Open AccessCryptanalysis of a robust key agreement based on public key authentication
Author(s) -
Toorani Mohsen
Publication year - 2015
Publication title -
security and communication networks
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.446
H-Index - 43
eISSN - 1939-0122
pISSN - 1939-0114
DOI - 10.1002/sec.1373
Subject(s) - computer science , computer security , key (lock) , key agreement protocol , public key cryptography , oakley protocol , forward secrecy , zero knowledge proof , protocol (science) , secrecy , security association , authentication (law) , key distribution , cryptography , encryption , medicine , network access control , cloud computing , alternative medicine , pathology , cloud computing security , operating system
This paper considers security analysis of the YAK, a public key‐based authenticated key agreement protocol. The YAK protocol is a variant of the two‐pass HMQV protocol but uses zero‐knowledge proofs for proving knowledge of ephemeral values. In this paper, we show that the YAK protocol lacks joint key control and perfect forward secrecy attributes and is vulnerable to some attacks including unknown key‐share and key‐replication attacks. This invalidates the semantic security of the protocol in several security models. There are also other considerations regarding the impersonation and small subgroup attacks. Copyright © 2015 John Wiley & Sons, Ltd.