Authenticated Deniable Internet Key Exchange
We propose two public-key schemes to achieve deniable authentication for the Internet Key Exchange (IKE). Authentication in security had is the essential factor in the key establishment over Internet. The Deniable Internet key exchange protocol gives more value to the IKE standard. Our schemes can in some situations be more efficient than existing IKE protocols as well as having stronger deniability properties. Key-exchange, in particular Diffie–Hellman key exchange (DHKE), is among the core cryptographic mechanisms for ensuring network security. For key-exchange over the Internet, both security and privacy are desired. In this paper, we develop a family of privacy-preserving authenticated DHKE protocols named deniable Internet key-exchange (DIKE), both in the traditional PKI setting and in the identity-based setting. The newly developed DIKE protocols are of conceptual clarity and practical (online) efficiency. They provide useful privacy protection to both protocol participants, and add novelty and new value to the IKE standard.