Implementation of an eCK-secure Key Exchange Protocol for OpenSSL

Janaka Alawatugoda; Seralathan Vivekaanathan; Nishen Peiris; Chamitha Wickramasinghe; Chai Wen Chuah

doi:10.18517/ijaseit.8.5.5046

DOI : https://doi.org/10.18517/ijaseit.8.5.5046

Implementation of an eCK-secure Key Exchange Protocol for OpenSSL

Janaka Alawatugoda ⁽¹⁾, Seralathan Vivekaanathan ⁽²⁾, Nishen Peiris ⁽³⁾, Chamitha Wickramasinghe ⁽⁴⁾, Chai Wen Chuah ⁽⁵⁾

(1) Department of Computer Engineering, Faculty of Engineering University of Peradeniya, Peradeniya, Sri Lanka

(2) Department of Computer Engineering, Faculty of Engineering University of Peradeniya, Peradeniya, Sri Lanka

(3) Department of Computer Engineering, Faculty of Engineering University of Peradeniya, Peradeniya, Sri Lanka

(4) Department of Computer Engineering, Faculty of Engineering University of Peradeniya, Peradeniya, Sri Lanka

(5) Information Security Interest Group (ISIG), Faculty Computer Science and Information TechnologyUniversity Tun Hussein Onn Malaysia, Malaysia

Fulltext View | Download

How to cite (IJASEIT) :

Alawatugoda, Janaka, et al. “Implementation of an ECK-Secure Key Exchange Protocol for OpenSSL”. International Journal on Advanced Science, Engineering and Information Technology, vol. 8, no. 5, Oct. 2018, pp. 2205-10, doi:10.18517/ijaseit.8.5.5046.

Citation Format :

Security models have been developed over time to analyze the security of two-party authenticated key exchange (AKE) protocols. LaMacchia et al. (ProSec 2007) presented a strong security model for AKE protocols, namely the extended Canetti-Krawczyk (eCK) model, addressing wide range of real-world attack scenarios. They constructed a protocol called NAXOS, that is proven-secure in the eCK model. In order to satisfy the eCK security, the NAXOS protocol uses a hash function to combine the long-term secret key and the ephemeral secret key, which is often called as “NAXOS-trick”. However, for the NAXOS-trick-based protocols, the way of leakage modelled in the eCK model leads to an unnatural assumption of leak-free computation of the hash function. Precisely, the eCK model allows the attacker to reveal the ephemeral key while the output of the NAXOS-trick computation remains safe (leak-free). In a recent work of Alawatugoda et al. (IMA Cryptography and Coding 2015), a NAXOS-trick-free eCK-secure AKE protocol is presented, namely protocol P1. In this work, we implement the protocol P1 to be used with the widely-used OpenSSL cryptographic library. OpenSSL implementations are widely used with the real-world security protocol suites, such as Security Socket Layer (SSL) and Transport Layer Security (TLS). As per best of our knowledge, this is the first implementation of a eCK-secure key exchange protocol for the OpenSSL library. Thus, we open up the direction to use the recent advancements of cryptography for real-world Internet communication.

This work is licensed under a Creative Commons Attribution 4.0 International License.

Authors who publish with this journal agree to the following terms:

Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution LicenseÂ that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (SeeÂ The Effect of Open Access).