Key Replicating Attack on Certificateless Authenticated Key Agreement Protocol

Authenticated key agreement protocol is crucial in providing data confidentiality and integrity to subsequent communications among two or more parties over a public network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC)...

Full description

Saved in:
Bibliographic Details
Main Authors: Mengbo Hou, Qiuliang Xu
Format: Conference Proceeding
Language:English
Subjects:
Authentication
certificateless-based cryptography
Computer science
Cryptographic protocols
Data privacy
identity-based cryptography
Identity-based encryption
implicit key authentication
Information processing
Information security
key agreement protocol
key replicating attack
Public key
Public key cryptography
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Authenticated key agreement protocol is crucial in providing data confidentiality and integrity to subsequent communications among two or more parties over a public network. Certificateless public key cryptography (CL-PKC) combines the advantage of the identity-based public key cryptography (ID-PKC) and the traditional PKI. In 2007, Y.J Shi and J.H Li proposed a two-party authenticated key agreement protocol based on the certificateless encryption scheme proposed by B. Libert and J.J. Quisquater. It is found that the scheme is vulnerable to the key replicating attack (one form of the man-in-the-middle attack), so it doesnpsilat possess the security attribute of implicit key authentication and key control. We analyze such an attack of this protocol in the BR93 model in detail, and demonstrate that the protocol is not secure if the adversary is allowed to send a reveal query to reveal non-partner players who had accepted the same session key.
DOI:10.1109/APCIP.2009.277