E-Book, Englisch, Band 41, 216 Seiten
Choo Secure Key Establishment
1. Auflage 2008
ISBN: 978-0-387-87969-7
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
E-Book, Englisch, Band 41, 216 Seiten
Reihe: Advances in Information Security
ISBN: 978-0-387-87969-7
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Research on Secure Key Establishment has become very active within the last few years. Secure Key Establishment discusses the problems encountered in this field. This book also introduces several improved protocols with new proofs of security. Secure Key Establishment identifies several variants of the key sharing requirement. Several variants of the widely accepted Bellare and Rogaway (1993) model are covered. A comparative study of the relative strengths of security notions between these variants of the Bellare-Rogaway model and the Canetti-Krawczyk model is included. An integrative framework is proposed that allows protocols to be analyzed in a modified version of the Bellare-Rogaway model using the automated model checker tool. Secure Key Establishment is designed for advanced level students in computer science and mathematics, as a secondary text or reference book. This book is also suitable for practitioners and researchers working for defense agencies or security companies.
Autoren/Hrsg.
Weitere Infos & Material
1;Foreword;6
2;Preface;8
2.1;Comments and Errata;9
3;Acknowledgements;10
4;Contents;12
5;List of Protocols;18
6;List of Attacks;20
7;List of Figures;21
8;List of Tables;22
9;Introduction;23
9.1;1.1 The Key Distribution Problem;23
9.2;1.2 Solution: Key Establishment Protocols;25
9.3;1.2.1 Computer Security Approach;26
9.4;1.2.2 Computational Complexity Approach;27
9.5;1.2.3 Research Objectives and Deliverables;28
9.6;1.3 Structure of Book and Contributions to Knowledge;28
9.7;References;32
10;Background Materials;41
10.1;2.1 Mathematical Background;41
10.2;2.1.1 Abstract Algebra and the Main Groups;41
10.3;2.1.2 Bilinear Maps from Elliptic Curve Pairings;42
10.4;2.1.3 Computational Problems and Assumptions;43
10.5;2.1.4 Cryptographic Tools;45
10.6;2.2 Key Establishment Protocols and their Basis;51
10.7;2.2.1 Protocol Architectures;52
10.8;2.2.2 Protocol Goals and Attacks;55
10.9;2.3 The Computational Complexity Approach;60
10.10;2.3.1 Adversarial Powers;61
10.11;2.3.2 Definition of Freshness;63
10.12;2.3.3 Definition of Security;63
10.13;2.3.4 The BellareÒRogaway Models;64
10.14;2.3.5 The CanettiÒKrawczyk Model;68
10.15;2.3.6 Protocol Security;70
10.16;2.4 Summary;71
10.17;References;71
11;A Flawed BR95 Partnership Function;78
11.1;3.1 A Flaw in the Security Proof for 3PKD Protocol;79
11.2;3.1.1 The 3PKD Protocol;79
11.3;3.1.2 Key Replicating Attack on 3PKD Protocol;80
11.4;3.1.3 The Partner Function used in the BR95 Proof;81
11.5;3.2 A Revised 3PKD Protocol in Bellare–Rogaway Model;83
11.6;3.2.1 Defining SIDs in the 3PKD Protocol;83
11.7;3.2.2 An Improved Provably Secure 3PKD Protocol;83
11.8;3.2.3 Security Proof for the Improved 3PKD Protocol;84
11.9;3.3 Summary;91
11.10;References;91
12;On The Key Sharing Requirement;92
12.1;4.1 Bellare–Rogaway 3PKD Protocol in CK2001 Model;93
12.2;4.1.1 The 3PKD Protocol;93
12.3;4.1.2 New Attack on 3PKD Protocol;94
12.4;4.1.3 A New Provably-Secure 3PKD Protocol in CK2001 Model;95
12.5;4.2 Jeong–Katz–Lee ProtocolT S2;97
12.6;4.2.1 ProtocolT S2;97
12.7;4.2.2 New Attack on ProtocolT S2;98
12.8;4.2.3 An Improved ProtocolT S2;98
12.9;4.3 The Key Sharing Requirement;99
12.10;4.4 Summary;101
12.11;References;101
13;Comparison of Bellare–Rogaway and Canetti – Krawczyk Models;104
13.1;5.1 Relating The Notions of Security;107
13.2;5.1.1 Proving BR93 (EA+KE) . BPR2000 ( EA+ KE);109
13.3;5.1.2 Proving CK2001 . BPR2000 ( KE);111
13.4;5.1.3 Proving CK2001 . BR93 ( KE);112
