A cryptographically sound Dolev-Yao style security proof of the Otway-Rees protocol

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 3193, Issue , 2004, Pages 89-108

  Backes, Michael ^a  

^a IBM RESEARCH ZURICH   (Switzerland)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK SECURITY;

'CURRENT; ACTIVE ATTACK; COMPOSITION THEOREM; CRYPTOGRAPHIC IMPLEMENTATION; CRYPTOGRAPHIC PRIMITIVES; CRYPTOGRAPHICS; PROBABILISTIC ASPECTS; PROOF TOOLS; PROVABLY SECURE; SECURITY PROOFS;

CRYPTOGRAPHY;

EID: 35048863550     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-30108-0_6     Document Type: Article

References (41)

1. M. Abadi and A. D. Gordon. A calculus for cryptographie protocols: The spi calculus. Information and Compulation, 148(1): 1-70, 1999.
2. M. Abadi and J. Jürjens. Formal eavesdropping and its computational interpretation. In Proc. 4th International Symposium on Theoretical Aspects of Computer Software (TACS), pages 82-94, 2001.
3. M. Abadi and P. Rogaway. Reconciling two views of cryptography: The computational soundness of formal encryption. In PTOC. 1st IFlP International Conference on Theoretical Computer Science, volume 1872 of LNCS, pages 3-22. Springer, 2000.
4. M. Backes. A cryptographically sound Dolev-Yao style security proof of the Otway-Rees protocol. Research Report RZ 3539, IBM Research, 2004.
5. M. Backes and C. Jacobi. Cryptographically sound and machine-assisted verification of security protocols. In Proc. 20th Annual Symposium on Theoretical Aspects of Computer Science (STAGS), volume 2607 of LNCS, pages 675-686. Springer, 2003.
6. M. Backes and B. Pfitzmann. A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. In Proc. 23rd Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), pages 1-12, 2003.
7. M. Backes and B. Pfitzmann. Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In Proc. 17th IEEE Computer Security Foundations Workshop (CSFW), 2004.
8. M. Backes, B. Pfitzmann, and M. Waidner. A composable cryptographic library with nested operations (extended abstract). In Proc. 10th ACM Conference on Computer and Communications Security, pages 220-230, 2003. Full version in IACR Cryptology ePrint Archive 2003/015, Jan. 2003, http : //eprint. iacr. org/.
9. M. Backes, B. Pfitzmann, and M. Waidner. Symmetric authentication within a simulatable cryptographic library. In Proc. 8th European Symposium on Research in Computer Security (ESORICS), volume 2808 of LNCS, pages 271-290, Springer, 2003.
10. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway. Relations among notions of security for public-key encryption schemes. In Advances in Cryptology: CRYPTO '98, volume 1462 of LNCS, pages 26-45. Springer, 1998.
11. M. Bellare and C. Namprempre. Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In Advances in Cryptology: ASlACRYPT 2000, volume 1976 of LNCS, pages 531-545. Springer, 2000.
12. M. Bellare and P. Rogaway. Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient constructions. In Advances in Cryptology: ASIACRYPT 2000, volume 1976 of LNCS, pages 317-330. Springer, 2000.
13. D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS. In Advances in Cryptology: CRYPTO '98, volume 1462 of LNCS, pages 1-12. Springer, 1998.
14. M. Burrows, M. Abadi, and R. Needham. A logic for authentication. Technical Report 39, SRC DIGITAL, 1990.
15. D. E. Denning and G. M. Sacco. Timestamps in key distribution protocols. Communications of the ACM,24(8):533-536, 1981.
16. D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2): 198-208.1983.
17. D. Fisher. Millions of .Net Passport accounts put at risk. eWeek, May 2003. (Flaw detected by Muhammad Faisal Rauf Danka).
18. O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game - or - a completeness theorem for protocols with honest majority. In Proc. 19th Annual ACM Symposium on Tlieory of Computing (STOC), pages 218-229,1987.
19. S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270-299, 1984.
20. S. Goldwasser, S. Micali, and C. Rackoff. The knowledge complexity of interactive proof systems. SIAM Journal on Computing, 18(1):186-207,1989.
21. J. Herzog. Computational Soundness of Formal Adversaries. PhD thesis, MIT, 2002.
22. J. Herzog, M. Liskov, and S. Micali. Plaintext awareness via key registration. In Advances in Cryptology: CRYPTO 2003, volume 2729 of LNCS, pages 548-564. Springer, 2003.
23. R. Impagliazzo and B. M. Kapron. Logics for reasoning about cryptographic constructions. In Proc. 44th IEEE Symposium on Foundations of Computer Science, pages 372-381, 2003.
24. F. JavierThayer, J. C. Herzog, and J. D. Guttman. Honest ideals on strand spaces. In Proc. 11th IEEE Computer Security Foundations Workshop (CSFW), pages 66-77, 1998.
25. R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448-457, 1989.
26. P. Laud. Semantics and program analysis of computationally secure information flow. In Proc. 10th European Symposium on Programming (ESOP), pages 77-91,2001.
27. P. Laud. Symmetric encryption in automatic analyses for confidentiality against active adversaries. In Proc. 25th IEEE Symposium on Security & Privacy, pages 71-85, 2004.
28. P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In Proc. 5th ACM Conference on Computer and Communications Security, pages 112-121,1998.
29. C. Meadows. Using narrowing in the analysis of key management protocols. In Proc. 10th IEEE Symposium on Security & Privacy, pages 138-147, 1989.
30. D. Micciancio and B. Warinschi. Soundness of formal encryption in the presence of active adversaries. In Proc. 1st Theory of Cryptography Conference (TCC), volume 2951 of LNCS, pages 133-151. Springer, 2004.
31. J. K. Millen. The interrogator: A tool for cryptographic protocol security. In Proc. 5th IEEE Symposium on Security & Privacy, pages 134-141, 1984.
32. J. Mitchell, M. Mitchell, and A. Scedrov. A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In Proc. 39th IEEE Symposium on Founda tions of Computer Science, pages 725-733, 1998.
33. J. Mitchell, M. Mitchell, A. Scedrov, and V. Teague. A probabilistic polynominal-time process calculus for analysis of cryptographic protocols (preliminary report). Electronic Notes in Theoretical Computer Science, 47:1-31, 2001.
34. R. Needham and M. Schroeder. Using encryption for authentication in large networks of computers. Communications of the ACM, 12(21):993-999, 1978.
35. D. Otway and O. Rees. Efficient and timely mutual authentication. Operation Systems Rewetv.21(1):8-10, 1987.
36. L. Paulson. Mechanized proofs for a recursive authentication protocol. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pages 84-95, 1997.
37. L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Cryptology,6(1):85-128, 1998.
38. B. Pfitzmann and M. Waidner. A model for asynchronous reactive systems and its application to secure message transmission. In Proc. 22nd IEEE Symposium on Security & Privacy, pages 184-200, 2001.
39. P. Rogaway, M. Bellare, J. Black, and T. Krovetz. OCB: A block-cipher mode of operation for efficient authenticated encryption. In Proc. 8th ACM Conference on Computer and Communications Security, pages 196-205, 2001.
40. D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. 2nd USENlX Workshop on Electronic Commerce, pages 29-40, 1996.
41. B. Warinschi. A computational analysis of the Needham-Schroeder-(Lowe) protocol. In Proc. 16th IEEE Computer Security Foundations Workshop (CSFW), pages 248-262,2003.