A Pairing-Free, One Round Identity
Based Authenticated Key Exchange Protocol Secure Against Memory-Scrapers Dept. of Computer Science and
Engineering Abstract Security of a key exchange protocol is formally
established through an abstract game between a challenger and an adversary.
In this game the adversary can get various information which are modeled by giving the adversary access to appropriate
oracle queries. Empowered with all these information, the adversary will try
to break the protocol. This is modeled by a test query which asks the
adversary to distinguish between a session key of a fresh session from a random session key; properly guessing which
correctly leads the adversary to win the game. In this traditional model of
security the adversary sees nothing apart from the input/ output relationship
of the algorithms. However, in recent past an adversary could obtain several additional information beyond what he gets to learn in
these black box models of computation, thanks to the availability of powerful
malwares. This data exfiltration due to the attacks of Memory
Scraper/Ram-Scraper-type malwares is an emerging threat. In order to
realistically capture these advanced classes of threats posed by such
malwares we propose a new security model for identity-based authenticated key
exchange (ID-AKE) which we call the Identity based Strong Extended Canetti Krawzyck (ID-seCK) model. Our
security model captures leakages of intermediate values by appropriate oracle
queries given to the adversary. Following this, we propose a round optimal
(i.e., single round) ID-AKE protocol for two-party settings. Our design
assumes a hybrid system equipped with a bare minimal Trusted Platform Module
(TPM) that can only perform group
exponentiations. One of the major advantages of our construction is that it
does not involve any pairing operations, works in prime order group and have
a tight security reduction to the Gap Diffie
Hellman (GDH) problem under our new ID-seCK model.
Our scheme also has the capability to handle active adversaries while most of
the previous ID-AKE protocols are secure only against passive adversaries.
The security of our protocol is proved in the Random Oracle (RO) model. Keywords: Authenticated Key Exchange,
Identity-based Authenticated Key Exchange (ID-AKE), Intermediate values, ID-seCK model, Ram Scraper +: Corresponding author: Suvradip Chakraborty Journal
of Wireless Mobile Networks, Ubiquitous Computing, and Dependable
Applications (JoWUA) |