Secure Against Active Attacks Clause Samples
Secure Against Active Attacks. Some of the standard protocols such as the ones in [FG10] and [FAA14] are vulnerable to active attacks such as Key-Offset and Forgery. We overcome this limitation by including a term which is a signature of the ephemeral keys. This provides enhanced security for a little extra overhead. Table 1 compares our scheme with existing protocols. It compares based on the number of exponentiation, the number of pairing operations, the security model under the schemes are proven secure and the resistance to active adver- sary. All of the protocols listed in the table have been designed for the multiple PKG model. From the table we can see that our protocol has been proven secure in a much stronger model when compared to existing protocols. It is also note- worthy that our protocol offers resistance to active adversary by incorporating a signature in the message being sent. This guarantees origin authentication, a feature missing in the other protocols. Another major advantage of our protocol is that it does not involve any pairing operations. In general it is always desirable to have a protocol that involves simple group theoretic operations than pairing as it is slightly inefficient to find too much pairing-friendly curves. Our protocol also removes all the attacks of the scheme presented in [FAA14] as reported in [MM13] and is also proven secure in a much stronger model. But for this we have to pay an extra cost of 3 more exponentiations compared to [FAA14]. SCK-3 [CK03] 1 2 BJM × ▇▇▇ et al. [LKKO05] 2 2 N.A. × ▇▇▇▇▇▇ and Attari [FAA14] 7 N.A. BJM × √ Ours 7 + 3# ▇.▇. ▇▇▇ In this section we describe the notations we will be using throughout our paper. We denote the security parameter by κ. The set of integers is denoted by Z. [n] denotes the set 1, . . . , n 1 for n 2. We denote by x R X the fact that x is chosen uniformly at random from the set X. G denotes a group of order q (where q is a prime of length κ) with generator g. G∗ denotes the non-zero elements of G. Zp∗ denotes the multiplicative group of integers modulo p, where p is a prime and p|(q − 1).
Secure Against Active Attacks. Some of the standard protocols such as the ones in [FG10] and [FAA14] are vulnerable to active attacks such as Key-Offset and Forgery. We overcome this limitation by incorporating appropriate verification mechanisms that would abort the protocol in case of any change in values to be agreed upon. We ensure this by including a term which is a signature of the ephemeral keys. This provides enhanced security for minimal extra overhead. Table 1 compares our scheme with existing protocols. The comparison is based on the number of exponentiations (Exp), the number of pairing operations, the security model under which the schemes are proven secure and resistance to active adversary. SCK-3 [CK03] 1 2 BJM × ▇▇▇ et al. [LKKO05] 2 2 N.A. × Farash and Attari [FAA14] 7 N.A. BJM × √ Proposed protocol 7 + 3# ▇.▇. ▇▇▇ All of the protocols listed in the table have been designed for the multiple PKG model. From the table we can see that our protocol has been proven secure in a much stronger model when compared to existing protocols. It is also noteworthy that our protocol offers resistance to active adversary. This guarantees origin authentication, a feature missing in the other protocols. Alongside these our protocol also fixes all the attacks of the scheme presented in [FAA14] as reported in [MM13]. But for this we have to pay a cost of 3 extra exponentiations compared to [FAA14]. However this extra computation is justifiable when compared to the advantages our protocol provides.