NAMES IN CRYPTOGRAPHIC PROTOCOLS

Abstract: Messages in cryptographic protocols are made up of a small set of elements; keys, nonces, timestamps, and names, amongst others. These elements must possess specific properties to be useful for their intended purpose. Some of these properties are prescribed as part of the protocol specification, while others are assumed to be inherited from the execution environment. We focus on this latter category by analyzing the security properties of names. We argue that to fulfill their role in cryptographic protocols, names must be unique across correlated sessions i.e. where the massages of one session can be reused in another without detection and that uniqueness must be guaranteed to hold for each participant of these runs. We discuss how uniqueness can be provided and verified by the interested parties. To do so, two different mechanisms are shown possible, namely local and global verification. In both cases we discuss the implications of uniqueness on the execution environment of a cryptographic protocol, pointing out the inescapable issues related to each of the two mechanisms. Finally, we argue that such implications should be given careful consideration as they represent important elements in the evaluation of a cryptographic protocol itself.