Paper 2023/228

Authenticated Continuous Key Agreement: Active MitM Detection and Prevention

Benjamin Dowling, University of Sheffield
Britta Hale, Naval Postgraduate School
Abstract

Current messaging protocols are incapable of detecting active man-in-the-middle threats. Even common continuous key agreement protocols such as Signal, which offers forward secrecy and post-compromise security, are dependent on the adversary being passive immediately following state compromise, and healing guarantees are lost if the attacker is not. This work offers the first solution for detecting active man-in-the-middle attacks on such protocols by extending authentication beyond the initial public keys and binding it to the entire continuous key agreement. In this, any adversarial fork is identifiable to the protocol participants. We provide a modular construction generic for application with any continuous key agreement protocol, a specific construction for application to Signal, and security analysis. The modularity of our solution enables it to be seamlessly adopted by any continuous key agreement protocol.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
AuthenticationContinuous Key Agreement (CKA)Signal
Contact author(s)
britta hale @ nps edu
History
2023-02-21: approved
2023-02-20: received
See all versions
Short URL
https://ia.cr/2023/228
License
Creative Commons Attribution-NonCommercial-NoDerivs
CC BY-NC-ND

BibTeX

@misc{cryptoeprint:2023/228,
      author = {Benjamin Dowling and Britta Hale},
      title = {Authenticated Continuous Key Agreement: Active {MitM} Detection and Prevention},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/228},
      year = {2023},
      url = {https://eprint.iacr.org/2023/228}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.