Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Three-party encrypted key exchange: attacks and a solution
ACM SIGOPS Operating Systems Review
Simple authenticated key agreement protocol resistant to password guessing attacks
ACM SIGOPS Operating Systems Review
A Meta-Notation for Protocol Analysis
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Protocols for Key Establishment and Authentication
Protocols for Key Establishment and Authentication
A New Efficient MAKEP for Wireless Communications
AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Errors in computational complexity proofs for protocols
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
SCN'04 Proceedings of the 4th international conference on Security in Communication Networks
Three weaknesses in a simple three-party key exchange protocol
Information Sciences: an International Journal
Enhanced password-based simple three-party key exchange protocol
Computers and Electrical Engineering
Multi-factor authenticated key exchange protocol in the three-party setting
Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Provably secure three-party password authenticated key exchange protocol in the standard model
Journal of Systems and Software
On session key construction in provably-secure key establishment protocols
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Hi-index | 0.24 |
Despite the importance of proofs in assuring protocol implementers about the security properties of key establishment protocols, many protocol designers fail to provide any proof of security. Flaws detected long after the publication and/or implementation of protocols will erode the credibility of key establishment protocols. We revisit recent work of Choo, Boyd, Hitchcock, Maitland where they utilize the Bellare, Pointcheval, Rogaway (Authenticated key exchange secure against dictionary attacks, in: B. Preneel (Ed.), Advances in Cryptology - Eurocrypt 2000, Springer-Verlag, LNCS 1807/2000, pp. 139-155, 2000) computational complexity proof model in a machine specification and analysis (using an automated model checker - SHVT) for provably secure key establishment protocol analysis. We then examine several key establishment protocols without proofs of security, namely: protocols due to J.-K. Jan, Y.-H. Chen (A new efficient MAKEP for wireless communications, in: 18th International Conference on Advanced Information Networking and Applications - AINA 2004, IEEE Computer Society, pp. 347-350, 2004), W.-H. Yang, J.-C. Shen, S.-P. Shieh (Designing authentication protocols against guessing attacks. Technical Report 2(3), Institute of Information & Computing Machinery, Taiwan, 1999. http://www.iicm.org.tw/communication/c2_3/page07.doc), Y.-S. Kim, E.-N. Huh, J. Hwang, B.-W. Lee (An efficient key agreement protocol for secure authentication, in: A. Lagana, M.L. Gavrilova, V. Kumar, Y. Mun, C.J.K. Tan, O. Gervasi (Eds.), International Conference On Computational Science And Its Applications - ICCSA 2004, Springer-Verlag, LNCS 3043/2004, pp. 746-754, 2004), C.-L. Lin, H.-M. Sun, T. Hwang. (Three-party encrypted key exchange: attacks and a solution, in: A CM SIGOPS Operating Systems Review, pp. 12-20, 2000), and H.-T. Yeh, H.-M. Sun (Simple authenticated key agreement protocol resistant to password guessing attacks, in: A CM SIGOPS Operating Systems Review, 36(4), pp. 14-22, 2002). Using these protocols as case studies, we demonstrate previously unpublished flaws in these protocols. We may speculate that such errors could have been found by protocol designers if proofs of security were to be constructed, and hope this work will encourage future protocol designers to provide proofs of security.