论文信息 - Lack of Explicitness Strikes Back (Transcript of Discussion)

Lack of Explicitness Strikes Back (Transcript of Discussion)

Provable security [4] is a study of confidentiality within a complexity-theoretic framework. We argue that its findings are highly abstract. Our argument is supported by the mechanised inductive analysis of a protocol based on smart cards that was shown to enjoy provable security and then implemented. It appears that the protocol grants no reasonable guarantees of session key confidentiality to its peers in the realistic setting where an intruder can exploit other agents' cards. Indeed, the formal argument on confidentiality requires assumptions that no peer can verify in practice. We discover and prove that the lack of explicitness of two protocol messages is the sole cause of the protocol weaknesses. Our argument requires significant extensions to the Inductive Approach [9] in order to allow for smart cards.

Giampaolo Bella

[1] Peter Honeyman,et al. Implementation of a Provably Secure, Smartcard-Based Key Distribution Protocol , 1998, CARDIS.

[2] Martín Abadi,et al. Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[3] Gavin Lowe,et al. An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[4] Lawrence C. Paulson,et al. The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[5] Mihir Bellare,et al. Provably secure session key distribution: the three party case , 1995, STOC '95.

[6] Victor Shoup,et al. Session Key Distribution Using Smart Cards , 1996, EUROCRYPT.

[7] Giampaolo Bella. Modelling Agents' Knowledge Inductively , 1999, Security Protocols Workshop.

[8] Ueli Maurer,et al. Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[9] M. Kuhn,et al. The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[10] Silvio Micali,et al. Secret-key agreement without public-key , 1994, CRYPTO 1994.