On post-compromise security

Proceedings - IEEE Computer Security Foundations Symposium

Volumn 2016-August, Issue , 2016, Pages 164-178

  Cohn Gordon, Katriel ^a   Cremers, Cas ^a   Garratt, Luke ^a  

^a UNIVERSITY OF OXFORD   (United Kingdom)

Author keywords

Future Secrecy; Key Exchange; Post Compromise Security; Ratcheting; Security Protocols; Threat Models

Indexed keywords

SECURITY SYSTEMS;

FUTURE SECRECY; KEY EXCHANGE; POST-COMPROMISE SECURITY; RATCHETING; SECURITY PROTOCOLS; THREAT MODELS;

NETWORK SECURITY;

EID: 84985947072     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2016.19     Document Type: Conference Paper

References (32)

1. David Basin and Cas Cremers. "Know Your Enemy: Compromising Adversaries in Protocol Analysis". In: ACM Trans. Inf. Syst. Secur. 17.2 (Nov. 2014), 7:1-7:31. ISSN: 1094-9224. DOI: 10.1145/2658996. (Visited on 04/11/2016).
2. David Basin, Cas Cremers, and Marko Horvat. "Actor Key Compromise: Consequences and Countermeasures". In: Computer Security Foundations Symposium (CSF). July 2014, pp. 244-258. DOI: 10.1109/CSF.2014.25.
3. Mihir Bellare, Tadayoshi Kohno, and Victor Shoup. "Stateful Public-key Cryptosystems: How to Encrypt with One 160-bit Exponentiation". In: Proceedings of the 13th ACM Conference on Computer and Communications Security. CCS '06. New York, NY, USA: ACM, 2006, pp. 380-389. DOI: 10.1145/1180405.1180452. (Visited on 11/10/2015).
4. Mihir Bellare and Phillip Rogaway. "Entity Authentication and Key Distribution". In: Advances in Cryptology -CRYPTO '93. LNCS 773. Springer Berlin Heidelberg, Jan. 1, 1994, pp. 232-249. DOI: 10 . 1007 / 3 -540 -48329 -2 21. (Visited on 05/21/2014).
5. Simon Blake-Wilson, Don Johnson, and Alfred Menezes. "Key Agreement Protocols and Their Security Analysis". In: Proceedings of the 6th IMA International Conference on Cryptography and Coding. London, UK: Springer-Verlag, 1997, pp. 30-45.
6. Nikita Borisov, Ian Goldberg, and Eric Brewer. "Off-therecord Communication, or, Why Not to Use PGP". In: Proceedings of the 2004 ACM Workshop on Privacy in the Electronic Society. WPES '04. New York, NY, USA: ACM, 2004, pp. 77-84. DOI: 10.1145/1029179.1029200. (Visited on 06/22/2015).
7. K.D. Bowers et al. "Drifting Keys: Impersonation detection for constrained devices". In: 2013 Proceedings IEEE INFOCOM. 2013 Proceedings IEEE INFOCOM. Apr. 2013, pp. 1025-1033. DOI: 10.1109/INFCOM.2013.6566892.
8. Christina Brzuska et al. "Composability of Bellare-rogaway Key Exchange Protocols". In: CCS. ACM, 2011, pp. 51-62. DOI: 10.1145/2046707.2046716. (Visited on 07/27/2015).
9. Christina Brzuska et al. Less is More: Relaxed yet Composable Security Notions for Key Exchange. 242. 2012. URL: http://eprint.iacr.org/2012/242 (visited on 08/18/2015).
10. Jon Callas, Alan Johnston, and Philip Zimmermann. ZRTP: Media Path Key Agreement for Unicast Secure RTP. Apr. 2011. URL: https://tools.ietf.org/html/rfc6189#page-107 (visited on 02/10/2016).
11. Ran Canetti, Oded Goldreich, and Shai Halevi. The Random Oracle Methodology, Revisited. 011. 1998. URL: http://eprint. iacr.org/1998/011 (visited on 04/08/2014).
12. Ran Canetti and Hugo Krawczyk. "Analysis of key-exchange protocols and their use for building secure channels". In: EUROCRYPT. Vol. 2045. LNCS. Springer-Verlag, 2001, pp. 453-474.
13. Katriel Cohn-Gordon, Cas Cremers, and Luke Garratt. On Post-Compromise Security. Cryptology ePrint Archive, Report 2016/221, 2016. URL: http://eprint.iacr.org/2016/221.
