Anonymity and one-way authentication in key exchange protocols |
| |
Authors: | Ian Goldberg Douglas Stebila Berkant Ustaoglu |
| |
Affiliation: | 1. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada 2. Information Security Institute, Queensland University of Technology, Brisbane, QLD, Australia 3. Faculty of Engineering and Natural Sciences, Sabanci University, Istanbul, Turkey
|
| |
Abstract: | Key establishment is a crucial cryptographic primitive for building secure communication channels between two parties in a network. It has been studied extensively in theory and widely deployed in practice. In the research literature a typical protocol in the public-key setting aims for key secrecy and mutual authentication. However, there are many important practical scenarios where mutual authentication is undesirable, such as in anonymity networks like Tor, or is difficult to achieve due to insufficient public-key infrastructure at the user level, as is the case on the Internet today. In this work we are concerned with the scenario where two parties establish a private shared session key, but only one party authenticates to the other; in fact, the unauthenticated party may wish to have strong anonymity guarantees. We present a desirable set of security, authentication, and anonymity goals for this setting and develop a model which captures these properties. Our approach allows for clients to choose among different levels of authentication. We also describe an attack on a previous protocol of Øverlier and Syverson, and present a new, efficient key exchange protocol that provides one-way authentication and anonymity. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|