A composable cryptographic library with nested operations

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2003, Pages 220-230

  Backes, Michael ^a   Pfitzmann, Birgit ^a   Waidner, Michael ^a  

^a IBM RESEARCH ZURICH   (Switzerland)

Author keywords

Cryptographically Composable Operators; Cryptography; Security Analysis of Protocols; Simulatability

Indexed keywords

AUTOMATION; NETWORK PROTOCOLS; THEOREM PROVING; VIRTUAL REALITY;

AUTHENTICATION PROTOCOLS; CRYPTOGRAPHICALLY COMPOSABLE OPERATORS; SECURITY ANALYSIS OF PROTOCOLS; SIMULATABILITY;

CRYPTOGRAPHY;

EID: 1442292329     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/948109.948140     Document Type: Conference Paper

References (54)

1. M. Abadi and J. Jürjens. Formal eavesdropping and its computational interpretation. In Proc. 4th International Symposium on Theoretical Aspects of Computer Software (TACS), pages 82-94, 2001.
2. M. Abadi and P. Rogaway. Reconciling two views of cryptography: The computational soundness of formal encryption. In Proc. 1st IFIP International Conference on Theoretical Computer Science, volume 1872 of Lecture Notes in Computer Science, pages 3-22. Springer, 2000.
3. R. Anderson and R. Needham. Robustness principles for public key protocols. In Advances in Cryptology: CRYPTO '95, volume 963 of Lecture Notes in Computer Science, pages 236-247. Springer, 1995.
4. M. Backes and C. Jacobi. Cryptographically sound and machine-assisted verification of security protocols. In Proc. 20th Annual Symposium on Theoretical Aspects of Computer Science (STAGS), volume 2607 of Lecture Notes in Computer Science, pages 675-686. Springer, 2003.
5. M. Backes, C. Jacobi, and B. Pfitzmann. Deriving Cryptographically sound implementations using composition and formally verified bisimulation. In Proc. 11th Symposium on Formal Methods Europe (FME 2002), volume 2391 of Lecture Notes in Computer Science, pages 310-329. Springer, 2002.
6. M. Backes and B. Pfitzmann. Computational probabilistic non-interference. In Proc. 7th European Symposium on Research in Computer Security (ESORICS), volume 2502 of Lecture Notes in Computer Science, pages 1-23. Springer, 2002.
7. M. Backes and B. Pfitzmann. A Cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. To appear in Proc. of 23rd Conference on foundations of software technology and theoretical computer science (FSTTCS). Preliminary version available from IACR Cryptology ePrint Archive 2003/121, 2003.
8. M. Backes and B. Pfitzmann. Intransitive non-interference for cryptographic purposes. In Proc. 24th IEEE Symposium on Security & Privacy, pages 140-152, 2003.
9. M. Backes, B. Pfitzmann, M. Steiner, and M. Waidner. Polynomial fairness and liveness. In Proc. 15th IEEE Computer Security Foundations Workshop (CSFW), pages 160-174, 2002.
10. M. Backes, B. Pfitzmann, and M. Waidner. A universally composable cryptographic library. IACR Cryptology ePrint Archive 2003/015, Jan. 2003. http://eprint.iacr.org/.
11. D. Beaver. Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority. Journal of Cryptology, 4(2):75-122, 1991.
12. G. Bella, F. Massacci, and L. C. Paulson. The verification of an industrial payment protocol: The set purchase phase. In Proc. 9th ACM Conference on Computer and Communications Security, pages 12-20, 2002.
13. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. In Advances in Cryptology: CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 26-45. Springer, 1998.
14. M. Bellare, T. Kohno, and C. Namprempre. Authenticated encryption in ssh: Provably fixing the ssh binary packet protocol. In Proc. 9th ACM Conference on Computer and Communications Security, pages 1-11, 2002.
15. M. Bellare and P. Rogaway. Entity authentication and key distribution. In Advances in Cryptology: CRYPTO '93, volume 773 of Lecture Notes in Computer Science, pages 232-249. Springer, 1994.
16. D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS. In Advances in Cryptology: CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 1-12. Springer, 1998.
17. R. Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 3(1): 143-202, 2000.
18. R. Canetti. A unified framework for analyzing security of protocols. IACR Cryptology ePrint Archive 2000/067, Dec. 2001.http://eprint.iacr.org/.
19. R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pages 136-145, 2001.
20. R. Cramer and I. Damgard. Secure signature schemes based on interactive protocols. In Advances in Cryptology: CRYPTO '95, volume 963 of Lecture Notes in Computer Science, pages 297-310. Springer, 1995.
21. R. Cramer and I. Damgard. New generation of secure and practical RSA-based signatures. In Advances in Cryptology: CRYPTO '96, volume 1109 of Lecture Notes in Computer Science, pages 173-185. Springer, 1996.
22. R. Cramer and V. Shoup. Practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In Advances in Cryptology: CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 13-25. Springer, 1998.
23. R. Cramer and V. Shoup. Signature schemes based on the strong RSA assumption. In Proc. 6th ACM Conference on Computer and Communications Security, pages 46-51, 1999.
