Authenticated key exchange with synchronized state



We study the problem on how to either prevent identity impersonation (IDI) attacks or limit its consequences by on-line detecting previously unidentified IDI attacks, where IDI attacks are normally caused by the leakage of identity related long-term key. Such problem has, up until now, lacked a provably good solution. We deal with this problem through the scenario on authenticated key exchange with synchronized state (AKESS). This work provides a security model for AKESS, in which we particularly formalize the security of synchronized state based on indistinguishability. We propose a two party execution state synchronization framework for symmetric case, based on which we propose a generic compiler for AKESS protocols. Our goal is to transform any existing passively secure KE protocols to AKESS protocols using synchronized state, without any modification on those KE protocols. The new generic compiler is probably secure in the standard model under standard assumptions. Copyright © 2014 John Wiley & Sons, Ltd.