Less is more: Relaxed yet composable security notions for key exchange

International Journal of Information Security

Volumn 12, Issue 4, 2013, Pages 267-297

  Brzuska, C ^a   Fischlin, M ^a   Smart, N P ^b   Warinschi, B ^b   Williams, S C ^b  

^a DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

^b UNIVERSITY OF BRISTOL   (United Kingdom)

Author keywords

Key agreement; TLS

Indexed keywords

KEY AGREEMENT; KEY AGREEMENT PROTOCOL; KEY EXCHANGE PROTOCOLS; MONOLITHIC ANALYSIS; SECURITY DEFINITIONS; SECURITY NOTION; SECURITY REQUIREMENTS; TLS;

THEOREM PROVING;

SEEBECK EFFECT;

EID: 84880165237     PISSN: 16155262     EISSN: 16155270     Source Type: Journal    
DOI: 10.1007/s10207-013-0192-y     Document Type: Article

References (30)

1. Barak, B., Lindell, Y., Rabin, T.: Protocol Initialization for the Framework of Universal Composability. ePrint archive: http://eprint. iacr. org/2004/006.
2. Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Advances in Cryptology-EUROCRYPT 2000, LNCS, vol. 1807, pp. 259-274, Springer (2000).
3. Bellare, M., Boldyreva, A., Palacio, A.: An uninstantiable random-oracle-model scheme for a hybrid-encryption problem. In: Advances in Cryptology-EUROCRYPT 2004, LNCS, vol. 3027, pp. 171-188, Springer (2004).
4. Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Advances in Cryptology-ASIACRYPT 2000, LNCS, vol. 1976, pp. 531-545, Springer (2000).
5. Bellare, M., Pointcheval, D., Rogaway, P.: Authenticated key exchange secure against dictionary attacks. In: Advances in Cryptology-EUROCRYPT 2000, LNCS, vol. 1807, pp. 139-155, Springer (2000).
6. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Advances in Cryptology, CRYPTO '93, LNCS, vol. 773, pp. 232-249, Springer (1994).
7. Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: 27th Symposium on Theory of Computing-STOC 1995, pp. 57-66, ACM (1995).
8. Blake-Wilson, S., Johnson, D., Menezes, A. J.: Key agreement protocols and their security analysis. In: IMA Cryptography and Coding-IMACC 1997, LNCS, vol. 1355, pp. 30-45, Springer (1997).
9. Blake-Wilson, S., Menezes, A. J.: Entity authentication and authenticated key transport protocols employing asymmetric techniques. In: IWSP, LNCS, vol. 1361, pp. 137-158, Springer (1998).
10. Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Advances in Cryptology-CRYPTO '98, LNCS, vol. 1462, pp. 1-12, Springer (1998).
11. Brzuska, C., Fischlin, M., Warinschi, B., Williams, S.: Composability of Bellare-Rogaway key exchange protocols In: Conference on Computer and Communication Security-CCS 2011, pp. 51-62, ACM (2011).
12. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13, 143-202 (2000).
13. Canetti, R., Krawczyk, H.: Analysis of key-exchange protocols and their use for building secure channels. In: Advances in Cryptology-EUROCRYPT 2001, LNCS, vol. 2045, pp. 453-474, Springer (2001).
14. Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Advances in Cryptology-EUROCRYPT 2002, LNCS, vol. 2332, pp. 337-351, Springer (2002).
15. Canetti, R., Krawczyk, H.: Security analysis of IKE's signature-based key-exchange protocol. In: Advances in Cryptology-CRYPTO 2002, LNCS, vol. 2442, pp. 143-161, Springer (2002).
16. Canetti, R., Rabin, T.: Universal composition with joint state. In: Advances in Cryptology-CRYPTO 2003, LNCS, vol. 2729, pp. 265-281, Springer (2003).
17. Datta, A., Derek, A., Mitchell, J., Shmatikov, V., Turuani, M.: Probabilistic polynomial-time semantics for a protocol security logic. In: Automata, Languages and Programming-ICALP 2005, LNCS, vol. 3580, pp. 16-29, Springer (2005).
18. Datta, A., Derek, A., Mitchell, J. C., Warinschi, B.: Computationally sound compositional logic for key exchange protocols. In: Computer Security Foundations Workshop-CSFW 2005, pp. 321-334, IEEE Computer Society (2006).
19. Dierks, T., Allen, C.: The TLS Protocol Version 1. 2. RFC 4346, April (2006).
20. Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: RSA-OAEP is secure under the RSA assumption. In: Advances in Cryptology-CRYPTO 2001, LNCS, vol. 2139, pp. 260-274, Springer (2001).
21. Goldwasser, S., Micali, S., Rivest, R.: A digiral signature scheme secure against adaptive chosen-message attacks. SIAM J. Comput. 17, 281-308 (1988).
22. International Civic Aviation Organization. Supplemental Access Control for Machine Readable Travel Documents. Version 1. 01. Available at http://www2. icao. int/en/MRTD/Downloads/TechnicalReports/TechnicalReport. pdf. (2010).
23. Jager, T., Kohlar, F., Schäge, S., Schwenk, J.: On the security of TLS-DHE in the standard model. In: Advances in Cryptology-CRYPTO 2012, LNCS, vol. 7417, pp. 273-293, Springer (2012).
24. Kaliski, B.: PKCS #1: RSA Encryption Version 1. 5. RFC 2313, October (1998).
25. Krawczyk, H.: The Order of Encryption and authentication for protecting communications (or: How Secure Is SSL?). In: Advances in Cryptology-CRYPTO 2001, LNCS, vol. 2139, pp. 310-331, Springer (2001).
26. Küsters, R., Tuengerthal, M.: Composition theorems without pre-established session identifiers. In: Conference on Computer and Communication Security-CCS 2011, pp. 41-50, ACM (2011).
27. Maurer, U., Tackmann, B.: On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption. In: Conference on Computer and Communication Security-CCS 2010, pp. 505-515, ACM (2010).
28. Morrissey, P., Smart, N. P., Warinschi, B.: The TLS handshake protocol: a modular analysis. J. Cryptol. 23, 187-223 (2010).
29. Paterson, K. G., Ristenpart, T., Shrimpton, T.: Tag size boes matter: attacks and proofs for the TLS record protocol. In: Advances in Cryptology-ASIACRYPT 2011, LNCS, vol. 7073, pp. 372-389, Springer (2011).
30. Shoup, V: On formal models for secure key exchange. IBM Research Report RZ 3120 (1999).