Security model and analysis of fhmqv, Revisited

Shengli Liu; Kouichi Sakurai; Jian Weng; Fangguo Zhang; Yunlei Zhao; Yunlei Zhao

doi:10.1007/978-3-319-12087-4_16

Security model and analysis of fhmqv, Revisited

Shengli Liu, Kouichi Sakurai, Jian Weng, Fangguo Zhang, Yunlei Zhao, Yunlei Zhao

Mathematical Informatics

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

3 Citations (Scopus)

Abstract

HMQV is one of the most efficient (provably secure) authenticated key-exchange protocols based on public-key cryptography, and is widely standardized. In spite of its seemingly conceptual simplicity, the HMQV protocol was actually very delicately designed. The provable security of HMQV is conducted in the Canetti-Krawczyk framework (CK-framework, in short), which is quite complicated and lengthy with many subtleties actually buried there. However, lacking a full recognition of the precise yet subtle interplay between HMQV protocol structure and provable security can cause misunderstanding of the HMQV design, and can cause potential flawed design and analysis of HMQV protocol variants. In this work, we explicitly make clear the interplay between HMQV protocol structure and provable security, showing the delicate design of HMQV. We then re-examine the security model and analysis of a recently proposed HMQV protocol variant, specifically, the FHMQV protocol proposed by Sarr et al. in [25]. We clarify the relationship between the traditional CK-framework and the CK-FHMQV security model proposed for FHMQV, and show that CK-HMQV and CK-FHMQV are incomparable. Finally, we make a careful investigation of the CDH-based analysis of FHMQV in the CK-FHMQV model, which was considered to be one of the salient advantages of FHMQV. We identify that the CDH-based security analysis of FHMQV is actually flawed. The flaws identified in the security proof of FHMQV just stem from lacking a full realization of the precise yet subtle interplay, as clarified in this work, between HMQV protocol structure and provable security.

Original language	English
Title of host publication	Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers
Editors	Moti Yung, Dongdai Lin, Shouhuai Xu, Moti Yung
Publisher	Springer Verlag
Pages	255-269
Number of pages	15
ISBN (Electronic)	9783319120867
DOIs	https://doi.org/10.1007/978-3-319-12087-4_16
Publication status	Published - Jan 1 2014
Event	9th China International Conference on Information Security and Cryptology, Inscrypt 2013 - Guangzhou, China Duration: Nov 27 2013 → Nov 30 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8567
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	9th China International Conference on Information Security and Cryptology, Inscrypt 2013
Country	China
City	Guangzhou
Period	11/27/13 → 11/30/13

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-12087-4_16

Fingerprint Dive into the research topics of 'Security model and analysis of fhmqv, Revisited'. Together they form a unique fingerprint.

Cite this

Liu, S., Sakurai, K., Weng, J., Zhang, F., Zhao, Y., & Zhao, Y. (2014). Security model and analysis of fhmqv, Revisited. In M. Yung, D. Lin, S. Xu, & M. Yung (Eds.), Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers (pp. 255-269). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8567). Springer Verlag. https://doi.org/10.1007/978-3-319-12087-4_16

Security model and analysis of fhmqv, Revisited. / Liu, Shengli; Sakurai, Kouichi; Weng, Jian; Zhang, Fangguo; Zhao, Yunlei; Zhao, Yunlei.

Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers. ed. / Moti Yung; Dongdai Lin; Shouhuai Xu; Moti Yung. Springer Verlag, 2014. p. 255-269 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8567).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Liu, S, Sakurai, K, Weng, J, Zhang, F, Zhao, Y & Zhao, Y 2014, Security model and analysis of fhmqv, Revisited. in M Yung, D Lin, S Xu & M Yung (eds), Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8567, Springer Verlag, pp. 255-269, 9th China International Conference on Information Security and Cryptology, Inscrypt 2013, Guangzhou, China, 11/27/13. https://doi.org/10.1007/978-3-319-12087-4_16

Liu S, Sakurai K, Weng J, Zhang F, Zhao Y, Zhao Y. Security model and analysis of fhmqv, Revisited. In Yung M, Lin D, Xu S, Yung M, editors, Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers. Springer Verlag. 2014. p. 255-269. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-12087-4_16

Liu, Shengli ; Sakurai, Kouichi ; Weng, Jian ; Zhang, Fangguo ; Zhao, Yunlei ; Zhao, Yunlei. / Security model and analysis of fhmqv, Revisited. Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers. editor / Moti Yung ; Dongdai Lin ; Shouhuai Xu ; Moti Yung. Springer Verlag, 2014. pp. 255-269 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{4eeb68761bf941e09e4a3082ddd90fba,

