Back to University of Twente portal
Extended KCI attack against two-party key establishment protocols
Tang, Qiang and Chen, Liqun (2011) Extended KCI attack against two-party key establishment protocols. Information Processing Letters, 111 (15). pp. 744-747. ISSN 0020-0190
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png) | PDF Restricted to UT campus only: Request a copy 116Kb |
| Abstract: | We introduce an extended Key Compromise Impersonation (KCI) attack against two-party key establishment protocols, where an adversary has access to both long-term and ephemeral secrets of a victim. Such an attack poses serious threats to both key authentication and key confirmation properties of a key agreement protocol, and it seems practical because the adversary could obtain the victims ephemeral secret in a number of methods; for example, by installing some Trojan horse into the victims computer platform or by exploiting the imperfectness of the pseudo-random number generator in the platform. We demonstrate that the 3-pass HMQV protocol, which is secure against the standard KCI attack, is vulnerable to this new attack. Furthermore, we show a countermeasure to prevent such an attack.
|
| Item Type: | Article |
| Copyright: | © 2011 Elsevier |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/77274 |
| Official URL: | http://dx.doi.org/10.1016/j.ipl.2011.05.009 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page