On post-compromise security
<p>In this work we study communication with a party whose secrets have already been compromised. At first sight, it may seem impossible to provide any type of security in this scenario. However, under some conditions, practically relevant guarantees can still be achieved. We call such guarante...
| Main Authors: | , , |
|---|---|
| Format: | Conference item |
| Published: |
IEEE
2016
|
| _version_ | 1797058523484389376 |
|---|---|
| author | Cohn-Gordon, K Cremers, C Garratt, L |
| author_facet | Cohn-Gordon, K Cremers, C Garratt, L |
| author_sort | Cohn-Gordon, K |
| collection | OXFORD |
| description | <p>In this work we study communication with a party whose secrets have already been compromised. At first sight, it may seem impossible to provide any type of security in this scenario. However, under some conditions, practically relevant guarantees can still be achieved. We call such guarantees “postcompromise security”.</p> <br/> <p>We provide the first informal and formal definitions for post-compromise security, and show that it can be achieved in several scenarios. At a technical level, we instantiate our informal definitions in the setting of authenticated key exchange (AKE) protocols, and develop two new strong security models for two different threat models. We show that both of these security models can be satisfied, by proposing two concrete protocol constructions and proving they are secure in the models. Our work leads to crucial insights on how postcompromise security can (and cannot) be achieved, paving the way for applications in other domains.</p> |
| first_indexed | 2024-03-06T19:51:29Z |
| format | Conference item |
| id | oxford-uuid:241da365-1c73-4b6a-826c-f122c4c1e1b8 |
| institution | University of Oxford |
| last_indexed | 2024-03-06T19:51:29Z |
| publishDate | 2016 |
| publisher | IEEE |
| record_format | dspace |
| spelling | oxford-uuid:241da365-1c73-4b6a-826c-f122c4c1e1b82022-03-26T11:48:11ZOn post-compromise securityConference itemhttp://purl.org/coar/resource_type/c_5794uuid:241da365-1c73-4b6a-826c-f122c4c1e1b8Symplectic Elements at OxfordIEEE2016Cohn-Gordon, KCremers, CGarratt, L<p>In this work we study communication with a party whose secrets have already been compromised. At first sight, it may seem impossible to provide any type of security in this scenario. However, under some conditions, practically relevant guarantees can still be achieved. We call such guarantees “postcompromise security”.</p> <br/> <p>We provide the first informal and formal definitions for post-compromise security, and show that it can be achieved in several scenarios. At a technical level, we instantiate our informal definitions in the setting of authenticated key exchange (AKE) protocols, and develop two new strong security models for two different threat models. We show that both of these security models can be satisfied, by proposing two concrete protocol constructions and proving they are secure in the models. Our work leads to crucial insights on how postcompromise security can (and cannot) be achieved, paving the way for applications in other domains.</p> |
| spellingShingle | Cohn-Gordon, K Cremers, C Garratt, L On post-compromise security |
| title | On post-compromise security |
| title_full | On post-compromise security |
| title_fullStr | On post-compromise security |
| title_full_unstemmed | On post-compromise security |
| title_short | On post-compromise security |
| title_sort | on post compromise security |
| work_keys_str_mv | AT cohngordonk onpostcompromisesecurity AT cremersc onpostcompromisesecurity AT garrattl onpostcompromisesecurity |