The importance of proofs of security for key establishment protocols

Authors:
Kim-Kwang Raymond Choo;Colin Boyd;Yvonne Hitchcock
Affiliations:
Information Security Institute, Queensland University of Technology, GPO Box 2434, Brisbane, Qld 4001, Australia;Information Security Institute, Queensland University of Technology, GPO Box 2434, Brisbane, Qld 4001, Australia;Information Security Institute, Queensland University of Technology, GPO Box 2434, Brisbane, Qld 4001, Australia
Venue:
Computer Communications
Year:
2006

Citing 10
Cited 6

Entity authentication and key distribution

CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Three-party encrypted key exchange: attacks and a solution

ACM SIGOPS Operating Systems Review
Simple authenticated key agreement protocol resistant to password guessing attacks

ACM SIGOPS Operating Systems Review
A Meta-Notation for Protocol Analysis

CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Protocols for Key Establishment and Authentication

Protocols for Key Establishment and Authentication
A New Efficient MAKEP for Wireless Communications

AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
Authenticated key exchange secure against dictionary attacks

EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
Errors in computational complexity proofs for protocols

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Security requirements for key establishment proof models: revisiting Bellare–Rogaway and Jeong–Katz–Lee protocols

ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
On session identifiers in provably secure protocols: the Bellare-Rogaway three-party key distribution protocol revisited

SCN'04 Proceedings of the 4th international conference on Security in Communication Networks

Three weaknesses in a simple three-party key exchange protocol

Information Sciences: an International Journal
Enhanced password-based simple three-party key exchange protocol

Computers and Electrical Engineering
An Computation-Efficient Generalized Group-Oriented Cryptosystem

Informatica
Multi-factor authenticated key exchange protocol in the three-party setting

Inscrypt'10 Proceedings of the 6th international conference on Information security and cryptology
Provably secure three-party password authenticated key exchange protocol in the standard model

Journal of Systems and Software
On session key construction in provably-secure key establishment protocols

Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia

Quantified Score

Hi-index	0.24

Visualization

Abstract

Despite the importance of proofs in assuring protocol implementers about the security properties of key establishment protocols, many protocol designers fail to provide any proof of security. Flaws detected long after the publication and/or implementation of protocols will erode the credibility of key establishment protocols. We revisit recent work of Choo, Boyd, Hitchcock, Maitland where they utilize the Bellare, Pointcheval, Rogaway (Authenticated key exchange secure against dictionary attacks, in: B. Preneel (Ed.), Advances in Cryptology - Eurocrypt 2000, Springer-Verlag, LNCS 1807/2000, pp. 139-155, 2000) computational complexity proof model in a machine specification and analysis (using an automated model checker - SHVT) for provably secure key establishment protocol analysis. We then examine several key establishment protocols without proofs of security, namely: protocols due to J.-K. Jan, Y.-H. Chen (A new efficient MAKEP for wireless communications, in: 18th International Conference on Advanced Information Networking and Applications - AINA 2004, IEEE Computer Society, pp. 347-350, 2004), W.-H. Yang, J.-C. Shen, S.-P. Shieh (Designing authentication protocols against guessing attacks. Technical Report 2(3), Institute of Information & Computing Machinery, Taiwan, 1999. http://www.iicm.org.tw/communication/c2_3/page07.doc), Y.-S. Kim, E.-N. Huh, J. Hwang, B.-W. Lee (An efficient key agreement protocol for secure authentication, in: A. Lagana, M.L. Gavrilova, V. Kumar, Y. Mun, C.J.K. Tan, O. Gervasi (Eds.), International Conference On Computational Science And Its Applications - ICCSA 2004, Springer-Verlag, LNCS 3043/2004, pp. 746-754, 2004), C.-L. Lin, H.-M. Sun, T. Hwang. (Three-party encrypted key exchange: attacks and a solution, in: A CM SIGOPS Operating Systems Review, pp. 12-20, 2000), and H.-T. Yeh, H.-M. Sun (Simple authenticated key agreement protocol resistant to password guessing attacks, in: A CM SIGOPS Operating Systems Review, 36(4), pp. 14-22, 2002). Using these protocols as case studies, we demonstrate previously unpublished flaws in these protocols. We may speculate that such errors could have been found by protocol designers if proofs of security were to be constructed, and hope this work will encourage future protocol designers to provide proofs of security.