title = "Security model and analysis of fhmqv, Revisited",

abstract = "HMQV is one of the most efficient (provably secure) authenticated key-exchange protocols based on public-key cryptography, and is widely standardized. In spite of its seemingly conceptual simplicity, the HMQV protocol was actually very delicately designed. The provable security of HMQV is conducted in the Canetti-Krawczyk framework (CK-framework, in short), which is quite complicated and lengthy with many subtleties actually buried there. However, lacking a full recognition of the precise yet subtle interplay between HMQV protocol structure and provable security can cause misunderstanding of the HMQV design, and can cause potential flawed design and analysis of HMQV protocol variants. In this work, we explicitly make clear the interplay between HMQV protocol structure and provable security, showing the delicate design of HMQV. We then re-examine the security model and analysis of a recently proposed HMQV protocol variant, specifically, the FHMQV protocol proposed by Sarr et al. in [25]. We clarify the relationship between the traditional CK-framework and the CK-FHMQV security model proposed for FHMQV, and show that CK-HMQV and CK-FHMQV are incomparable. Finally, we make a careful investigation of the CDH-based analysis of FHMQV in the CK-FHMQV model, which was considered to be one of the salient advantages of FHMQV. We identify that the CDH-based security analysis of FHMQV is actually flawed. The flaws identified in the security proof of FHMQV just stem from lacking a full realization of the precise yet subtle interplay, as clarified in this work, between HMQV protocol structure and provable security.",

author = "Shengli Liu and Kouichi Sakurai and Jian Weng and Fangguo Zhang and Yunlei Zhao and Yunlei Zhao",

year = "2014",

month = jan,

day = "1",

doi = "10.1007/978-3-319-12087-4_16",

language = "English",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "255--269",

editor = "Moti Yung and Dongdai Lin and Shouhuai Xu and Moti Yung",

booktitle = "Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers",

address = "Germany",

note = "9th China International Conference on Information Security and Cryptology, Inscrypt 2013 ; Conference date: 27-11-2013 Through 30-11-2013",

}

TY - GEN

T1 - Security model and analysis of fhmqv, Revisited

AU - Liu, Shengli

AU - Sakurai, Kouichi

AU - Weng, Jian

AU - Zhang, Fangguo

AU - Zhao, Yunlei

PY - 2014/1/1

Y1 - 2014/1/1

N2 - HMQV is one of the most efficient (provably secure) authenticated key-exchange protocols based on public-key cryptography, and is widely standardized. In spite of its seemingly conceptual simplicity, the HMQV protocol was actually very delicately designed. The provable security of HMQV is conducted in the Canetti-Krawczyk framework (CK-framework, in short), which is quite complicated and lengthy with many subtleties actually buried there. However, lacking a full recognition of the precise yet subtle interplay between HMQV protocol structure and provable security can cause misunderstanding of the HMQV design, and can cause potential flawed design and analysis of HMQV protocol variants. In this work, we explicitly make clear the interplay between HMQV protocol structure and provable security, showing the delicate design of HMQV. We then re-examine the security model and analysis of a recently proposed HMQV protocol variant, specifically, the FHMQV protocol proposed by Sarr et al. in [25]. We clarify the relationship between the traditional CK-framework and the CK-FHMQV security model proposed for FHMQV, and show that CK-HMQV and CK-FHMQV are incomparable. Finally, we make a careful investigation of the CDH-based analysis of FHMQV in the CK-FHMQV model, which was considered to be one of the salient advantages of FHMQV. We identify that the CDH-based security analysis of FHMQV is actually flawed. The flaws identified in the security proof of FHMQV just stem from lacking a full realization of the precise yet subtle interplay, as clarified in this work, between HMQV protocol structure and provable security.

AB - HMQV is one of the most efficient (provably secure) authenticated key-exchange protocols based on public-key cryptography, and is widely standardized. In spite of its seemingly conceptual simplicity, the HMQV protocol was actually very delicately designed. The provable security of HMQV is conducted in the Canetti-Krawczyk framework (CK-framework, in short), which is quite complicated and lengthy with many subtleties actually buried there. However, lacking a full recognition of the precise yet subtle interplay between HMQV protocol structure and provable security can cause misunderstanding of the HMQV design, and can cause potential flawed design and analysis of HMQV protocol variants. In this work, we explicitly make clear the interplay between HMQV protocol structure and provable security, showing the delicate design of HMQV. We then re-examine the security model and analysis of a recently proposed HMQV protocol variant, specifically, the FHMQV protocol proposed by Sarr et al. in [25]. We clarify the relationship between the traditional CK-framework and the CK-FHMQV security model proposed for FHMQV, and show that CK-HMQV and CK-FHMQV are incomparable. Finally, we make a careful investigation of the CDH-based analysis of FHMQV in the CK-FHMQV model, which was considered to be one of the salient advantages of FHMQV. We identify that the CDH-based security analysis of FHMQV is actually flawed. The flaws identified in the security proof of FHMQV just stem from lacking a full realization of the precise yet subtle interplay, as clarified in this work, between HMQV protocol structure and provable security.

UR - http://www.scopus.com/inward/record.url?scp=84909638553&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84909638553&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-12087-4_16

DO - 10.1007/978-3-319-12087-4_16

M3 - Conference contribution

AN - SCOPUS:84909638553

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 255

EP - 269

BT - Information Security and Cryptology - 9th International Conference, Inscrypt 2013, Revised Selected Papers

A2 - Yung, Moti

A2 - Lin, Dongdai

A2 - Xu, Shouhuai

A2 - Yung, Moti

PB - Springer Verlag

T2 - 9th China International Conference on Information Security and Cryptology, Inscrypt 2013

Y2 - 27 November 2013 through 30 November 2013

ER -