The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dans [31], Shin et al. a proposé un protocole d'échange de clés authentifié proactif et résistant aux fuites (LRP-AKE) pour les services d'identification qui fournit non seulement un niveau de sécurité plus élevé contre la fuite de secrets stockés, mais également le secret de la clé privée par rapport au serveur impliqué. Dans cet article, nous discutons d'un problème dans la preuve de sécurité du protocole LRP-AKE, puis proposons un protocole LRP-AKE modifié qui propose une mesure simple et efficace du problème. De plus, nous prouvons formellement sa sécurité AKE et son authentification mutuelle pour l'ensemble du protocole LRP-AKE modifié. De plus, nous décrivons plusieurs extensions du protocole (modifié) LRP-AKE, notamment 1) un problème de synchronisation entre les secrets stockés du client et du serveur ; 2) identification aléatoire pour garantir la confidentialité du client ; et 3) une solution pour prévenir les attaques par usurpation d’identité sur le serveur. Enfin, nous évaluons les performances du protocole LRP-AKE et montrons ses vecteurs de test. D'après l'évaluation des performances, nous pouvons confirmer que le protocole LRP-AKE a presque la même efficacité que le protocole (simple) Diffie-Hellman qui ne fournit pas du tout d'authentification.
SeongHan SHIN
National Institute of Advanced Industrial Science and Technology (AIST)
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copier
SeongHan SHIN, "Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE), Reconsidered" in IEICE TRANSACTIONS on Information,
vol. E104-D, no. 11, pp. 1880-1893, November 2021, doi: 10.1587/transinf.2021NGP0014.
Abstract: In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021NGP0014/_p
Copier
@ARTICLE{e104-d_11_1880,
author={SeongHan SHIN, },
journal={IEICE TRANSACTIONS on Information},
title={Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE), Reconsidered},
year={2021},
volume={E104-D},
number={11},
pages={1880-1893},
abstract={In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.},
keywords={},
doi={10.1587/transinf.2021NGP0014},
ISSN={1745-1361},
month={November},}
Copier
TY - JOUR
TI - Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE), Reconsidered
T2 - IEICE TRANSACTIONS on Information
SP - 1880
EP - 1893
AU - SeongHan SHIN
PY - 2021
DO - 10.1587/transinf.2021NGP0014
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E104-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2021
AB - In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.
ER -