Bilateral Unknown Key-Share Attacks in Key Agreement Protocols

Abstract: unknown key-share (uks) resilience is a basic security attribute in au- thenticated key agreement protocols. in this paper we revisit the definitions of this attribute and the method of proving this attribute under the bellare-rogaway (br) model in the literature. we propose a new type of uks attack, which coerces two enti- ties a and b into sharing a key with each other but in fact a thinks that he is sharing the key with another entity c and b thinks that he is sharing the key with another entity d,where c and d might or might not be the same entity. we call this attack a bilateral unknown key-share (buks) attack. we demonstrate that a few well-known authenticated key agreement protocols are vulnerable to this attack. we then explore a gap between the conventional br-type proof and a buks adversary’s behavior, and extend the br model to cover the buks resilience attribute. at the end of the paper, we provide a general countermeasure and its security proof under the extended model and the assumption that a collision-resistance function exists.