group key exchange in a constant number of rounds. In M. Yung et al. (Eds.), PKC 2006, vol. 3958/2006 of LNCS, Springer-Verlag. pp. 427-442.
2. Abdalla,M., P.-A. Fouque and D. Pointcheval (2005). Password-based authenticated key exchange in the three-party setting. In S. Vaudenay (Ed.), PKC 2005, vol. 3386/2005 of LNCS, Springer-Verlag. pp. 65-84.
3. Aiello, L.C., and F. Massacci (2001). Verifying security protocols as planning in logic programming. ACM Transactions on Computational Logic (Special Issue Devoted to Robert A. Kowalski), 2(4), 542-580.
4. Allamigeon, X., and B. Blanchet (2005). Reconstruction of attacks against cryptographic protocols. In CSFW 2005. IEEE Computer Society Press. pp. 140-154.
5. Backes, M. (2004a). A cryptographically sound dolev-yao style security proof of the Needham-Schroeder-Lowe public-key protocol. IEEE Journal on Selected Areas in Communications, 22(10), 2075-2086.
6. Backes, M. (2004b). A cryptographically sound dolev-yao style security proof of the Otway-Rees protocol. In P. Samarati and D. Gollmann (Eds.), ESORICS 2004, vol. 3193/2004 of LNCS. Springer-Verlag. pp. 89-108.
7. Backes, M., and Ch. Jacobi (2003). Cryptographically sound and machine-assisted verification of security protocols. In H. Alt and M. Habib (Eds.), STACS 2003, vol. 2607/2003 of LNCS. Springer-Verlag. pp. 310-329.
8. Bao, F. (2003). Security analysis of a password authenticated key exchange protocol. In C. Boyd and W. Mao (Eds.), 6th Information Security Conference - ISC 2003, vol. 2851/2003 of LNCS. Springer-Verlag. pp. 208-217.
9. Bao, F. (2004). Colluding attacks to a payment protocol and two signature exchange schemes. In P.J. Lee (Ed.), ASIACRYPT 2004, vol. 3329/2004 of LNCS. Springer-Verlag. pp. 417-429.
10. Barthe, G., J. Cederquist and S. Tarento (2004). A machine-checked formalization of the generic model and the random oracle model. In D.A. Basin and M. Rusinowitch (Eds.), IJCAR 2004, vol. 3097/2005 of Lecture Notes in Computer Science. Springer-Verlag. pp. 385-399.
11. Basin, D.A., S. Mödersheim and L. Viganó (2003). An on-the-fly model-checker for security protocol analysis. In E. Snekkenes and D. Gollmann (Eds.), ESORICS2003, vol. 2808/2003 of LNCS. Springer-Verlag. pp. 253-270.
12. Bellare, M., R. Canetti and H. Krawczyk (1998). A modular approach to the design and analysis of authentication and key exchange protocols. In J. Vitter (Ed.), ACM STOC 1998. ACM Press. pp. 419-428.
13. Bellare, M., D. Pointcheval and P. Rogaway (2000). Authenticated key exchange secure against dictionary attacks. In B. Preneel (Ed.), EUROCRYPT 2000, vol. 1807/2000 of LNCS. Springer-Verlag. pp. 139-155.
14. Bellare, M., and P. Rogaway (1993). Entity authentication and key distribution. In D.R. Stinson (Ed.), CRYPTO 1993, vol. 773/1993 of LNCS. Springer-Verlag. pp. 110-125.
15. Bellare, M., and P. Rogaway (1995). Provably secure session key distribution: the three party case. In F.T. Leighton and A. Borodin (Eds.), ACM STOC 1995. ACM Press. pp. 57-66.
16. Blake-Wilson, S., D. Johnson and A. Menezes (1997). Key agreement protocols and their security analysis. In M. Darnell (Ed.), IMA Cryptography and Coding 1997, vol. 1335/1997 of LNCS. Springer-Verlag. pp. 30-45.
17. Bodei, C., M. Buchholtz, P. Degano, F. Nielson and H.R. Nielson (2003). Automatic validation of protocol narration. In R. Focardi (Ed.), CSFW 2003. IEEE Computer Society Press. pp. 126-140.
18. Boyd, C., and A. Mathuria (2003). Protocols for Authentication and Key Establishment. Springer-Verlag.
19. Bresson, E., O. Chevassut and D. Pointcheval (2001). Provably authenticated group Diffie-Hellman key exchange - the dynamic case. In C. Boyd (Ed.), ASIACRYPT 2001, vol. 2248/2001 of LNCS. Springer-Verlag. pp. 209-223.
20. Buccafurri, F., T. Eiter, G. Gottlob and N. Leone (1999). Enhancing model checking in verification by AI techniques. Artificial Intelligence, 112(1-2), 57-104.
21. Canetti, R., and H. Krawczyk (2001). Analysis of key-exchange protocols and their use for building secure channels. In B. Pfitzmann (Ed.), EUROCRYPT 2001, vol. 2045/2001 of LNCS. Springer-Verlag. pp. 453-474. (Extended version available from http://eprint.iacr.org/2001/040/).
22. Cervesato, I., N. Durgin, P.D. Lincoln, J.C. Mitchell and A. Scedrov (1999). A meta-notation for protocol analysis. In P. Syverson (Ed.), CSFW 1999. IEEE Computer Society Press. pp. 55-71.
23. Choo, K.-K.R. (2006a). Key Establishment: Proofs and Refutations. Ph.D. Thesis, Information Security Institute, Queensland University of Technology.
24. Choo, K.-K.R. (2006b). Refuting security proofs for tripartite key exchange with model checker in planning problem setting. In CSFW 2006. IEEE Computer Society Press. pp. 297-308.
