The faithfulness of abstract protocol analysis: Message authentication (original) (raw)

The faithfulness of abstract protocol analysis

Proceedings of the 8th ACM conference on Computer and Communications Security - CCS '01, 2001

Dolev and Yao initiated an approach to studying cryptographic protocols which abstracts from possible problems with the cryptography so as to focus on the structural aspects of the protocol. Recent work in this framework has developed easily applicable methods to determine many security properties of protocols. A separate line of work, initiated by Bellare and Rogaway, analyzes the way specific cryptographic primitives are used in protocols. It gives asymptotic bounds on the risk of failures of secrecy or authentication.

Authentication primitives for secure protocol specifications

Future Generation Computer Systems, 2005

We advocate here the use of two authentication primitives we recently propose in a calculus for distributed systems, as a further instrument for programmers interested in authentication. These primitives offer a way of abstracting from various specifications of authentication and obtaining idealized protocols "secure by construction". We can consequently prove that a cryptographic protocol is the correct implementation of the corresponding abstract protocol; when the proof fails, reasoning on the abstract specification may drive to the correct implementation.

A Framework for the Study of Cryptographic Protocols

Lecture Notes in Computer Science

We develop a simple model of computation under whicb to study the meaning of cryptographic protocol and security. We define a protocol as a mathematical object and security as a possible property of this object, Having formalized the concept of a secure protocol we study its general properties. We back up our contention that the model is reasonable by solving wme well known cryptography problems within the framework of the model. 1. Introduction. It can be argued that cryptographers have been able to provide satisfactory solutions to only the simplest among the problems involving transactions between mutually suspicious parties. In this category lie problems like flipping coins [l]. exchange of a single bit [2] (or a fraction of a bit [31), demonstrating the truth of some boolean predicates on the secret keys [41, and the Oblivious Transfer [51 [61. Harder problems ('1 Research spnsard in port by GTE fellowahip. 1.9 Research sponsored by the Helen and George Panin Fellowshi0 L**Y Reaeuch smonsored in uart by NSF man1 MCS-82-UL1506 and by Uuivemidad. .

Compositional Analysis of Authentication Protocols (Full Version)

2003

We propose a new method for the static analysis of entity authentication protocols. We develop our approach based on a dialect of the spi-calculus as the underlying formalism for expressing protocol narrations. Our analysis validates the honest protocol participants against static (hence decidable) conditions that provide formal guarantees of entity authentication. The main result is that the validation of each component is provably sound and fully compositional: if all the protocol participants are successfully validated, then the protocol as a whole guarantees entity authentication in the presence of Dolev-Yao intruders.

Towards a Quantitative Analysis of Security Protocols

Electronic Notes in Theoretical Computer Science, 2006

This paper contributes to further closing the gap between formal analysis and concrete implementations of security protocols by introducing a quantitative extension of the usual Dolev-Yao intruder model. This extended model provides a basis for considering protocol attacks that are possible when the intruder has a reasonable amount of computational power, in particular when he is able, with a certain probability, to guess encryption keys or other particular kind of data such as the body of a hashed message. We also show that these extensions do not augment the computational complexity of the protocol insecurity problem in the case of a finite number of interleaved protocol sessions.

Compositional analysis of authentication protocols

2004

A Note on an . . . Cryptographic Protocol Insecurity

2008

This article discusses the paper “Protocol insecurity with a finite number of sessions and composed keys is NP-complete ” [1]. Some understanding of the paper is recorded in this article. Especially a non-trivial error of the NP proof of [1] is presented, and we provide a solution to fix this error. We suggest that the NP-completeness proof can be improved in several aspects.

On Symbolic Analysis of Cryptographic Protocols

2005

The universally composable symbolic analysis (UCSA) framework layers Dolev-Yao style symbolic analysis on top of the universally composable (UC) secure framework to construct computationally sound proofs of cryptographic protocol security. The original proposal of the UCSA framework by Canetti and Herzog focused on protocols that only use public key encryption to achieve 2-party mutual authentication or key exchange. This thesis expands the framework to include protocols that use digital signatures as well.

V.: Provable-security analysis of authenticated encryption

2013

Kerberos is a widely-deployed network authentication protocol that is being considered for standardization. Many works have analyzed its security, identifying flaws and often suggesting fixes, thus helping the protocol’s evolution. Several recent results present successful formal-methods-based verification of a significant portion of the current version 5, and some even imply security in the computational setting. For these results to be meaningful, encryption in Kerberos should satisfy strong cryptographic security notions. However, neither currently deployed as part of Kerberos encryption schemes nor their proposed revisions are known to provably satisfy such notions. We take a close look at Kerberos ’ encryption and confirm that most of the options in the current version provably provide privacy and authenticity, some with slight modification that we suggest. Our results complement the formal-methods-based analysis of Kerberos that justifies its current design.

The faithfulness of abstract protocol analysis: Message authentication (original) (raw)

Related papers