Journal ArticleDOI
When is a key establishment protocol correct
Reads0
Chats0
TLDR
There are sufficient and necessary conditions to guarantee the security of a Key Establishment (KE) protocol based on the formalism of the belief multisets, and a central ingredient in this approach is that all the beliefs should be established on the basis of a trusted freshness identifier.Abstract:
This paper presents sufficient and necessary conditions to guarantee the security of a Key Establishment (KE) protocol based on our formalism of the belief multisets. The formalism is used to express the security of a KE protocol and to reason about beliefs in the protocol. We observe that a freshness identifier such as a nonce may not be fresh for a legitimate party in a particular protocol run, hence we distinguish a trusted freshness identifier from the commonly used freshness identifier in the sense of a participant's beliefs about the security. A central ingredient in our approach is that all the beliefs should be established on the basis of a trusted freshness identifier. The reasoning results of our approach, comparing with the security conditions, can either establish the correctness of a KE protocol when the protocol is in fact correct, or identify the absence of the security properties, which leads to the structure to construct attacks directly. Two examples, the Kerberos pair-key agreement approach in distributed sensor networks and the Needham—Schroeder public key protocol, are given to show the usability and the efficiency of our approach. Copyright © 2009 John Wiley & Sons, Ltd.read more
Citations
More filters
Book ChapterDOI
Formalism of Protocol Security Analysis
Ling Dong,Kefei Chen +1 more
TL;DR: First, some famous formalisms such as BAN logic, model checking and strand space are briefly introduced; then a belief multiset formalism is put forward based on the trusted freshness notion in Chapters 4, 5 and also 6, and the formalist is simple and precise for automation of security analysis.
Book ChapterDOI
Automated Analysis of Cryptographic Protocols Based on Trusted Freshness
Ling Dong,Kefei Chen +1 more
TL;DR: An automated logic-based analysis tool based on the freshness principle is introduced and developed, which uses the belief multiset formalism to analyze the security of cryptographic protocols.
References
More filters
Journal ArticleDOI
On the security of public key protocols
Danny Dolev,Andrew Chi-Chih Yao +1 more
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Journal ArticleDOI
Using encryption for authentication in large networks of computers
TL;DR: Use of encryption to achieve authenticated communication in computer networks is discussed and example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee.
Journal ArticleDOI
A logic of authentication
TL;DR: This paper describes the beliefs of trustworthy parties involved in authentication protocols and the evolution of these beliefs as a consequence of communication, and gives the results of the analysis of four published protocols.
Book ChapterDOI
Entity authentication and key distribution
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: This work provides the first formal treatment of entity authentication and authenticated key distribution appropriate to the distributed environment and presents a definition, protocol, and proof that the protocol meets its goal, assuming only the existence of a pseudorandom function.
Book ChapterDOI
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
Ran Canetti,Hugo Krawczyk +1 more
TL;DR: In this article, the authors present a formalism for the analysis of key exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels.