35 research outputs found

    Group key agreement protocols with implicit key authentication

    Get PDF
    There have been numerous studies performed on secure group communication over unsecured channels such as the Internet and ad-hoc network. Most of the results are focused on cryptographic methods to share secret keys within the group. In the real world, however, we cannot establish an application for group communication without considering authentication of each peer (group member) since the adversary could digitally disguise itself and intrude into the key sharing process without valid membership. Therefore, authentication is an inevitable component for any secure communication protocols as well as peer group communication. In the classical design of group key protocols, each peer should be authenticated by a separate and centralized authentication server (e.g. Kerberos). Although many practical protocols present efficient ways for authentication, we are still facing the necessity of optimization between authentication and group key sharing. In that sense, implicit key authentication is an ideal property for group key protocols since, once it is possibly put into practice, we do not need any separate authentication procedure as a requisite. There was an attempt to devise implicit key authentication service in conjunction with group key agreement protocol; Authenticated Group Diffie-Hellman (A-GDH) and its stronger version (SA-GDH). Unfortunately, both were proved to have some weakness from the man-in-the-middle attacks. In this project, practical fixes for A-GDH and SA-GDH using Message Authentication Code (MAC) schemes are proposed and performance evaluation is carried out from implementation and experimentation for each: A-GDH, SA-GDH, A-GDH with MAC, and SA-GDH with MAC. Finally, the policies how and where to deploy authenticated GDH protocols are discussed under various group communication scenarios

    An Active Attack on a Multiparty Key Exchange Protocol

    Get PDF
    The multiparty key exchange introduced in Steiner et al.\@ and presented in more general form by the authors is known to be secure against passive attacks. In this paper, an active attack is presented assuming malicious control of the communications of the last two users for the duration of only the key exchange

    Towards a Constrained-based Verification of Parameterized Cryptographic Protocols

    Get PDF
    International audienceAlthough many works have been dedicated to standard protocols like Needham-Schroeder very few address the more challenging class of group protocol s. We present a synchronous model for group protocols, that generalizes standard protocol models by permitting unbounded lists inside messages. In this extended model we propose a correct and complete set of inference rules for checking security properties in presence of an active intruder for the class of well-tagged protocols. Our inference system generalizes the ones that are implemented in several tools for a bounded number of sessions and fixed size lists in message. In particular when applied to protocols whose specification does not contain unbounded lists our inference system provides a decision procedure for secrecy in the case of a fixed number of sessions

    Automatic Verification of Key Management Architecture for Hierarchical Group Protocols

    Get PDF
    Emerging applications require secure group communications around hierarchical architecture protocols, like military or public emergency applications. However, conceiving such secure hierarchical protocols is not straightforward. Thus, their verification become a primordial issue in order to avoid the possible security attacks and vulnerabilities. Several attempts have been done to deal with formal verification of group protocols, but, in our knowledge, none of them has handled hierarchical ones. This paper investigates both specific challenges and security issues of hierarchical security group communications, and an overview of works done for their verification. We have chosen the Back-end Cl-AtSe of AVISPA tool, to verify an example of such protocols, as it enables to deal with the exponentiation of Diffie-Hellman often used in group key management

    Verification of Security Protocols with Lists: from Length One to Unbounded Length

    Get PDF
    International audienceWe present a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. More specifically, our technique relies on the Horn clause approach used in the automatic verifier ProVerif: we show that if a protocol is proven secure by our technique with lists of length one, then it is secure for lists of unbounded length. Interestingly, this theorem relies on approximations made by our verification technique: in general, secrecy for lists of length one does not imply secrecy for lists of unbounded length. Our result can be used in particular to prove secrecy properties for group protocols with an unbounded number of participants and for some XML protocols (web services) with ProVerif

    Constraints-based Verification of Parameterized Cryptographic Protocols.

    Get PDF
    Cryptographic protocols are crucial for securing electronic transactions. The confidence in these protocols can be increased by the formal analysis of their security properties. Although many works have been dedicated to standard protocols like Needham-Schroeder very few address the more challenging class of group protocols. We present a synchronous model for group protocols, that generalizes standard protocol models by permitting unbounded lists inside messages. In this extended model we propose a correct and complete set of inference rules for checking security properties in presence of an active intruder for the class of Well-Tagged protocols. We prove that the application of these rules on a constraint system terminates and that the normal form obtained can be checked for satisfiability. Therefore, we present here a decision procedure for this class

    Rank Functions Based Inference System for Group Key Management Protocols Verification

    Get PDF
    Design and veri¯cation of cryptographic protocols has been under investigation for quite sometime. However, most of the attention has been paid for two parties protocols. In group key management and distribution protocols, keys are computed dynamically through cooperation of all protocol participants. Therefore regular approaches for two parties protocols veri¯cation cannot be applied on group key protocols. In this paper, we present a framework for formally verifying of group key management and distribution protocols based on the concept of rank functions. We de¯ne a class of rank functions that satisfy speci¯c requirements and prove the soundness of these rank functions. Based on the set of sound rank functions, we provide a sound and complete inference system to detect attacks in group key management protocols. The inference system provides an elegant and natural proof strategy for such protocols compared to existing approaches. The above formalizations and rank theorems were implemented using the PVS theorem prover. We illustrate our approach by applying the inference system on a generic Di±e-Hellman group protocol and prove it in PVS

    Security in Distributed, Grid, Mobile, and Pervasive Computing

    Get PDF
    This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

    IST Austria Thesis

    Get PDF
    In this thesis we discuss the exact security of message authentications codes HMAC , NMAC , and PMAC . NMAC is a mode of operation which turns a fixed input-length keyed hash function f into a variable input-length function. A practical single-key variant of NMAC called HMAC is a very popular and widely deployed message authentication code (MAC). PMAC is a block-cipher based mode of operation, which also happens to be the most famous fully parallel MAC. NMAC was introduced by Bellare, Canetti and Krawczyk Crypto’96, who proved it to be a secure pseudorandom function (PRF), and thus also a MAC, under two assumptions. Unfortunately, for many instantiations of HMAC one of them has been found to be wrong. To restore the provable guarantees for NMAC , Bellare [Crypto’06] showed its security without this assumption. PMAC was introduced by Black and Rogaway at Eurocrypt 2002. If instantiated with a pseudorandom permutation over n -bit strings, PMAC constitutes a provably secure variable input-length PRF. For adversaries making q queries, each of length at most ` (in n -bit blocks), and of total length σ ≤ q` , the original paper proves an upper bound on the distinguishing advantage of O ( σ 2 / 2 n ), while the currently best bound is O ( qσ/ 2 n ). In this work we show that this bound is tight by giving an attack with advantage Ω( q 2 `/ 2 n ). In the PMAC construction one initially XORs a mask to every message block, where the mask for the i th block is computed as τ i := γ i · L , where L is a (secret) random value, and γ i is the i -th codeword of the Gray code. Our attack applies more generally to any sequence of γ i ’s which contains a large coset of a subgroup of GF (2 n ). As for NMAC , our first contribution is a simpler and uniform proof: If f is an ε -secure PRF (against q queries) and a δ - non-adaptively secure PRF (against q queries), then NMAC f is an ( ε + `qδ )-secure PRF against q queries of length at most ` blocks each. We also show that this ε + `qδ bound is basically tight by constructing an f for which an attack with advantage `qδ exists. Moreover, we analyze the PRF-security of a modification of NMAC called NI by An and Bellare that avoids the constant rekeying on multi-block messages in NMAC and allows for an information-theoretic analysis. We carry out such an analysis, obtaining a tight `q 2 / 2 c bound for this step, improving over the trivial bound of ` 2 q 2 / 2 c . Finally, we investigate, if the security of PMAC can be further improved by using τ i ’s that are k -wise independent, for k > 1 (the original has k = 1). We observe that the security of PMAC will not increase in general if k = 2, and then prove that the security increases to O ( q 2 / 2 n ), if the k = 4. Due to simple extension attacks, this is the best bound one can hope for, using any distribution on the masks. Whether k = 3 is already sufficient to get this level of security is left as an open problem. Keywords: Message authentication codes, Pseudorandom functions, HMAC, PMAC

    Journal of Telecommunications and Information Technology, 2002, nr 4

    Get PDF
    kwartalni
    corecore