The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
보안 채널은 관련 당사자 간에 인증된 세션 키를 생성하는 AKE(인증된 키 교환) 프로토콜을 통해 실현될 수 있습니다. In Shin 등은 높은 효율성과 저장된 비밀 유출에 대한 보안을 최대한 제공하는 것을 목표로 하는 새로운 종류의 AKE(RSA-AKE) 프로토콜을 제안했습니다. 적이 통신과 저장된 비밀을 완전히 제어하는 보다 강력한 공격을 고려해 보겠습니다(후자는 "대체" 공격으로 표시됨). 이 백서에서는 먼저 RSA-AKE 프로토콜이 그러한 공격자로부터 더 이상 안전하지 않다는 것을 보여줍니다. 본 논문의 주요 기여는 다음과 같다. (1) 능동 공격과 대체 공격에 안전한 RSA 기반 누출 복원력 AKE(RSA-AKE2) 프로토콜을 제안한다. (2) 정수론 결과를 바탕으로 RSA-AKE2 프로토콜이 대체 공격에 대해 안전하다는 것을 증명합니다. (3) 능동 공격과 대체 공격을 포괄하는 확장 모델에서 RSA 단방향으로의 감소를 보여줌으로써 무작위 오라클 모델에서 보안이 입증되었음을 보여줍니다. (4) 효율성 측면에서 RSA-AKE2 프로토콜은 클라이언트가 사전 계산을 통해 단 하나의 모듈러 곱셈만 계산하면 된다는 점에서 유사합니다. (5) 또한 여러 보안 속성(즉, 저장된 비밀의 동기화, 클라이언트의 개인 정보 보호 및 서버 손상-가장 공격에 대한 솔루션)에 대한 RSA-AKE2 프로토콜의 확장에 대해서도 논의합니다.
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
SeongHan SHIN, Kazukuni KOBARA, Hideki IMAI, "An RSA-Based Leakage-Resilient Authenticated Key Exchange Protocol Secure against Replacement Attacks, and Its Extensions" in IEICE TRANSACTIONS on Fundamentals,
vol. E93-A, no. 6, pp. 1086-1101, June 2010, doi: 10.1587/transfun.E93.A.1086.
Abstract: Secure channels can be realized by an authenticated key exchange (AKE) protocol that generates authenticated session keys between the involving parties. In, Shin et al., proposed a new kind of AKE (RSA-AKE) protocol whose goal is to provide high efficiency and security against leakage of stored secrets as much as possible. Let us consider more powerful attacks where an adversary completely controls the communications and the stored secrets (the latter is denoted by "replacement" attacks). In this paper, we first show that the RSA-AKE protocol is no longer secure against such an adversary. The main contributions of this paper are as follows: (1) we propose an RSA-based leakage-resilient AKE (RSA-AKE2) protocol that is secure against active attacks as well as replacement attacks; (2) we prove that the RSA-AKE2 protocol is secure against replacement attacks based on the number theory results; (3) we show that it is provably secure in the random oracle model, by showing the reduction to the RSA one-wayness, under an extended model that covers active attacks and replacement attacks; (4) in terms of efficiency, the RSA-AKE2 protocol is comparable to in the sense that the client needs to compute only one modular multiplication with pre-computation; and (5) we also discuss about extensions of the RSA-AKE2 protocol for several security properties (i.e., synchronization of stored secrets, privacy of client and solution to server compromise-impersonation attacks).
URL: https://global.ieice.org/en_transactions/fundamentals/10.1587/transfun.E93.A.1086/_p
부
@ARTICLE{e93-a_6_1086,
author={SeongHan SHIN, Kazukuni KOBARA, Hideki IMAI, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={An RSA-Based Leakage-Resilient Authenticated Key Exchange Protocol Secure against Replacement Attacks, and Its Extensions},
year={2010},
volume={E93-A},
number={6},
pages={1086-1101},
abstract={Secure channels can be realized by an authenticated key exchange (AKE) protocol that generates authenticated session keys between the involving parties. In, Shin et al., proposed a new kind of AKE (RSA-AKE) protocol whose goal is to provide high efficiency and security against leakage of stored secrets as much as possible. Let us consider more powerful attacks where an adversary completely controls the communications and the stored secrets (the latter is denoted by "replacement" attacks). In this paper, we first show that the RSA-AKE protocol is no longer secure against such an adversary. The main contributions of this paper are as follows: (1) we propose an RSA-based leakage-resilient AKE (RSA-AKE2) protocol that is secure against active attacks as well as replacement attacks; (2) we prove that the RSA-AKE2 protocol is secure against replacement attacks based on the number theory results; (3) we show that it is provably secure in the random oracle model, by showing the reduction to the RSA one-wayness, under an extended model that covers active attacks and replacement attacks; (4) in terms of efficiency, the RSA-AKE2 protocol is comparable to in the sense that the client needs to compute only one modular multiplication with pre-computation; and (5) we also discuss about extensions of the RSA-AKE2 protocol for several security properties (i.e., synchronization of stored secrets, privacy of client and solution to server compromise-impersonation attacks).},
keywords={},
doi={10.1587/transfun.E93.A.1086},
ISSN={1745-1337},
month={June},}
부
TY - JOUR
TI - An RSA-Based Leakage-Resilient Authenticated Key Exchange Protocol Secure against Replacement Attacks, and Its Extensions
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 1086
EP - 1101
AU - SeongHan SHIN
AU - Kazukuni KOBARA
AU - Hideki IMAI
PY - 2010
DO - 10.1587/transfun.E93.A.1086
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E93-A
IS - 6
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - June 2010
AB - Secure channels can be realized by an authenticated key exchange (AKE) protocol that generates authenticated session keys between the involving parties. In, Shin et al., proposed a new kind of AKE (RSA-AKE) protocol whose goal is to provide high efficiency and security against leakage of stored secrets as much as possible. Let us consider more powerful attacks where an adversary completely controls the communications and the stored secrets (the latter is denoted by "replacement" attacks). In this paper, we first show that the RSA-AKE protocol is no longer secure against such an adversary. The main contributions of this paper are as follows: (1) we propose an RSA-based leakage-resilient AKE (RSA-AKE2) protocol that is secure against active attacks as well as replacement attacks; (2) we prove that the RSA-AKE2 protocol is secure against replacement attacks based on the number theory results; (3) we show that it is provably secure in the random oracle model, by showing the reduction to the RSA one-wayness, under an extended model that covers active attacks and replacement attacks; (4) in terms of efficiency, the RSA-AKE2 protocol is comparable to in the sense that the client needs to compute only one modular multiplication with pre-computation; and (5) we also discuss about extensions of the RSA-AKE2 protocol for several security properties (i.e., synchronization of stored secrets, privacy of client and solution to server compromise-impersonation attacks).
ER -