Implementing a secure key exchange protocol for openSSL
Security models have been developed over time to examine the security of two-party authenticated key exchange protocols. In 2007, a reasonably strong security model for key exchange protocols has been proposed, namely extended Canetti-Krawczyk model (eCK model), addressing wide range of real-world a...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Indonesian Society for Knowledge and Human Development (INSIGHT)
2018
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/5875/ http://eprints.uthm.edu.my/5875/1/AJ%202018%20%28633%29.pdf |
| _version_ | 1848888658090786816 |
|---|---|
| author | Alawatugoda, Janaka Vivekaanathan, Seralathan Peiris, Nishen Wickramasinghe, Chamitha Chuah, Chai Wen |
| author_facet | Alawatugoda, Janaka Vivekaanathan, Seralathan Peiris, Nishen Wickramasinghe, Chamitha Chuah, Chai Wen |
| author_sort | Alawatugoda, Janaka |
| building | UTHM Institutional Repository |
| collection | Online Access |
| description | Security models have been developed over time to examine the security of two-party authenticated key exchange protocols. In 2007, a reasonably strong security model for key exchange protocols has been proposed, namely extended Canetti-Krawczyk model (eCK model), addressing wide range of real-world attack scenarios. They constructed a protocol called NAXOS, that is proven secure in the eCK model. In order to satisfy the eCK security, NAXOS protocol uses a hash function to combine the ephemeral key with the long-term secret key, which is often called as “NAXOS trick”. However, for the NAXOS trick based protocols, the way of leakage modelled in the eCK model leads to an unnatural assumption of leak-free computation of the hash function. In 2015, Alawatugoda, Stebila and Boyd presented a secure and NAXOS trick key exchange protocol, namely protocol P1. In this work, we implement the protocol P1 to be used with the widely-used OpenSSL cryptographic library. OpenSSL implementations are widely used with the real-world security protocol suites, particularly Security Socket Layer and Transport Layer Security. According to our knowledge, this is the first implementation of an eCK-secure protocol for the OpenSSL library. Thus, we open up the direction to use the recent advancements of cryptography for real-world Internet communication. |
| first_indexed | 2025-11-15T20:13:47Z |
| format | Article |
| id | uthm-5875 |
| institution | Universiti Tun Hussein Onn Malaysia |
| institution_category | Local University |
| language | English |
| last_indexed | 2025-11-15T20:13:47Z |
| publishDate | 2018 |
| publisher | Indonesian Society for Knowledge and Human Development (INSIGHT) |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | uthm-58752022-01-24T06:35:22Z http://eprints.uthm.edu.my/5875/ Implementing a secure key exchange protocol for openSSL Alawatugoda, Janaka Vivekaanathan, Seralathan Peiris, Nishen Wickramasinghe, Chamitha Chuah, Chai Wen TA168 Systems engineering Security models have been developed over time to examine the security of two-party authenticated key exchange protocols. In 2007, a reasonably strong security model for key exchange protocols has been proposed, namely extended Canetti-Krawczyk model (eCK model), addressing wide range of real-world attack scenarios. They constructed a protocol called NAXOS, that is proven secure in the eCK model. In order to satisfy the eCK security, NAXOS protocol uses a hash function to combine the ephemeral key with the long-term secret key, which is often called as “NAXOS trick”. However, for the NAXOS trick based protocols, the way of leakage modelled in the eCK model leads to an unnatural assumption of leak-free computation of the hash function. In 2015, Alawatugoda, Stebila and Boyd presented a secure and NAXOS trick key exchange protocol, namely protocol P1. In this work, we implement the protocol P1 to be used with the widely-used OpenSSL cryptographic library. OpenSSL implementations are widely used with the real-world security protocol suites, particularly Security Socket Layer and Transport Layer Security. According to our knowledge, this is the first implementation of an eCK-secure protocol for the OpenSSL library. Thus, we open up the direction to use the recent advancements of cryptography for real-world Internet communication. Indonesian Society for Knowledge and Human Development (INSIGHT) 2018 Article PeerReviewed text en http://eprints.uthm.edu.my/5875/1/AJ%202018%20%28633%29.pdf Alawatugoda, Janaka and Vivekaanathan, Seralathan and Peiris, Nishen and Wickramasinghe, Chamitha and Chuah, Chai Wen (2018) Implementing a secure key exchange protocol for openSSL. International Journal on Advanced Science, Engineering and Information Technology, 8 (5). pp. 2205-2210. ISSN 2088-5334 http://dx.doi.org/10.18517/ijaseit.8.5.5046 |
| spellingShingle | TA168 Systems engineering Alawatugoda, Janaka Vivekaanathan, Seralathan Peiris, Nishen Wickramasinghe, Chamitha Chuah, Chai Wen Implementing a secure key exchange protocol for openSSL |
| title | Implementing a secure key exchange protocol for openSSL |
| title_full | Implementing a secure key exchange protocol for openSSL |
| title_fullStr | Implementing a secure key exchange protocol for openSSL |
| title_full_unstemmed | Implementing a secure key exchange protocol for openSSL |
| title_short | Implementing a secure key exchange protocol for openSSL |
| title_sort | implementing a secure key exchange protocol for openssl |
| topic | TA168 Systems engineering |
| url | http://eprints.uthm.edu.my/5875/ http://eprints.uthm.edu.my/5875/ http://eprints.uthm.edu.my/5875/1/AJ%202018%20%28633%29.pdf |