The Canetti-Krawczyk (CK) model remains widely used for the analysis of key agreement protocols. We recall the CK model, and its variant used for the analysis of the HMQV protocol, the CK model; we recall also some of the limitations of these models. Next, we show that the (s)YZ protocols do not achieve their claimed CK security. Furthermore, we show that they do not achieve their claimed computational fairness. Our attack suggests that no two-pass key establishment protocol can achieve this attribute. We show also that the Deniable Internet Key Exchange fails in authentication; this illustrates the inability of capturing some impersonation attacks in the CK model. Besides, we propose a secure, efficient, and deniable protocol, geared to the post peer specified model. © 2012 Springer-Verlag.
CITATION STYLE
Sarr, A. P., & Elbaz-Vincent, P. (2012). A complementary analysis of the (s)YZ and DIKE protocols. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7374 LNCS, pp. 203–220). https://doi.org/10.1007/978-3-642-31410-0_13
Mendeley helps you to discover research relevant for your work.