25. Choo, K.-K.R. (2004). The provably-secure key establishment and mutual authentication protocols lounge. http://sky.fit.qut.edu.au/ choo/lounge.html.
26. Choo, K.-K.R., C. Boyd and Y. Hitchcock (2005a). On session key construction in provably secure protocols. In E. Dawson and S. Vaudenay (Eds.), MYCRYPT 2005, vol. 3715/2005 of LNCS. Springer-Verlag. pp. 116-131.
27. Choo, K.-K.R., C. Boyd and Y. Hitchcock (2005b). Errors in computational complexity proofs for protocols. In B. Roy (Ed.), ASIACRYPT 2005, vol. 3788/2005 of LNCS. Springer-Verlag. pp. 624-643.
28. Clarke, E.M., S. Jha and W. Marrero (2000). Verifying security protocols with brutus. ACM Transactions on Software Engineering and Methodology, 9(4), 443-487.
29. Diffie, W., P.C. van Oorschot and M.J.Wiener (1992). Authentication and authenticated key exchange. Journal of Designs, Codes and Cryptography, 2, 107-125.
30. Dolev, D., and A.C. Yao (1983). On the security of public key protocols. IEEE Transaction of Information Technology, 29(2), 198-208.
31. Fidge, C.J. (2001). A Survey of Verification Techniques for Security Protocols. Technical report 01-22, Software Verification Research Centre, The University of Queensland, Brisbane.
32. Gupta, P., and V. Shmatikov (2005). Towards computationally sound symbolic analysis of key exchange protocols. In V. Atluri et al. (Eds.), FMSE 2005, ACM Press. pp. 23-32. (Full version available from http://eprint.iacr.org/ 2005/171)
33. Koblitz, N., and A. Menezes (2004). Another Look at "Provable Security". Technical report CORR 2004-20, Centre for Applied Cryptographic Research, University of Waterloo, Canada. (Also available from http://eprint.iacr.org/2004/152/)
34. Krawczyk, H. (2003). SIGMA: The 'SIGn-and-MAc' approach to authenticated Diffie-Hellman and its use in the IKE-protocols. In D. Boneh (Ed.), CRYPTO 2003, vol. 2729/2003 of LNCS. Springer-Verlag. pp. 400-425.
35. Krawczyk, H. (2005). HMQV: a high-performance secure Diffie-Hellman protocol. In V. Shoup (Ed.), CRYPTO 2005, vol. 3621/2005 of LNCS. Springer-Verlag. pp. 546-566. (Extended version available from http://eprint.iacr.org/2005/176/)
36. Lee, S.M., J.Y. Hwang and D.H. Lee (2004). Efficient password-based group key exchange. In S. Katsikas, J. Lopez and G. Pernul (Eds.), Trust and Privacy in Digital Business - TrustBus 2004, vol. 3184/2004 of LNCS. Springer-Verlag. pp. 191-199.
37. Lowe, G. (1996). Some new attacks upon security protocols. In CSFW 1996. IEEE Computer Society Press. pp. 162-169.
38. Lynch, N.A. (1999). I/O automaton models and proofs for shared-key communication systems. In P. Syverson (Ed.), CSFW 1999. IEEE Computer Society Press. pp. 14-29.
39. Meadows, C. (2001). Open issues in formal methods for cryptographic protocol analysis. In DARPA Information Survivability Conference and Exposition, vol. 2052. IEEE Computer Society Press. pp. 237-250.
40. Meadows, C. (2003). Formal methods for cryptographic protocol analysis: emerging issues and trends. IEEE Journal on Selected Area in Communications, 21(1), 44-54.
41. Menezes, A.J., P.C. van Oorschot and S.A. Vanstone (1997). Handbook of Applied Cryptography. The CRC Press Series On Discrete Mathematics And Its Applications. CRC Press.
42. Nam, J., S. Kim and D.Won (2004). Attacks on Bresson-Chevassut-Essiari- Pointcheval's Group Key Agreement Scheme. Cryptology ePrint Archive, Report 2004/251. http://eprint.iacr.org/2004/251/.
43. Paulson, L.C. (1997). Proving properties of security protocols by induction. In CSFW 1997. IEEE Computer Society Press. pp. 70-83.
44. Pereira, O., and J.-J. Quisquater (2003). Some attacks upon authenticated group key agreement protocols. Journal of Computer Security, 11, 555-580.
45. Perrig, A., and D. Song (2000a). A first step towards the automatic generation of security protocols. In NDSS 2000. Internet Society Press. pp. 73-83.
46. Perrig, A., and D. Song (2000b). Looking for diamonds in the desert: extending automatic protocol generation to three-party authentication and key agreement protocols. In CSFW 2000. IEEE Computer Society Press.
47. Shoup, V. (2001). OAEP reconsidered. In J. Kilian (Ed.), CRYPTO 2001, vol. 2139/2001 of LNCS. Springer-Verlag. pp. 239-259.
48. Song, B., and K. Kim (2000). Two-pass authenticated key agreement protocol with key confirmation. In B.K. Roy and E. Okamoto (Eds.), INDOCRYPT 2000, vol. 1977/2000 of LNCS. Springer-Verlag. pp. 237-249.
49. Wan, Z., and S. Wang (2004). Cryptanalysis of two password-authenticated key exchange protocols. In H. Wang, J. Pieprzyk and V. Varadharajan (Eds.), ACISP 2004, vol. 3108/2004 of LNCS. Springer-Verlag.
50. Wong, D.S., and A.H. Chan (2001). Efficient and mutually authenticated key exchange for low power computing devices. In C. Boyd (Ed.), ASIACRYPT 2001, vol. 2248/2001 of LNCS. Springer-Verlag. pp. 172-289.