Provable Cryptographic Security and its Applications to Mobile Wireless Computing

Many attempts to secure mobile wireless systems have failed abysmally. Notable examples include 802.11 WEP, as well as major cellular phone standards such as TDMA, CDMA, and GSM. The attacks typically result from the correct use of a bad cryptographic primitive or the incorrect use of a good one.By designing provably secure algorithms and protocols, we not only minimize the time required to gain confidence in the security of a system, but we virtually eliminate the possibility of a cryptographic vulnerability. Unfortunately, the concept of “provable securit” is often misunderstood. In this survey paper, we state precisely what provable security is and is not, and describe the benefits of the approach.

[1]  Eran Tromer,et al.  On the Cost of Factoring RSA-1024 , 2003 .

[2]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[3]  Eli Biham,et al.  Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, CRYPTO.

[4]  Shouhuai Xu,et al.  Key-Insulated Public Key Cryptosystems , 2002, EUROCRYPT.

[5]  Mihir Bellare,et al.  Practice-Oriented Provable-Security , 1997, ISW.

[6]  Zulfikar Ramzan,et al.  On the Round Security of Symmetric-Key Cryptographic Primitives , 2000, CRYPTO.

[7]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[8]  Silvio Micali,et al.  Physically Observable Cryptography (Extended Abstract) , 2004, TCC.

[9]  Silvio Micali,et al.  Plaintext Awareness via Key Registration , 2003, CRYPTO.

[10]  Daniel J. Bernstein,et al.  Circuits for Integer Factorization: A Proposal , 2001 .

[11]  Adi Shamir,et al.  Factoring Estimates for a 1024-Bit RSA Modulus , 2003, ASIACRYPT.

[12]  Eric Rescorla Security Holes . . . Who Cares? , 2003, USENIX Security Symposium.

[13]  William A. Arbaugh,et al.  Security problems in 802.11-based networks , 2003, CACM.

[14]  Joseph H. Silverman,et al.  NSS: An NTRU Lattice-Based Signature Scheme , 2001, EUROCRYPT.

[15]  Alex Biryukov,et al.  Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[16]  Daniel Bleichenbacher,et al.  Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1 , 1998, CRYPTO.

[17]  William Millan,et al.  Cryptanalysis of ORYX , 1998, Selected Areas in Cryptography.

[18]  Craig Gentry,et al.  Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001 , 2001, ASIACRYPT.

[19]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[20]  Yuval Ishai,et al.  Private Circuits: Securing Hardware against Probing Attacks , 2003, CRYPTO.

[21]  Mihir Bellare,et al.  An Uninstantiable Random-Oracle-Model Scheme for a Hybrid-Encryption Problem , 2004, EUROCRYPT.

[22]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[23]  Ran Canetti,et al.  On the Random-Oracle Methodology as Applied to Length-Restricted Signature Schemes , 2004, TCC.

[24]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[25]  Bruce Schneier,et al.  Cryptanalysis of the Cellular Encryption Algorithm , 1997, CRYPTO.

[26]  Craig Gentry,et al.  Cryptanalysis of the Revised NTRU Signature Scheme , 2002, EUROCRYPT.

[27]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[28]  Jacques Stern,et al.  Flaws in Applying Proof Methodologies to Signature Schemes , 2002, CRYPTO.

[29]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[30]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[31]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[32]  Stanislaw Jarecki,et al.  A Signature Scheme as Secure as the Diffie-Hellman Problem , 2003, EUROCRYPT.

[33]  Russ Housley,et al.  Security flaws in 802.11 data link protocols , 2003, CACM.

[34]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[35]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.