TY - GEN
T1 - Intrusion-resilient key exchange in the bounded retrieval model
AU - Cash, David
AU - Ding, Yan Zong
AU - Dodis, Yevgeniy
AU - Lee, Wenke
AU - Lipton, Richard
AU - Walfish, Shabsi
PY - 2007
Y1 - 2007
N2 - We construct an intrusion-resilient symmetric-key authenticated key exchange (AKE) protocol in the bounded retrieval model. The model employs a long shared private key to cope with an active adversary who can repeatedly compromise the user's machine and perform any efficient computation on the entire shared key. However, we assume that the attacker is communication bounded and unable to retrieve too much information during each successive break-in. In contrast, the users read only a small portion of the shared key, making the model quite realistic in situations where storage is much cheaper than bandwidth. The problem was first studied by Dziembowski [Dzi06a], who constructed a secure AKE protocol using random oracles. We present a general paradigm for constructing intrusion-resilient AKE protocols in this model, and show how to instantiate it without random oracles. The main ingredients of our construction are UC-secure password authenticated key exchange and tools from the bounded storage model.
AB - We construct an intrusion-resilient symmetric-key authenticated key exchange (AKE) protocol in the bounded retrieval model. The model employs a long shared private key to cope with an active adversary who can repeatedly compromise the user's machine and perform any efficient computation on the entire shared key. However, we assume that the attacker is communication bounded and unable to retrieve too much information during each successive break-in. In contrast, the users read only a small portion of the shared key, making the model quite realistic in situations where storage is much cheaper than bandwidth. The problem was first studied by Dziembowski [Dzi06a], who constructed a secure AKE protocol using random oracles. We present a general paradigm for constructing intrusion-resilient AKE protocols in this model, and show how to instantiate it without random oracles. The main ingredients of our construction are UC-secure password authenticated key exchange and tools from the bounded storage model.
UR - http://www.scopus.com/inward/record.url?scp=38049016824&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=38049016824&partnerID=8YFLogxK
U2 - 10.1007/978-3-540-70936-7_26
DO - 10.1007/978-3-540-70936-7_26
M3 - Conference contribution
AN - SCOPUS:38049016824
SN - 9783540709350
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 479
EP - 498
BT - Theory of Cryptography - 4th Theory of Cryptography Conference, TCC 2007, Proceedings
PB - Springer Verlag
T2 - 4th Theory of Cryptography Conference, TCC 2OO7
Y2 - 21 February 2007 through 24 February 2007
ER -