[Resource Topic] 2016/1081: Attacks to a proxy-mediated key agreement protocol based on symmetric encryption

Welcome to the resource topic for 2016/1081

Title:
Attacks to a proxy-mediated key agreement protocol based on symmetric encryption

Authors: David Nuñez, Isaac Agudo, Javier Lopez

Abstract:

In this paper, we describe several attacks to the protocol by Nguyen et al. presented at ESORICS 2016, an authenticated key agreement protocol mediated by a proxy entity, restricted to only symmetric encryption primitives and intended for IoT environments. This protocol uses long-term weak secrets as intermediate values during encryption and decryption procedures, which implies that these can be used to encrypt and decrypt messages without knowing the corresponding secret keys. In our work, we show how access to weak secrets can break forward security and lead to key compromise impersonation attacks. Moreover, we demonstrate that this problem cannot be solved even if the affected user revokes his previous secret key and updates it to a new one. In addition, we explain how the choice of a keyed hash as part of the protocol makes it potentially vulnerable to length-extension attacks, depending on the choice of hash function. We illustrate this latter problem experimentally. Finally, we show how a combination of these exploits can be used to set up elaborate attack scenarios.

ePrint: https://eprint.iacr.org/2016/1081

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .