On the Design of Cryptographic Primitives

The main objective of this work is twofold. On the one hand, it gives a brief overview of the area of two-party cryptographic protocols. On the other hand, it proposes new schemes and guidelines for improving the practice of robust protocol design. In order to achieve such a double goal, a tour through the descriptions of the two main cryptographic primitives is carried out. Within this survey, some of the most representative algorithms based on the Theory of Finite Fields are provided and new general schemes and specific algorithms based on Graph Theory are proposed

Detecting Key-Dependencies

The confidentiality of encrypted data depends on how well the key under which it was encrypted is maintained. If a session key was exchanged encrypted under a long-term key, exposure of the long-term key may reveal the session key and hence the data encrypted with it. The problem of key-dependencies between keys can be mapped onto connectivity of a graph, and the resulting graph can be inspected. This article presents a structured method (an algorithm) with which key-dependencies can be detected and analysed. Several well-known protocols are examined, and it is shown that they are vulnerable to certain attacks exploiting key-dependencies. Protocols which are free from this defect do exist. That is, when a session is terminated it is properly closed

A Machine-Checked Formalization of the Generic Model and the Random Oracle Model

Most approaches to the formal analyses of cryptographic protocols make the perfect cryptography assumption, i.e. the hypothese that there is no way to obtain knowledge about the plaintext pertaining to a ciphertext without knowing the key. Ideally, one would prefer to rely on a weaker hypothesis on the computational cost of gaining information about the plaintext pertaining to a ciphertext without knowing the key. Such a view is permitted by the Generic Model and the Random Oracle Model which provide non-standard computational models in which one may reason about the computational cost of breaking a cryptographic scheme. Using the proof assistant Coq, we provide a machine-checked account of the Generic Model and the Random Oracle Mode

A NOVEL METHODOLOGY TO DESIGN SECURITY PROTOCOLS BASED ON A NEW SET OF DESIGN PRINCIPLES

This paper presents a novel design methodology based on a new set of design principles to develop step-by-step security protocols for up to three participants, guiding the designer on each step. It accompanies the designer through a succession of six abstraction levels proposed in this work: protocol objectives, protocol constraints, security mechanisms, message flow, protocol conformation and authentication tests. The methodology proposed is based on a new set of design principles extracted from different sources and combined using the systemic approach, which considers the designer and client’s security and functional needs. The resulting model separates highlevel tasks from implementation details, allowing the designer to specify the security requirements and functionality desired for each abstraction level. Consequently, the protocol design is linked with the best-fitting design principle. To corroborate the results of the methodology, the resulting protocol in the Alice and Bob notation in the fifth level is tested using the “Strand Spaces” Model. The Needham-Schroeder protocol with symmetric keys was successfully used as a test. The security goals achieved were: authentication, confidentiality, integrity, and non-repudiation

miTLS: Verifying Protocol Implementations against Real-World Attacks

International audienceThe TLS Internet Standard, previously known as SSL, is the default protocol for encrypting communications between clients and servers on the Web. Hence, TLS routinely protects our sensitive emails, health records, and payment information against network-based eavesdropping and tampering. For the past 20 years, TLS security has been analyzed in various cryptographic and programming models to establish strong formal guarantees for various protocol configurations. However, TLS deployments are still often vulnerable to attacks and rely on security experts to fix the protocol implementations. The miTLS project intends to solve this apparent contradiction between published proofs and real-world attacks, which reveals a gap between TLS theory and practice. To this end, the authors developed a verified reference implementation and a cryptographic security proof that account for the protocol's low-level details. The resulting formal development sheds light on recent attacks, yields security guarantees for typical TLS usages, and informs the design of the protocol's next version

KALwEN: A New Practical and Interoperable Key Management Scheme for Body Sensor Networks

Key management is the pillar of a security architecture. Body sensor networks(BSNs) pose several challenges -- some inherited from wireless sensor networks(WSNs), some unique to themselves -- that require a new key management scheme to be tailor-made. The challenge is taken on, and the result is KALwEN, a new lightweight scheme that combines the best-suited cryptographic techniques in a seamless framework. KALwEN is user-friendly in the sense that it requires no expert knowledge of a user, and instead only requires a user to follow a simple set of instructions when bootstrapping or extending a network. One of KALwEN's key features is that it allows sensor devices from different manufacturers, which expectedly do not have any pre-shared secret, to establish secure communications with each other. KALwEN is decentralized, such that it does not rely on the availability of a local processing unit (LPU). KALwEN supports global broadcast, local broadcast and neighbor-to-neighbor unicast, while preserving past key secrecry and future key secrecy. The fact that the cryptographic protocols of KALwEN have been formally verified also makes a convincing case