TY - GEN
T1 - Secure key exchange and sessions without credentials
AU - Canetti, Ran
AU - Kolesnikov, Vladimir
AU - Rackoff, Charles
AU - Vahlis, Yevgeniy
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2014.
PY - 2014
Y1 - 2014
N2 - Secure communication is a fundamental cryptographic primitive. Typically, security is achieved by relying on an existing credential infrastructure, such as a PKI or passwords, for identifying the end points to each other. But what can be obtained when no such credential infrastructure is available? Clearly, when there is no pre-existing credential infrastructure, an adversary can mount successful “man in the middle” (MIM) attacks by modifying the communication between the legitimate endpoints. Still, we show that not all is lost, as long as the adversary’s control over the communication is not complete: We present relatively efficient key exchange and secure session protocols that guarantee that any MIM adversary is immediately detected as soon as he fails to intercept even a single message between the legitimate endpoints. To obtain this guarantee we strengthen the notion of key exchange to require that the keys exchanged in any two sessions are independent of each other as long as each session has at least one honest endpoint, even if both sessions has an adversarial endpoint. We call this notion credential-free key exchange. We then strengthen the existing notion of secure session protocols to provide the above guarantee given a CFKE (existing definitions and constructions are insufficient for this purpose). We provide two alternative definitions and constructions of CFKE, a game-based one with a (very efficient) construction in the RO model, and a UC one with a construction in the CRS model.
AB - Secure communication is a fundamental cryptographic primitive. Typically, security is achieved by relying on an existing credential infrastructure, such as a PKI or passwords, for identifying the end points to each other. But what can be obtained when no such credential infrastructure is available? Clearly, when there is no pre-existing credential infrastructure, an adversary can mount successful “man in the middle” (MIM) attacks by modifying the communication between the legitimate endpoints. Still, we show that not all is lost, as long as the adversary’s control over the communication is not complete: We present relatively efficient key exchange and secure session protocols that guarantee that any MIM adversary is immediately detected as soon as he fails to intercept even a single message between the legitimate endpoints. To obtain this guarantee we strengthen the notion of key exchange to require that the keys exchanged in any two sessions are independent of each other as long as each session has at least one honest endpoint, even if both sessions has an adversarial endpoint. We call this notion credential-free key exchange. We then strengthen the existing notion of secure session protocols to provide the above guarantee given a CFKE (existing definitions and constructions are insufficient for this purpose). We provide two alternative definitions and constructions of CFKE, a game-based one with a (very efficient) construction in the RO model, and a UC one with a construction in the CRS model.
UR - http://www.scopus.com/inward/record.url?scp=84927652257&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-10879-7_3
DO - 10.1007/978-3-319-10879-7_3
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84927652257
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 40
EP - 56
BT - Security and Cryptography for Networks - 9th International Conference, SCN 2014, Proceedings
A2 - Abdalla, Michel
A2 - de Prisco, Roberto
PB - Springer Verlag
T2 - 9th International Conference on Security and Cryptography for Networks, SCN 2014
Y2 - 3 September 2014 through 5 September 2014
ER -