146 research outputs found
Computationally Sound Symbolic Security Reduction Analysis of Group Key Exchange Protocol using Bilinear Pairings
Canetti and Herzog have proposed a universally composable symbolic analysis (UCSA) of mutual authentication and key exchange protocols within universally composable security framework. It is fully automated and computationally sound symbolic analysis.
Furthermore, Canetti and Gajek have analyzed Diffie-Hellman based key exchange protocols as an extension of their work. It deals with forward secrecy in case of fully adaptive party corruptions. However, their work only addresses two-party protocols that use public key encryptions, digital signatures and Diffie-Hellman exchange.
We make the following contributions. First, we extend UCSA approach to analyze group key exchange protocols that use bilinear pairings exchange and digital signatures to resist insider attack under fully adaptive party corruptions with respect to forward secrecy. Specifically, we propose an formal algebra, and property of bilinear pairings in the execution of group key exchange protocol among arbitrary number of participants. This provides computationally sound and fully automated analysis. Second, we reduce the security of multiple group key exchange sessions among arbitrary number of participants to the security of a single group key exchange session among three participants. This improves the efficiency of security analysis
On symbolic analysis of cryptographic protocols
Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2005.Includes bibliographical references (p. 91-94).The universally composable symbolic analysis (UCSA) framework layers Dolev-Yao style symbolic analysis on top of the universally composable (UC) secure framework to construct computationally sound proofs of cryptographic protocol security. The original proposal of the UCSA framework by Canetti and Herzog (2004) focused on protocols that only use public key encryption to achieve 2-party mutual authentication or key exchange. This thesis expands the framework to include protocols that use digital signatures as well. In the process of expanding the framework, we identify a flaw in the framework's use of UC ideal functionality FKE. We also identify issues that arise when combining FKE with the current formulation of ideal signature functionality FSI,. Motivated by these discoveries, we redefine the FPKE and FsIG functionalities appropriately.by Akshay Patil.M.Eng
Recommended from our members
A universally composable key exchange protocol for advanced metering infrastructure in the energy Internet
The increasing adoption of multiway communications in the advanced metering infrastructure (AMI) of the energy Internet, which is known as the Internet-based smart grid, raises a new question about the security of customers’ sensitive data and how the data can be protected from growing cyber attacks such as side-channel and false data injection attacks. The dynamic nature of remote connect/disconnect of components in the AMI also brings new types of security threats. To achieve secure multiway communications and remote connect/disconnect of components, the AMI requires a key exchange protocol (KEP) that meets a number of its security requirements such as confidentiality, integrity, availability, identification, authentication, and access control. In this context, in this article we present a KEP that uses an ideal crypto functionality and an ideal AMI key exchange functionality based on universal composability, which allows modular design and analysis of cryptographic protocols. The former functionality enables AMI components or users to perform authenticated cryptographic operations, while the later functionality enables the users to meet the AMI security requirements before generating a shared secret session key, which can be used in an ideal manner. We carry out experiments to validate the performance of our protocol, and the results show that our protocol offers better performance benefits compared to the existing related protocols and is suitable for the Energy Internet. We further demonstrate the usefulness of our ideal functionalities as a security reinforcement for a widely used KEP, namely the Elliptic Curve Diffie–Hellman
A Survey of Symbolic Methods in Computational Analysis of Cryptographic Systems
Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear. For more than twenty years the two approaches have coexisted but evolved mostly independently. Recently, significant research efforts attempt to develop paradigms for cryptographic systems analysis that combines the best of both worlds. There are two broad directions that have been followed. {\em Computational soundness} aims to establish sufficient conditions under which results obtained using symbolic models imply security under computational models. The {\em direct approach} aims to apply the principles and the techniques developed in the context of symbolic models directly to computational ones. In this paper we survey existing results along both of these directions. Our goal is to provide a rather complete summary that could act as a quick reference for researchers who want to contribute to the field, want to make use of existing results, or just want to get a better picture of what results already exist
Formal Computational Unlinkability Proofs of RFID Protocols
We set up a framework for the formal proofs of RFID protocols in the
computational model. We rely on the so-called computationally complete symbolic
attacker model. Our contributions are: i) To design (and prove sound) axioms
reflecting the properties of hash functions (Collision-Resistance, PRF); ii) To
formalize computational unlinkability in the model; iii) To illustrate the
method, providing the first formal proofs of unlinkability of RFID protocols,
in the computational model
Universally Composable Security Analysis of TLS---Secure Sessions with Handshake and Record Layer Protocols
We present a security analysis of the complete TLS protocol in the Universal Composable security framework. This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and is based on the adaption of the secure channel model from Canetti and Krawczyk to the setting where peer identities are not necessarily known prior the protocol invocation and may remain undisclosed. Our analysis shows that TLS, including the Diffie-Hellman and key transport suites in the uni-directional and bi-directional models of authentication, securely emulates secure communication sessions
Universally Composable Authentication and Key-exchange with Global PKI
Message authentication and key exchange are two of the most basic tasks of
cryptography. Solutions based on public-key infrastructure (PKI) are
prevalent. Still, the state of the art in composable security analysis of
PKI-based authentication and key exchange is somewhat unsatisfactory.
Specifically, existing treatments either (a)~make the unrealistic assumption
that the PKI is accessible only within the confines of the protocol itself,
thus failing to capture real-world PKI-based authentication, or (b)~impose
often-unnecessary requirements---such as strong on-line
non-transferability---on candidate protocols, thus ruling out natural
candidates.
We give a modular and universally composable analytical framework for PKI-based
message authentication and key exchange protocols. This framework guarantees
security even when the PKI is pre-existing and globally available, without
being unnecessarily restrictive. Specifically, we model PKI as a global set-up
functionality within the \emph{Global~UC} security model [Canetti \etal, TCC
2007] and relax the ideal authentication and key exchange functionalities
accordingly. We then demonstrate the security of basic signature-based
authentication and key exchange protocols. Our modeling makes minimal security
assumptions on the PKI in use; in particular, ``knowledge of the secret key\u27\u27
is not needed
08491 Abstracts Collection -- Theoretical Foundations of Practical Information Security
From 30.11. to 05.12.2008, the Dagstuhl Seminar 08491 ``Theoretical Foundations of Practical Information Security \u27\u27 was held in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
- …