Article

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

Authors:

Hugo KrawczykAuthors Info & Claims

EUROCRYPT '01: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology

Pages 453 - 474

Published: 06 May 2001 Publication History

Abstract

We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key-exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and prove security of key-exchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversary-controlled links.

We exemplify the usability of our results by applying them to obtain the proof of two classes of key-exchange protocols, Diffie-Hellman and key-transport, authenticated via symmetric or asymmetric techniques.

References

[1]

D. Beaver, "Secure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority", J. Cryptology (1991) 4: 75-122.

[2]

M. Bellare, R. Canetti and H. Krawczyk, "A modular approach to the design and analysis of authentication and key-exchange protocols", 30th STOC, 1998.

[3]

M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, "Relations Among Notions of Security for Public-Key Encryption Schemes", Advances in Cryptology - CRYPTO'98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk, ed., Springer-Verlag, 1998, pp. 26-45.

[4]

M. Bellare, E. Petrank, C. Rackoff and P. Rogaway, "Authenticated key exchange in the public key model," manuscript 1995-96.

[5]

M. Bellare and P. Rogaway, "Entity authentication and key distribution", Advances in Cryptology, - CRYPTO'93, Lecture Notes in Computer Science Vol. 773, D. Stinson ed, Springer-Verlag, 1994, pp. 232-249.

[6]

M. Bellare and P. Rogaway, "Provably secure session key distribution- the three party case," Annual Symposium on the Theory of Computing (STOC), 1995.

[7]

R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, "Systematic design of two-party authentication protocols," IEEE Journal on Selected Areas in Communications (special issue on Secure Communications), 11(5):679-693, June 1993. (Preliminary version: Crypto'91.).

[8]

S. Blake-Wilson, D. Johnson and A. Menezes, "Key exchange protocols and their security analysis," Proceedings of the sixth IMA International Conference on Cryptography and Coding, 1997.

[9]

S. Blake-Wilson and A. Menezes, "Entity authentication and key transport protocols employing asymmetric techniques", Security Protocols Workshop, 1997.

[10]

M. Burrows, M. Abadi and R. Needham, "A logic for authentication," DEC Systems Research Center Technical Report 39, February 1990. Earlier versions in Proceedings of the Second Conference on Theoretical Aspects of Reasoning about Knowledge, 1988, and Proceedings of the Twelfth ACM Symposium on Operating Systems Principles, 1989.

[11]

R. Canetti, "Security and Composition of Multiparty Cryptographic Protocols", Journal of Cryptology, Vol. 13, No. 1, 2000.

[12]

R. Canetti, "A unified framework for analyzing security of Protocols", manuscript, 2000. Available at http://eprint.iacr.org/2000/067.

[13]

R. Canetti and H. Krawczyk, "Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels (Full Version)", http://eprint.iacr.org/2001.

[14]

R. Canetti and H. Krawczyk, "Proving secure composition of key-exchange protocols with any application", in preparation.

[15]

W. Diffie and M. Hellman, "New directions in cryptography," IEEE Trans. Info. Theory IT-22, November 1976, pp. 644-654.

[16]

W. Diffie, P. van Oorschot and M. Wiener, "Authentication and authenticated key exchanges", Designs, Codes and Cryptography, 2, 1992, pp. 107-125.

[17]

O. Goldreich, "Foundations of Cryptography (Fragments of a book)", Weizmann Inst. of Science, 1995. (Available at http://philby.ucsd.edu/cryptolib.html).

[18]

O. Goldreich, S. Goldwasser and S. Micali, "How to construct random functions," Journal of the ACM, Vol. 33, No. 4, 210-217, (1986).

[19]

S. Goldwasser, and L. Levin, "Fair Computation of General Functions in Presence of Immoral Majority", CRYPTO '90, LNCS 537, Springer-Verlag, 1990.

[20]

S. Goldwasser and S. Micali, Probabilistic encryption, JCSS, Vol. 28, No. 2, April 1984, pp. 270-299.

[21]

S. Goldwasser, S. Micali and C. Rackoff, "The Knowledge Complexity of Interactive Proof Systems", SIAM Journal on Comput., Vol. 18, No. 1, 1989, pp. 186-208.

[22]

C.G. Günther, "An identity-based key-exchange protocol", Advances in Cryptology - EUROCRYPT'89, Lecture Notes in Computer Science Vol. 434, Springer-Verlag, 1990, pp. 29-37.

[23]

D. Harkins and D. Carrel, ed., "The Internet Key Exchange (IKE)", RFC 2409, November 1998.

[24]

ISO/IEC IS 9798-3, "Entity authentication mechanisms -- Part 3: Entity authentication using asymmetric techniques", 1993.

[25]

H. Krawczyk, "The order of encryption and authentication for protecting communications (Or: how secure is SSL?)", manuscript.

[26]

H. Krawczyk, "SKEME: A Versatile Secure Key Exchange Mechanism for Internet,", Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security, Feb. 1996, pp. 114-127.

[27]

P. Lincoln, J. Mitchell, M. Mitchell, A. Schedrov, "A Probabilistic Poly-time Framework for Protocol Analysis", 5th ACM Conf. on Computer and System Security, 1998.

[28]

A. Menezes, P. Van Oorschot and S. Vanstone, "Handbook of Applied Cryptography," CRC Press, 1996.

[29]

S. Micali and P. Rogaway, "Secure Computation", unpublished manuscript, 1992. Preliminary version in CRYPTO 91.

[30]

R. Needham and M. Schroeder, "Using encryption for authentication in large networks of computers," Communications of the ACM, Vol. 21, No. 12, December 1978, pp. 993-999.

