TY - JOUR
T1 - An Identity-Based Authenticated Key Exchange Protocol Resilient to Continuous Key Leakage
AU - Wu, Jui Di
AU - Tseng, Yuh Min
AU - Huang, Sen Shan
N1 - Funding Information:
This work was supported in part by the Ministry of Science and Technology (formerly National Science Council), Taiwan, under contract MOST106-2221-E-007-MY2.
Funding Information:
Manuscript received July 2, 2018; revised October 16, 2018 and January 1, 2019; accepted January 26, 2019. Date of publication February 18, 2019; date of current version November 22, 2019. This work was supported in part by the Ministry of Science and Technology (formerly National Science Council), Taiwan, under contract MOST106-2221-E-007-MY2. (Corresponding author: Yuh-Min Tseng.) The authors are with the Department of Mathematics, National Changhua University of Education, Changhua City, 500 Taiwan (e-mail:, oooready@ gmail.com; ymtseng@cc.ncue.edu.tw; sshuang@cc.ncue.edu.tw). Digital Object Identifier 10.1109/JSYST.2019.2896132
PY - 2019/12
Y1 - 2019/12
N2 - Identity-based authenticated key exchange (ID-AKE) protocol is an important cryptographic primitive, which is used to establish a session key between two communication participants while authenticating each other. Indeed, most of the existing ID-AKE protocols do not concern with side-channel attacks in the sense that adversaries could obtain partial information of ephemeral/permanent secret keys of users. Recently, several leakage-resilient ID-AKE (LR-ID-AKE) protocols have been proposed to address such attacks. However, these LR-ID-AKE protocols have a restriction that the total leakage information during the life time of the LR-ID-AKE protocol must be bounded to some ratio of ephemeral/permanent secret keys. In this paper, the authors define a new adversary model, termed as identity-based continuous-leakage extended Canetti-Krawczyk (ID-CL-eCK) model. Using the key refreshing procedure (i.e., the multiplicative blinding technique) of permanent secret keys, the first LR-ID-AKE protocol resilient to continuous key leakage is proposed, and it possesses overall unbounded leakage property. Comparisons are given to demonstrate that the proposed protocol is better than the previously proposed ID-AKE protocols in terms of security models and leakage properties. Under the generic bilinear group model, security analysis is made to show that the proposed LR-ID-AKE protocol is secure against adversaries in the new ID-CL-eCK model.
AB - Identity-based authenticated key exchange (ID-AKE) protocol is an important cryptographic primitive, which is used to establish a session key between two communication participants while authenticating each other. Indeed, most of the existing ID-AKE protocols do not concern with side-channel attacks in the sense that adversaries could obtain partial information of ephemeral/permanent secret keys of users. Recently, several leakage-resilient ID-AKE (LR-ID-AKE) protocols have been proposed to address such attacks. However, these LR-ID-AKE protocols have a restriction that the total leakage information during the life time of the LR-ID-AKE protocol must be bounded to some ratio of ephemeral/permanent secret keys. In this paper, the authors define a new adversary model, termed as identity-based continuous-leakage extended Canetti-Krawczyk (ID-CL-eCK) model. Using the key refreshing procedure (i.e., the multiplicative blinding technique) of permanent secret keys, the first LR-ID-AKE protocol resilient to continuous key leakage is proposed, and it possesses overall unbounded leakage property. Comparisons are given to demonstrate that the proposed protocol is better than the previously proposed ID-AKE protocols in terms of security models and leakage properties. Under the generic bilinear group model, security analysis is made to show that the proposed LR-ID-AKE protocol is secure against adversaries in the new ID-CL-eCK model.
UR - http://www.scopus.com/inward/record.url?scp=85074811358&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85074811358&partnerID=8YFLogxK
U2 - 10.1109/JSYST.2019.2896132
DO - 10.1109/JSYST.2019.2896132
M3 - Article
AN - SCOPUS:85074811358
VL - 13
SP - 3968
EP - 3979
JO - IEEE Systems Journal
JF - IEEE Systems Journal
SN - 1932-8184
IS - 4
M1 - 8643744
ER -