Establishing a session key (SSK) is very important for real-world deployment in open networks, which enables secure communication between remote parties. In the past, some authenticated key exchange (AKE) protocols have been proposed to generate a SSK, but the certificate management issue is inhered in the traditional public key infrastructure and must be addressed. To tackle this issue, the identity (ID)-based concept is added to AKE, called ID-AKE. Indeed, the security of the existing AKE/ID-AKE protocols is gaining increasing importance due to some new types of attacks, namely, side-channel attacks. In such attacks, adversaries could obtain secret keys’ partial information during the execution of cryptographic protocols (including AKE/ID-AKE). To withstand such attacks, many leakage-resilient ID-AKE (LR-ID-AKE) protocols resisting side-channel attacks have been proposed. However, these existing LR-ID-AKE protocols have no efficient solution to revoke compromised users. In this article, the first LR-ID-AKE protocol with an efficient revocation mechanism, called LR-RID-AKE, is proposed. The proposed protocol is not only as secure as existing LR-ID-AKE protocols but also able to efficiently revoke compromised users from the system.

中文翻译：

---

具有撤销机制的防泄漏、基于身份验证的密钥交换协议

建立会话密钥 (SSK) 对于开放网络中的实际部署非常重要，它可以实现远程方之间的安全通信。过去，已经提出了一些认证密钥交换（AKE）协议来生成 SSK，但证书管理问题是传统公钥基础设施中固有的，必须解决。为了解决这个问题，AKE 中增加了基于身份 (ID) 的概念，称为 ID-AKE。事实上，由于一些新类型的攻击，即边信道攻击，现有 AKE/ID-AKE 协议的安全性变得越来越重要。在此类攻击中，攻击者可以在执行加密协议（包括 AKE/ID-AKE）期间获取密钥的部分信息。为了抵御这样的攻击，已经提出了许多抵抗侧信道攻击的防泄漏 ID-AKE (LR-ID-AKE) 协议。然而，这些现有的 LR-ID-AKE 协议没有有效的解决方案来撤销受感染的用户。在本文中，提出了第一个具有有效撤销机制的 LR-ID-AKE 协议，称为 LR-RID-AKE。所提出的协议不仅与现有的 LR-ID-AKE 协议一样安全，而且能够有效地从系统中撤销受感染的用户。