[31]

B. Pfitzmann, M. Schunter and M. Waidner, "Secure Reactive Systems", IBM Research Report RZ 3206 (#93252), IBM Research, Zurich, May 2000.

[32]

B. Pfitzmann and M. Waidner, "A General Framework for Formal Notions of 'Secure' System", Hildesheimer Informatik-Berichte 11/94 Institut für Informatik, Universität Hildesheim, April 1994.

[33]

B. Pfitzmann and M. Waidner, "A model for asynchronous reactive systems and its application to secure message transmission", IBM Research Report RZ 3304 (#93350), IBM Research, Zurich, December 2000.

[34]

V. Shoup, "On Formal Models for Secure Key Exchange", Theory of Cryptography Library, 1999. Available at: http://philby.ucsd.edu/cryptolib/1999/99- 12.html.

Cited By

Sahu ASharma SPuthal D(2021)Lightweight Multi-party Authentication and Key Agreement Protocol in IoT-based E-Healthcare ServiceACM Transactions on Multimedia Computing, Communications, and Applications10.1145/339803917:2s(1-20)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1145/3398039
Petrioli CSaturni GSpaccini D(2019)Feasibility Study for Authenticated Key Exchange Protocols on Underwater Acoustic Sensor NetworksProceedings of the 14th International Conference on Underwater Networks & Systems10.1145/3366486.3366487(1-5)Online publication date: 23-Oct-2019
https://dl.acm.org/doi/10.1145/3366486.3366487
Kane CLin BChand SStoller SLiu YMardziel PVazou N(2019)High-Level Cryptographic AbstractionsProceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security10.1145/3338504.3357343(31-43)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338504.3357343
Show More Cited By

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

Recommendations

ID2S Password-Authenticated Key Exchange Protocols

In a two-server password-authenticated key exchange (PAKE) protocol, a client splits its password and stores two shares of its password in the two servers, respectively, and the two servers then cooperate to authenticate the client without knowing the ...
Efficient and provably secure generic construction of three-party password-based authenticated key exchange protocols
INDOCRYPT'06: Proceedings of the 7th international conference on Cryptology in India

Three-party password-based authenticated key exchange (3-party PAKE) protocols make two communication parties establish a shared session key with the help of a trusted server, with which each of the two parties shares a predetermined password. Recently, ...
Identity-based key exchange protocols without pairings
Transactions on computational science X

This paper presents a new identity based key agreement protocol. In id-based cryptography (introduced by Adi Shamir in [34]) each party uses its own identity as public key and receives his secret key from a master Key Generation Center, whose public ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

EUROCRYPT '01: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology

May 2001

543 pages

ISBN:3540420703

Editor:
Birgit Pfitzmann

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 06 May 2001

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

258
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 17 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Sahu ASharma SPuthal D(2021)Lightweight Multi-party Authentication and Key Agreement Protocol in IoT-based E-Healthcare ServiceACM Transactions on Multimedia Computing, Communications, and Applications10.1145/339803917:2s(1-20)Online publication date: 14-Jun-2021
https://dl.acm.org/doi/10.1145/3398039
Petrioli CSaturni GSpaccini D(2019)Feasibility Study for Authenticated Key Exchange Protocols on Underwater Acoustic Sensor NetworksProceedings of the 14th International Conference on Underwater Networks & Systems10.1145/3366486.3366487(1-5)Online publication date: 23-Oct-2019
https://dl.acm.org/doi/10.1145/3366486.3366487
Kane CLin BChand SStoller SLiu YMardziel PVazou N(2019)High-Level Cryptographic AbstractionsProceedings of the 14th ACM SIGSAC Workshop on Programming Languages and Analysis for Security10.1145/3338504.3357343(31-43)Online publication date: 15-Nov-2019
https://dl.acm.org/doi/10.1145/3338504.3357343
Saeed MLiu QTian GGao BLi F(2019)AKAIoTsWireless Networks10.1007/s11276-018-1704-525:6(3081-3101)Online publication date: 1-Aug-2019
https://dl.acm.org/doi/10.1007/s11276-018-1704-5
Yang ZLiu CLiu WZhang DLuo S(2018)A new strong security model for stateful authenticated group key exchangeInternational Journal of Information Security10.5555/3268268.326829817:4(423-440)Online publication date: 1-Aug-2018
https://dl.acm.org/doi/10.5555/3268268.3268298
Brandt MShulman HWaidner M(2018)Internet As a Source of RandomnessProceedings of the 17th ACM Workshop on Hot Topics in Networks10.1145/3286062.3286072(64-70)Online publication date: 15-Nov-2018
https://dl.acm.org/doi/10.1145/3286062.3286072
Costea SChoudary MGucea DTackmann BRaiciu CLie DMannan MBackes MWang X(2018)Secure Opportunistic Multipath Key ExchangeProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243791(2077-2094)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243791
Mir OMayrhofer RHölzl MNguyen T(2018)Recovery of Encrypted Mobile Device Backups from Partially Trusted Cloud ServersProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3232815(1-10)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3232815
Ferrag MMaglaras LArgyriou AKosmanos DJanicke H(2018)Security for 4G and 5G cellular networksJournal of Network and Computer Applications10.1016/j.jnca.2017.10.017101:C(55-82)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.1016/j.jnca.2017.10.017
Odelu VZeadally SDas AWazid MHe D(2018)A secure enhanced privacy-preserving key agreement protocol for wireless mobile networksTelecommunications Systems10.1007/s11235-018-0446-069:4(431-445)Online publication date: 1-Dec-2018
https://dl.acm.org/doi/10.1007/s11235-018-0446-0
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents