Extended KCI attack against two-party key establishment protocols

Qiang Tang, Liqun Chen

    Research output: Contribution to journalArticleAcademicpeer-review

    11 Citations (Scopus)

    Abstract

    We introduce an extended Key Compromise Impersonation (KCI) attack against two-party key establishment protocols, where an adversary has access to both long-term and ephemeral secrets of a victim. Such an attack poses serious threats to both key authentication and key confirmation properties of a key agreement protocol, and it seems practical because the adversary could obtain the victims ephemeral secret in a number of methods; for example, by installing some Trojan horse into the victims computer platform or by exploiting the imperfectness of the pseudo-random number generator in the platform. We demonstrate that the 3-pass HMQV protocol, which is secure against the standard KCI attack, is vulnerable to this new attack. Furthermore, we show a countermeasure to prevent such an attack.
    Original languageUndefined
    Pages (from-to)744-747
    Number of pages4
    JournalInformation processing letters
    Volume111
    Issue number15
    DOIs
    Publication statusPublished - 15 Aug 2011

    Keywords

    • Key establishment
    • EWI-20181
    • SCS-Cybersecurity
    • METIS-277645
    • IR-77274
    • Extended KCI attack
    • Cryptography
    • KCI attack

    Cite this