13.5;5.1.4 BR93 (KE) . BR95 and BR93 ( KE), CK2001 BR95;113
13.6;5.1.5 BR93 (KE) / CK2001 BPR2000 (KE);114
13.7;5.1.6 CK2001 BR93 (EA+KE);114
13.8;5.1.7 BR93 (KE) CK2001;115
13.9;5.1.8 BPR2000 (KE) BR95;117
13.10;5.2 A Drawback in the BPR2000 Model;117
13.11;5.2.1 Case Study: AbdallaÒPointcheval 3PAKE;117
13.12;5.2.2 Unknown Key Share Attack on 3PAKE;118
13.13;5.3 Summary;120
13.14;References;120
14;An Extension to the Bellare–Rogaway Model;122
14.1;6.1 A Provably-Secure Revised Protocol of Boyd;123
14.2;6.1.1 Secure Authenticated Encryption Schemes;123
14.3;6.1.2 Revised Protocol of Boyd;124
14.4;6.1.3 Security Proof;125
14.5;6.2 An Extension to the BR93 Model;129
14.6;6.3 An Efficient Protocol in Extended Model;131
14.7;6.3.1 An Efficient Protocol;131
14.8;6.3.2 Security Proof;132
14.9;6.4 Comparative Security and Efficiency;135
14.10;6.5 Summary;136
14.11;References;137
15;A Proof of Revised Yahalom Protocol;138
15.1;7.1 The Yahalom Protocol and its Simplified Version;139
15.2;7.2 A New Provably-Secure Protocol;140
15.3;7.2.1 Proof for Protocol 7.2;141
15.4;7.2.2 An Extension to Protocol 7.2;144
15.5;7.3 Partnering Mechanism: A Brief Discussion;145
15.6;7.4 Summary;147
15.7;References;148
16;Errors in Computational Complexity Proofs for Protocols;150
16.1;8.1 Boyd–Gonz ´ alez Nieto Protocol;151
16.2;8.1.1 Unknown Key Share Attack on Protocol;152
16.3;8.1.2 An Improved Conference Key Agreement Protocol;153
16.4;8.1.3 Limitations of Existing Proof;154
16.5;8.2 Jakobsson–Pointcheval MAKEP;155
16.6;8.2.1 Unknown Key Share Attack on JP-MAKEP;156
16.7;8.2.2 Flaws in Existing Security Proof for JP-MAKEP;156
16.8;8.3 Wong–Chan MAKEP;157
16.9;8.3.1 A New Attack on WC-MAKEP;157
16.10;8.3.2 Preventing the Attack;158
16.11;8.3.3 Flaws in Existing Security Proof for WC-MAKEP;158
16.12;8.4 An MT-Authenticator;159
16.13;8.4.1 Encryption-Based MT-Authenticator;159
16.14;8.4.2 Flaw in Existing Security Proof Revealed;160
16.15;8.4.3 Addressing the Flaw;161
16.16;8.4.4 An Example Protocol as a Case Study;161
16.17;8.5 Summary;163
16.18;References;164
17;On Session Key Construction;167
17.1;9.1 Chen–Kudla ID-Based Protocol;168
17.2;9.1.1 The ID-Based Protocol;169
17.3;9.1.2 Existing Arguments on Restriction of Reveal Query;169
17.4;9.1.3 Improved ChenÒKudla Protocol;170
17.5;9.1.4 Security Proof for Improved ChenÒKudla Protocol;171
17.6;9.2 McCullagh–Barreto 2P-IDAKA Protocol;173
17.7;9.2.1 The 2P-IDAKA Protocol;173
17.8;9.2.2 Why Reveal Query is Restricted;173
17.9;9.2.3 Errors in Existing Proof for 2P-IDAKA Protocol;174
17.10;9.2.4 Improved 2P-IDAKA Protocol;176
17.11;9.3 A Proposal for Session Key Construction;177
17.12;9.4 Another Case Study;178
17.13;9.4.1 Reflection Attack on LeeÒKimÒYoo Protocol;179
17.14;9.4.2 Preventing the Attack;180
17.15;9.5 Summary;180
17.16;References;181
18;Complementing Computational Protocol Analysis;183
18.1;10.1 The Formal Framework;184
18.2;10.2 Analysing a Provably-Secure Protocol;185
18.3;10.2.1 Protocol Specification;186
18.4;10.2.2 Protocol Analysis;188
18.5;10.3 Analysing Another Two Protocols With Claimed Proofs of Security;192
18.6;10.3.1 Protocol Analysis;193
18.7;10.3.2 Flaws in Refuted Proofs;197
18.8;10.3.3 A Possible Fix;197
18.9;10.4 Analysing Protocols with Heuristic Security Arguments;198
18.10;10.4.1 Case Studies;198
18.11;10.4.2 Protocol Analyses;201
18.12;10.5 Summary;208
18.13;References;208
19;An Integrative Framework to Protocol Analysis and Repair;211
19.1;11.1 Case Study Protocol;213
19.2;11.2 Proposed Integrative Framework;214
19.3;11.2.1 Protocols Specification;214
19.4;11.2.2 Protocols Analysis;217
19.5;11.2.3 Protocol Repair;219
19.6;11.3 Summary;221
19.7;References;222
20;Conclusion and Future Work;224
20.1;12.1 Research Summary;224
20.2;12.2 Open Problems and Future Directions;225
20.3;References;227
21;Index;229
