The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Dalam [31], Shin et al. mencadangkan protokol Pertukaran Kunci Berdaya Tahan Bocor dan Proaktif (LRP-AKE) untuk perkhidmatan kelayakan yang menyediakan bukan sahaja tahap keselamatan yang lebih tinggi terhadap kebocoran rahsia yang disimpan tetapi juga kerahsiaan kunci persendirian berkenaan dengan pelayan yang terlibat. Dalam kertas ini, kami membincangkan masalah dalam bukti keselamatan protokol LRP-AKE, dan kemudian mencadangkan protokol LRP-AKE yang diubah suai yang mempunyai langkah mudah dan berkesan untuk masalah tersebut. Selain itu, kami secara rasmi membuktikan keselamatan AKE dan pengesahan bersama untuk keseluruhan protokol LRP-AKE yang diubah suai. Selain itu, kami menerangkan beberapa sambungan protokol LRP-AKE (diubah suai) termasuk 1) isu penyegerakan antara rahsia tersimpan klien dan pelayan; 2) ID rawak untuk penyediaan privasi pelanggan; dan 3) penyelesaian untuk mencegah serangan kompromi-penyamaran pelayan. Akhir sekali, kami menilai overhed prestasi protokol LRP-AKE dan menunjukkan vektor ujiannya. Daripada penilaian prestasi, kami boleh mengesahkan bahawa protokol LRP-AKE mempunyai kecekapan yang hampir sama dengan protokol Diffie-Hellman (biasa) yang tidak memberikan pengesahan sama sekali.
SeongHan SHIN
National Institute of Advanced Industrial Science and Technology (AIST)
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Salinan
SeongHan SHIN, "Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE), Reconsidered" in IEICE TRANSACTIONS on Information,
vol. E104-D, no. 11, pp. 1880-1893, November 2021, doi: 10.1587/transinf.2021NGP0014.
Abstract: In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021NGP0014/_p
Salinan
@ARTICLE{e104-d_11_1880,
author={SeongHan SHIN, },
journal={IEICE TRANSACTIONS on Information},
title={Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE), Reconsidered},
year={2021},
volume={E104-D},
number={11},
pages={1880-1893},
abstract={In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.},
keywords={},
doi={10.1587/transinf.2021NGP0014},
ISSN={1745-1361},
month={November},}
Salinan
TY - JOUR
TI - Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE), Reconsidered
T2 - IEICE TRANSACTIONS on Information
SP - 1880
EP - 1893
AU - SeongHan SHIN
PY - 2021
DO - 10.1587/transinf.2021NGP0014
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E104-D
IS - 11
JA - IEICE TRANSACTIONS on Information
Y1 - November 2021
AB - In [31], Shin et al. proposed a Leakage-Resilient and Proactive Authenticated Key Exchange (LRP-AKE) protocol for credential services which provides not only a higher level of security against leakage of stored secrets but also secrecy of private key with respect to the involving server. In this paper, we discuss a problem in the security proof of the LRP-AKE protocol, and then propose a modified LRP-AKE protocol that has a simple and effective measure to the problem. Also, we formally prove its AKE security and mutual authentication for the entire modified LRP-AKE protocol. In addition, we describe several extensions of the (modified) LRP-AKE protocol including 1) synchronization issue between the client and server's stored secrets; 2) randomized ID for the provision of client's privacy; and 3) a solution to preventing server compromise-impersonation attacks. Finally, we evaluate the performance overhead of the LRP-AKE protocol and show its test vectors. From the performance evaluation, we can confirm that the LRP-AKE protocol has almost the same efficiency as the (plain) Diffie-Hellman protocol that does not provide authentication at all.
ER -