Skip to Main content Skip to Navigation
Conference papers

The Fallout of Key Compromise in a Proxy-Mediated Key Agreement Protocol

Abstract : In this paper, we analyze how key compromise affects the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term encryption tokens as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the corresponding secret keys. In our work, we show how key compromise (or even compromise of encryption tokens) allows to break forward security and leads to key compromise impersonation attacks. Moreover, we demonstrate that these problems cannot be solved even if the affected user revokes his compromised secret key and updates it to a new one. The conclusion is that this protocol cannot be used in IoT environments, where key compromise is a realistic risk.
Document type :
Conference papers
Complete list of metadata

Cited literature [24 references]  Display  Hide  Download

https://hal.inria.fr/hal-01684370
Contributor : Hal Ifip <>
Submitted on : Monday, January 15, 2018 - 2:08:05 PM
Last modification on : Monday, May 25, 2020 - 5:34:03 PM
Long-term archiving on: : Sunday, May 6, 2018 - 2:01:14 PM

File

453481_1_En_25_Chapter.pdf
Files produced by the author(s)

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

David Nuñez, Isaac Agudo, Javier Lopez. The Fallout of Key Compromise in a Proxy-Mediated Key Agreement Protocol. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.453-472, ⟨10.1007/978-3-319-61176-1_25⟩. ⟨hal-01684370⟩

Share

Metrics

Record views

124

Files downloads

144