Implementing a secure key exchange protocol for openSSL

Alawatugoda, Janaka and Vivekaanathan, Seralathan and Peiris, Nishen and Wickramasinghe, Chamitha and Chuah, Chai Wen (2018) Implementing a secure key exchange protocol for openSSL. International Journal on Advanced Science, Engineering and Information Technology, 8 (5). pp. 2205-2210. ISSN 2088-5334

Text
AJ 2018 (633).pdf
Restricted to Registered users only
Download (1MB) | Request a copy

Official URL: http://dx.doi.org/10.18517/ijaseit.8.5.5046

Abstract

Security models have been developed over time to examine the security of two-party authenticated key exchange protocols. In 2007, a reasonably strong security model for key exchange protocols has been proposed, namely extended Canetti-Krawczyk model (eCK model), addressing wide range of real-world attack scenarios. They constructed a protocol called NAXOS, that is proven secure in the eCK model. In order to satisfy the eCK security, NAXOS protocol uses a hash function to combine the ephemeral key with the long-term secret key, which is often called as “NAXOS trick”. However, for the NAXOS trick based protocols, the way of leakage modelled in the eCK model leads to an unnatural assumption of leak-free computation of the hash function. In 2015, Alawatugoda, Stebila and Boyd presented a secure and NAXOS trick key exchange protocol, namely protocol P1. In this work, we implement the protocol P1 to be used with the widely-used OpenSSL cryptographic library. OpenSSL implementations are widely used with the real-world security protocol suites, particularly Security Socket Layer and Transport Layer Security. According to our knowledge, this is the first implementation of an eCK-secure protocol for the OpenSSL library. Thus, we open up the direction to use the recent advancements of cryptography for real-world Internet communication.

Item Type:	Article
Uncontrolled Keywords:	Authenticated key exchange; eCK mode; OpenSSL; secure key; security models.
Subjects:	T Technology > TA Engineering (General). Civil engineering (General) > TA168 Systems engineering
Divisions:	Faculty of Computer Science and Information Technology > Department of Information Security
Depositing User:	UiTM Student Praktikal
Date Deposited:	24 Jan 2022 06:35
Last Modified:	24 Jan 2022 06:35
URI:	http://eprints.uthm.edu.my/id/eprint/5875

Actions (login required)

View Item