Modelling simultaneous mutual authentication for authenticated key exchange

Abstract

Most recent security models for authenticated key exchange (AKE) do not explicitly model the entity authentication, which enables a party to identify its communication peer in specific session. However, it is quite necessary in many real-world applications and is a general way to enhance the security of AKE protocols. Despite much work on AKE, we notice that there is no good definition of entity authentication security involving simultaneous protocol execution that would improve the bandwidth efficiency in practice. Based on eCK model, we define a security model called eCK-A that deals with simultaneous mutual authentication. Besides the eCK-A model particularly formulates the security properties regarding resilience to the leakage of various combinations of long-term key and ephemeral session state, and provision of perfect forward secrecy in a single model. We present a generic protocol compiler to achieve the eCK-A security based on any eCK secure protocols. © 2014 Springer International Publishing Switzerland.