Refuting security proofs for tripartite key exchange with model checker in planning problem setting

We encode a simplified version of the Canetti and Krawczyk (2001) formalism using asynchronous product automata (APA). We then use a model checker tool, simple homomorphism verification tool (SHVT), to perform state-space analysis on our automata in the setting of planning problem. As a case study, we revisit two tripartite key exchange protocols of Hitchcock, Boyd, and Gonzalez Nieto (2004), which carry claimed security proofs in the Canetti and Krawczyk (2001) model. We refute their proofs of security by pointing out previously unpublished flaws in the protocols using SHVT. We then point out corresponding flaws in the refuted proofs

[1]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption) , 2007, Journal of Cryptology.

[2]  Catherine A. Meadows,et al.  Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[3]  Bruno Blanchet A Computationally Sound Mechanized Prover for Security Protocols , 2008, IEEE Trans. Dependable Secur. Comput..

[4]  Elaine B. Barker,et al.  Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography , 2007 .

[5]  Tal Rabin,et al.  On the Security of Joint Signature and Encryption , 2002, EUROCRYPT.

[6]  Michael Backes,et al.  A Cryptographically Sound Dolev-Yao Style Security Proof of the Otway-Rees Protocol , 2004, ESORICS.

[7]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[8]  Hugo Krawczyk,et al.  Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels , 2001, EUROCRYPT.

[9]  Kenneth G. Paterson,et al.  Modular Security Proofs for Key Agreement Protocols , 2005, ASIACRYPT.

[10]  Duncan S. Wong,et al.  Efficient and Mutually Authenticated Key Exchange for Low Power Computing Devices , 2001, ASIACRYPT.

[11]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[12]  Colin Boyd,et al.  Round-Optimal Contributory Conference Key Agreement , 2003, Public Key Cryptography.

[13]  Colin Boyd,et al.  Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[14]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[15]  Dong Hoon Lee,et al.  One-Round Protocols for Two-Party Authenticated Key Exchange , 2004, ACNS.

[16]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[17]  Birgit Pfitzmann,et al.  A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol , 2003, IEEE Journal on Selected Areas in Communications.

[18]  Colin Boyd,et al.  Examining Indistinguishability-Based Proof Models for Key Establishment Protocols , 2005, ASIACRYPT.

[19]  Amedeo Cesta,et al.  Recent Advances in AI Planning , 1997, Lecture Notes in Computer Science.

[20]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[21]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[22]  J. Meigs,et al.  WHO Technical Report , 1954, The Yale Journal of Biology and Medicine.

[23]  Colin Boyd,et al.  Tripartite Key Exchange in the Canetti-Krawczyk Proof Model , 2004, INDOCRYPT.

[24]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[25]  Vladimir Lifschitz,et al.  Answer Set Planning (Abstract) , 1999, LPNMR.

[26]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[27]  Michael Backes,et al.  Cryptographically Sound and Machine-Assisted Verification of Security Protocols , 2003, STACS.

[28]  Ulrich Ultes-Nitsche,et al.  The SH-Verification Tool — Abstraction-Based Verification of Co-operating Systems , 1998, Formal Aspects of Computing.

[29]  Mihir Bellare,et al.  Authenticated Key Exchange Secure against Dictionary Attacks , 2000, EUROCRYPT.

[30]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[31]  Colin Boyd,et al.  Complementing Computational Protocol Analysis with Formal Specifications , 2004, Formal Aspects in Security and Trust.

[32]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[33]  Colin Boyd,et al.  Errors in Computational Complexity Proofs for Protocols , 2005, ASIACRYPT.