Sciweavers

SCN
2010
Springer

Authenticated Key Agreement with Key Re-use in the Short Authenticated Strings Model

13 years 10 months ago
Authenticated Key Agreement with Key Re-use in the Short Authenticated Strings Model
Serge Vaudenay [20] introduced a notion of Message Authentication (MA) protocols in the Short Authenticated String (SAS) model. A SAS-MA protocol authenticates arbitrarily long messages sent over insecure channels as long as the sender and the receiver can additionally send a very short, e.g. 20 bit, authenticated message to each other. The main practical application of a SAS-MA protocol is Authenticated Key Agreement (AKA) in this communication model, i.e. SAS-AKA, which can be used for so-called "pairing" of wireless devices. Subsequent work [9,12,10] showed three-round SAS-AKA protocols. However, the Diffie-Hellman (DH) based SAS-AKA protocol of [10] requires choosing fresh DH exponents in each protocol instance, while the generic SAS-AKA construction given by [12] applies only to AKA protocols which have no shared state between protocol sessions. Therefore, both prior works exclude the most efficient, although not perfect-forward-secret, AKA protocols that re-use private ...
Stanislaw Jarecki, Nitesh Saxena
Added 14 Feb 2011
Updated 14 Feb 2011
Type Journal
Year 2010
Where SCN
Authors Stanislaw Jarecki, Nitesh Saxena
Comments (0)