14. Cas Cremers. Formally and Practically Relating the CK, CK-HMQV, and eCK Security Models for Authenticated Key Exchange. 253. 2009. URL: http://eprint.iacr.org/2009/253 (visited on 07/27/2015).
15. Cas Cremers and Michele Feltz. On the Limits of Authenticated Key Exchange Security with an Application to Bad Randomness. Cryptology ePrint Archive, Report 2014/369, 2014. URL: https://eprint.iacr.org/2014/369.
16. Cas Cremers and Michèle Feltz. "Beyond eCK: perfect forward secrecy under actor compromise and ephemeralkey reveal". English. In: Designs, Codes and Cryptography (2013), pp. 1-36. DOI: 10.1007/s10623-013-9852-1.
17. Daniel Kahn Gillmor [TLS] OPTLS: Signature-less TLS 1.3. Nov. 2, 2014. URL: https://www.ietf.org/mail-archive/web/ tls/current/msg14423.html (visited on 02/11/2016).
18. Mario Di Raimondo, Rosario Gennaro, and Hugo Krawczyk. "Secure Off-the-record Messaging". In: Proceedings of the 2005 ACM Workshop on Privacy in the Electronic Society. WPES '05. New York, NY, USA: ACM, 2005, pp. 81-89. DOI: 10.1145/1102199.1102216. (Visited on 01/30/2014).
19. Tilman Frosch et al. How Secure is TextSecure' 904. 2014. URL: http://eprint.iacr.org/2014/904 (visited on 11/07/2014).
20. Peter Gutmann. Key Management through Key Continuity (KCM). 2008. URL: https://tools.ietf.org/html/draft-gutmannkeycont-01 (visited on 02/10/2016).
21. Gene Itkis. "Forward Security: Adaptive Cryptography -Time Evolution". In: Handbook of Information Security. Vol. 3. John Wiley and Sons, 2006.
22. Tibor Jager, Jörg Schwenk, and Juraj Somorovsky. "On the Security of TLS 1.3 and QUIC Against Weaknesses in PKCS#1 V1.5 Encryption". In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security. CCS '15. ACM, 2015, pp. 1185-1196. DOI: 10. 1145/2810103.2813657. (Visited on 10/19/2015).
23. Mike Just and Serge Vaudenay. "Authenticated Multi-Party Key Agreement". In: Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology. ASIACRYPT '96. Springer-Verlag, 1996, pp. 36-49. URL: http://dl.acm. org/citation.cfm'id=647093.716554 (visited on 02/09/2016).
24. Florian Kohlar, Sven Schäge, and Jörg Schwenk. On the Security of TLS-DH and TLS-RSA in the Standard Model. 367. 2013. URL: https://eprint.iacr.org/2013/367 (visited on 07/27/2015).
25. Hugo Krawczyk. [TLS] OPTLS: Signature-less TLS 1.3. Nov. 12, 2014. URL: https://www.ietf.org/mail-archive/web/ tls/current/msg14592.html (visited on 02/11/2016).
26. Hugo Krawczyk and Hoeteck Wee. The OPTLS Protocol and TLS 1.3. 978. 2015. URL: https://eprint.iacr.org/2015/978 (visited on 02/01/2016).
27. B.A. LaMacchia, K. Lauter, and A. Mityagin. "Stronger Security of Authenticated Key Exchange". In: ProvSec. Vol. 4784. LNCS. Springer, 2007, pp. 1-16. DOI: 10.1007/ 978-3-540-75670-5 1.
28. Adam Langley. Pond. 2014. URL: https://pond.imperialviolet. org/ (visited on 06/22/2015).
29. Moxie Marlinspike. Advanced cryptographic ratcheting. Nov. 26, 2013. URL: https : / / whispersystems . org / blog / advanced-ratcheting/ (visited on 02/09/2016).
30. Vinnie Moscaritolo, Gary Belvin, and Phil Zimmermann. Silent Circle Instant Messaging Protocol Specification. Dec. 2012. URL: https://silentcircle.com/scimp-protocol (visited on 07/15/2015).
31. Trevor Perrin. trevp/axolotl. GitHub. 2014. URL: https:// github.com/trevp/axolotl (visited on 06/22/2015).
32. Tatu Ylonen and Chris Lonvick. The Secure Shell (SSH) Transport Layer Protocol. 2006. URL: https://tools.ietf.org/ html/rfc4253 (visited on 02/10/2016).