In this article we visualise and contrast two closely related security properties: Forward secrecy and Post-compromise security.
Forward secrecy
Forward secrecy, also known as perfect forward secrecy (PFS), is a property that protects past communications against future key compromises. In the context of key exchange mechanisms, forward secrecy ensures that the keys derived in a protocol run remain secure against the future compromise of any static (long-term) private material used during the agreement [3, 4].
Forward secrecy is typically achieved by the frequent generation of fresh session keys while ensuring that subsequent keys do not leak information about previous ones.
Post-compromise security
Post-compromise security (PCS) relates to the security guarantees in the communications produced after a party’s secrets have been compromised.
In PCS, if an attacker is able to fully compromise one entity for a given time window, communications happening after the compromise has ended become secure again after a finite interval [1, 2]. Sometimes it is informally said that the protocol ”self-heals” after a compromise.
Academic literature has not been consistent in defining the PCS security property, with other terms like "backward secrecy" and "future secrecy" often used to define properties that are very similar or equivalent [1].
References
[1] Katriel Cohn-Gordon, Cas Cremers, and Luke Garratt. “On post-compromise se- curity”. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF). IEEE. 2016, pp. 164–178.
[2] Olivier Blazy et al. “How fast do you heal? A taxonomy for post-compromise security in secure-channel establishment”. In: USENIX 2023-The 32nd USENIX Security Symposium. 2023.
[3] Whitfield Diffie, Paul C Van Oorschot, and Michael J Wiener. “Authentication and authenticated key exchanges”. In: Designs, Codes and cryptography 2.2 (1992), pp. 107–125.
[4] EB Barker et al. Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography.(National Institute of Standards and Tech- nology, Gaithersburg, MD). https://doi.org/10.6028/NIST.SP.800- 56Ar3. [Ac- cessed 27-May-2023]. 2018.