Examining Indistinguishability-Based Proof Models for Key Establishment Protocols

We examine various indistinguishability-based proof models for key establishment protocols, namely the Bellare & Rogaway (1993, 1995), the Bellare, Pointcheval, & Rogaway (2000), and the Canetti & Krawczyk (2001) proof models. We then consider several variants of these proof models, identify several subtle differences between these variants and models, and compare the relative strengths of the notions of security between the models. For each of the pair of relations between the models (either an implication or a non-implication), we provide proofs or counter-examples to support the observed relations. We also reveal a drawback with the original formulation of the Bellare, Pointcheval, & Rogaway (2000) model, whereby the Corrupt query is not allowed.

[1]  Birgit Pfitzmann,et al.  A General Composition Theorem for Secure Reactive Systems , 2004, TCC.

[2]  Paulo S. L. M. Barreto,et al.  A New Two-Party Identity-Based Authenticated Key Agreement , 2005, CT-RSA.

[3]  Liqun Chen,et al.  Identity based authenticated key agreement protocols from pairings , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[4]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[5]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[6]  Alfred Menezes,et al.  Entity Authentication and Authenticated Key Transport Protocols Employing Asymmetric Techniques , 1997, Security Protocols Workshop.

[7]  Philip D. MacKenzie,et al.  Secure Network Authentication with Password Identification , 1999 .

[8]  Feng Bao,et al.  Security Analysis of a Password Authenticated Key Exchange Protocol , 2003, ISC.

[9]  Colin Boyd,et al.  On Session Identifiers in Provably Secure Protocols: The Bellare-Rogaway Three-Party Key Distribution Protocol Revisited , 2004, SCN.

[10]  Michael Backes,et al.  A Cryptographically Sound Dolev-Yao Style Security Proof of the Otway-Rees Protocol , 2004, ESORICS.

[11]  Duncan S. Wong,et al.  Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices , 2001, ASIACRYPT.

[12]  Victor Shoup,et al.  On Formal Models for Secure Key Exchange , 1999, IACR Cryptol. ePrint Arch..

[13]  Michael Backes,et al.  Cryptographically Sound and Machine-Assisted Verification of Security Protocols , 2003, STACS.

[14]  Jean-Jacques Quisquater,et al.  Some Attacks Upon Authenticated Group Key Agreement Protocols , 2003, J. Comput. Secur..

[15]  Muxiang Zhang Breaking an improved password authenticated key exchange protocol for imbalanced wireless networks , 2005, IEEE Commun. Lett..

[16]  Colin Boyd,et al.  Errors in Computational Complexity Proofs for Protocols , 2005, ASIACRYPT.

[17]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[18]  Kenneth G. Paterson,et al.  Tripartite Authenticated Key Agreement Protocols from Pairings , 2003, IMACC.

[19]  Kim-Kwang Raymond Choo,et al.  Security Requirements for Key Establishment Proof Models: Revisiting Bellare-Rogaway and Jeong-Katz-Lee Protocols , 2005, ACISP.

[20]  Hugo Krawczyk,et al.  A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract) , 1998, STOC '98.

[21]  Kenneth G. Paterson,et al.  Key Agreement Using Statically Keyed Authenticators , 2004, ACNS.

[22]  Zhiguo Wan,et al.  Cryptanalysis of Two Password-Authenticated Key Exchange Protocols , 2004, ACISP.

[23]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[24]  Michael Backes,et al.  From absence of certain vulnerabilities towards security proofs: pushing the limits of formal verification , 2003, NSPW '03.

[25]  David Pointcheval,et al.  Interactive Diffie-Hellman Assumptions with Applications to Password-Based Authentication , 2005, Financial Cryptography.

[26]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[27]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[28]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[29]  Mihir Bellare,et al.  Provably secure session key distribution: the three party case , 1995, STOC '95.

[30]  Birgit Pfitzmann,et al.  Deriving Cryptographically Sound Implementations Using Composition and Formally Verified Bisimulation , 2002, FME.

[31]  Colin Boyd,et al.  Provably Secure Key Exchange: An Engineering Approach , 2003, ACSW.

[32]  Alfred Menezes,et al.  Key Agreement Protocols and Their Security Analysis , 1997, IMACC.