Server-Assisted Key Exchange (SAKE): A new mode for MIKEY-TICKET
draft-olivereau-sake-mikey-ticket-00
| Document | Type |
Expired Internet-Draft
(individual)
Expired & archived
|
|
|---|---|---|---|
| Authors | Alexis Olivereau , Aymen Boudguiga, Nouha Oualha | ||
| Last updated | 2014-04-24 (Latest revision 2013-10-21) | ||
| RFC stream | (None) | ||
| Intended RFC status | (None) | ||
| Formats | |||
| Stream | Stream state | (No stream defined) | |
| Consensus boilerplate | Unknown | ||
| RFC Editor Note | (None) | ||
| IESG | IESG state | Expired | |
| Telechat date | (None) | ||
| Responsible AD | (None) | ||
| Send notices to | (None) |
This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:
Abstract
A key establishment protocol intended to run between constrained devices has to be both lightweight and secure. Among the existing key establishment families (key agreement, key transport, server- assisted key transport or key distribution), the latter is the best candidate for constrained devices, since it can keep cryptographic operations simple at nodes sides. Nevertheless, most key distribution protocols exhibit an asymmetric design, since they are supposed to run between devices playing well-defined client and server roles, implying different security assumptions between the devices involved in the exchange. MIKEY-Ticket is a key distribution protocol that specifies new modes for the Multimedia Internet KEYing (MIKEY) protocol. It answers situations where the network contains a trusted third party (one or multiple trusted key management servers). The general MIKEY-Ticket mode is a key distribution scheme relying on six messages exchanged between the node initiating the protocol (Initiator), the Key Management Server (KMS) and the responding node (Responder). This general mode assumes that the two parties establishing a key with each other play similar roles, with the only exception that one is the Initiator and the other one the Responder. However, this mode suffers from a risk of a Denial of Service (DoS) inherited from the protocol design. In addition, the protocol syntax involves very large messages that would have to be fragmented, and would therefore not be convenient to communications between constrained nodes. In this document, we propose a new MIKEY-Ticket mode that solves the risk of DoS during the key establishment between the Initiator and the Responder, relies on a 5-message exchange instead of a 6-message one and bases on a simplified syntax, leading to lighter messages.
Authors
Alexis Olivereau
Aymen Boudguiga
Nouha Oualha
(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)