Security of two recent constant-round password authenticated group key exchange schemes

When humans interact with machines in their daily networks, it is important that security of the communications is offered, and where the involved shared secrets used to achieve this are easily remembered by humans. Password-based authenticated group key exchange (PAGKE) schemes allow group users to share a session key based on a human-memorizable password. In this paper, we consider two PAGKE schemes that build on the seminal scheme of Burmester and Desmedt. Weshow an undetectable online dictionary attack on the first scheme, and exploit the partnering definition to break the key indistinguishability of the second scheme

Secure Key Exchange Against Man-in-the-Middle Attack: Modified Diffie-Hellman Protocol

One of the most famous key exchange protocols is Diffie-Hellman Protocol (DHP) which is a widely used technique on which key exchange systems around the world depend. This protocol is simple and uncomplicated, and its robustness is based on the Discrete Logarithm Problem (DLP). Despite this, he is considered weak against the man-in-the-middle attack. This article presents a completely different version of the DHP protocol. The proposed version is based on two verification stages. In the first step, we check if the pseudo-random value α that Alice sends to Bob has been manipulated! In the second step, we make sure that the random value β that Bob sends to Alice is not manipulated. The man-in-the-middle attacker Eve can impersonate neither Alice nor Bob, manipulate their exchanged values, or discover the secret encryption key

Overview of Key Agreement Protocols

The emphasis of this paper is to focus on key agreement. To this aim, we address a self-contained, up-to-date presentation of key agreement protocols at high level. We have attempted to provide a brief but fairly complete survey of all these schemes

ProvablySecure Authenticated Group Diffie-Hellman Key Exchange

Abstract: Authenticated key exchange protocols allow two participants A and B, communicating over a public network and each holding an authentication means, to exchange a shared secret value. Methods designed to deal with this cryptographic problem ensure A (resp. B) that no other participants aside from B (resp. A) can learn any information about the agreed value, and often also ensure A and B that their respective partner has actually computed this value. A natural extension to this cryptographic method is to consider a pool of participants exchanging a shared secret value and to provide a formal treatment for it. Starting from the famous 2-party Diffie-Hellman (DH) key exchange protocol, and from its authenticated variants, security experts have extended it to the multi-party setting for over a decade and completed a formal analysis in the framework of modern cryptography in the past few years. The present paper synthesizes this body of work on the provably-secure authenticated group DH key exchange. The present paper revisits and combines the full versions of the following four papers

Security of Group Key Exchange Protocols with Different Passwords

Password-based authenticated group key exchange protocols allow group users to jointly share a session key based on a human-memorizable password. In this paper, we present an undetectable online dictionary attack on N-EKE-D, a recent provably secure protocol designed to explicitly resist this type of attack. Thus, our result contradicts the design goal. We also give a simple attack on the key indistinguishability of N-EKE-D and two N-EKE-M variants that exploits the definition of partnering in their security model

A three round authenticated group key agreement protocol for ad hoc networks

International audienceGroup Key Agreement (GKA) protocols enable the participants to derive a key based on each one's contribution over a public network without any central authority. They also provide efficient ways to change the key when the participants change. While some of the proposed GKA protocols are too resource consuming for the constraint devices often present in ad hoc networks, others lack a formal security analysis. In this paper, we propose a simple, efficient and secure GKA protocol well-suited to ad hoc networks and present results of our implementation of the same in a prototype application

KALwEN: a new practical and interoperable key management scheme for body sensor networks

Key management is the pillar of a security architecture. Body sensor networks (BSNs) pose several challenges–some inherited from wireless sensor networks (WSNs), some unique to themselves–that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new parameterized key management scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports secure global broadcast, local broadcast, and local (neighbor-to-neighbor) unicast, while preserving past key secrecy and future key secrecy (FKS). The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case. With both formal verification and experimental evaluation, our results should appeal to theorists and practitioners alike