The Canetti-Krawczyk (CK) model is a formal method to design and analyze of key agreement protocols, and these protocols should have some desirable security attributes. In this paper, the relationship between the CK model and the desirable security attributes for a key agreement protocol is analyzed. The conclusions indicate that: (1) protocols designed and proved secure by the CK model offer almost all the security attributes, such as perfect forward secrecy (PFS), loss of information, known-key security, key-compromise impersonation and unknown key-share, but the attribute of key control; (2) loss of information and key-compromise impersonation can be guaranteed by the first requirement of the security definition (SK-security) in the CK model, while PFS and known-key security by the second requirement, and unknown key-share can be ensured by either the requirement. Thereafter, the advantages and disadvantages of the CK model are presented.
展开▼
