The fallout of key compromise in a proxy-mediated key agreement protocol

TitleThe fallout of key compromise in a proxy-mediated key agreement protocol
Publication TypeConference Paper
Year of Publication2017
AuthorsD. Nuñez, I. Agudo, and J. Lopez
Conference Name31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy (DBSec'17)
VolumeLNCS 10359
Pagination453-472
Date Published07/2017
PublisherSpringer
Conference LocationPhiladelphia, USA
ISBN Number978-3-319-61176-1
Abstract

In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the cor- responding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward secu- rity and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk. 

DOI10.1007/978-3-319-61176-1_25
Citation Keynunez2017fallout
Paper File: 
https://nics.uma.es:8082/sites/default/files/papers/nunez2017fallout.pdf

Supported by FISICCO PERSIST