Tongxin xuebao (Jan 2007)
Correcting the security definition of the Bellare-Rogaway 3PKD model
Abstract
A flaw lied in the security definition of the Bellare-Rogaway 3PKD model,which was proposed by Bellare and Rogaway for three-party key distribution in 1995,was discovered.To reveal it,a new three-party key distribution proto-col P-Flaw was proposed.The protocol was provably secure under the Bellare-Rogaway 3PKD model.However the pro-tocol was not secure enough to withstand the server spoofing attack,known session key attack,and replay attack.The absence of the origin recognition for the distributed session key accounts for the flaw.Accordingly,the security definition of the Bellare-Rogaway 3PKD model was corrected based on matching conversation.