24. Z. Dang and R. Kemmerer. Using the ASTRAL model checker for cryptographic protocol analysis. In Proc. DIMACS Workshop on Design and Formal Verification of Security Protocols, 1997. http://dimacs.rutgers.edu/Workshops/Security/.
25. D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols. Communications of the ACM, 24(8):533-536, 1981.
26. Y. Desmedt and K. Kurosawa. How to break a practical mix and design a new one. In Advances in Cryptology: EUROCRYPT 2000, volume 1807 of Lecture Notes in Computer Science, pages 557-572. Springer, 2000.
27. D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2): 198-208, 1983.
28. B. Dutertre and S. Schneider. Using a PVS embedding of CSP to verify authentication protocols. In Proc. International Conference on Theorem Proving in Higher Order Logics (TPHOL), volume 1275 of Lecture Notes in Computer Science, pages 121-136. Springer, 1997.
29. D. Fisher. Millions of .Net Passport accounts put at risk. eWeek, May 2003. (Flaw detected by Muhammad Faisal Rauf Danka).
30. R. Gennaro, S. Halevi, and T. Rubin. Secure hash-and-sign signatures without the random oracle. In Advances in Cryptology: EUROCRYPT '99, volume 1592 of Lecture Notes in Computer Science, pages 123-139. Springer, 1999.
31. O. Goldreich. Two remarks concerning the Goldwasser-Micali-Rivest signature scheme. In Advances in Cryptology: CRYPTO '86, volume 263 of Lecture Notes in Computer Science, pages 104-110. Springer, 1986.
32. S. Goldwasser and L. Levin. Fair computation of general functions in presence of immoral majority. In Advances in Cryptology: CRYPTO '90, volume 537 of Lecture Notes in Computer Science, pages 77-93. Springer, 1990.
33. S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270-299, 1984.
34. S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281-308, 1988.
35. J. D. Guttman, F. J. Thayer Fabrega, and L. Zuck. The faithfulness of abstract protocol analysis: Message authentication. In Proc. 8th ACM Conference on Computer and Communications Security, pages 186-195, 2001.
36. M. Hirt and U. Maurer. Player simulation and general adversary structures in perfect multiparty computation. Journal of Cryptology, 13(1):31-60, 2000.
37. R. Kemmerer, C. Meadows, and J. Millen. Three systems for cryptographic protocol analysis. Journal of Cryptology, 7(2):79-130, 1994.
38. P. Laud. Semantics and program analysis of computationally secure information flow. In Proc. 10th European Symposium on Programming (ESOP), pages 77-91, 2001.
39. P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In Proc. 5th ACM Conference on Computer and Communications Security, pages 112-121, 1998.
40. G. Lowe. Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In Proc. 2nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 1055 of Lecture Notes in Computer Science, pages 147-166. Springer, 1996.
41. S. Micali and P. Rogaway. Secure computation. In Advances in Cryptology: CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 392-404. Springer, 1991.
42. J. Mitchell, M. Mitchell, and U. Stern. Automated analysis of cryptographic protocols using murø. In Proc. 18th IEEE Symposium on Security & Privacy, pages 141-151, 1997.
43. R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 12(21):993-999, 1978.
44. S. Owre, N. Shankar, and J. M. Rushby. PVS: A prototype verification system. In Proc. 11th International Conference on Automated Deduction (CADE), volume 607 of Lecture Notes in Computer Science, pages 748-752. Springer, 1992.
45. L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Cryptology, 6(1):85-128, 1998.
46. B. Pfitzmann, M. Schunter, and M. Waidner. Cryptographic security of reactive systems. Presented at the DERA/RHUL Workshop on Secure Architectures and Information Flow, 1999, Electronic Notes in Theoretical Computer Science (ENTCS), March 2000. http://www.elsevier.nl/cas/tree/store/tcs/free/noncas/pc/ menu.htm.
47. B. Pfitzmann and M. Waidner. How to break and repair a "provably secure" untraceable payment system. In Advances in Cryptology: CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 338-350. Springer, 1992.
48. B. Pfitzmann and M. Waidner. Composition and integrity preservation of secure reactive systems. In Proc. 7th ACM Conference on Computer and Communications Security, pages 245-254, 2000.
49. B. Pfitzmann and M. Waidner. A model for asynchronous reactive systems and its application to secure message transmission. In Proc. 22nd IEEE Symposium on Security & Privacy, pages 184-200, 2001.
50. C. Rackoff and D. R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology: CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 433-444. Springer, 1992.
51. P. Rogaway. Authenticated-encryption with associated-data. In Proc. 9th ACM Conference on Computer and Communications Security, pages 98-107, 2002.
52. D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. 2nd USENIX Workshop on Electronic Commerce, pages 29-40, 1996.
53. B. Warinschi. A computational analysis of the Needham-Schroeder-(Lowe) protocol. In Proc. 16th IEEE Computer Security Foundations Workshop (CSFW), pages 248-262, 2003.
54. A. C. Yao. Theory and applications of trapdoor functions. In Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pages 80-91, 1982.