Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Security Analysis of IKE's Signature-Based Key-Exchange Protocol
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
Simulation-Based Security with Inexhaustible Interactive Turing Machines
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Computationally Sound Compositional Logic for Key Exchange Protocols
CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Computationally Sound Mechanized Proofs of Correspondence Assertions
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Breaking and fixing public-key Kerberos
Information and Computation
CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Universally Composable Security Analysis of TLS
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
Practical attacks against WEP and WPA
Proceedings of the second ACM conference on Wireless network security
Partnership in key exchange protocols
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Universally Composable Symmetric Encryption
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Plaintext Recovery Attacks against SSH
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
Authenticated key exchange secure against dictionary attacks
EUROCRYPT'00 Proceedings of the 19th international conference on Theory and application of cryptographic techniques
On the (in)security of IPsec in MAC-then-encrypt configurations
Proceedings of the 17th ACM conference on Computer and communications security
Ideal key derivation and encryption in simulation-based security
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Composability of bellare-rogaway key exchange protocols
Proceedings of the 18th ACM conference on Computer and communications security
Sessions and separability in security protocols
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Hi-index | 0.00 |
Canetti's universal composition theorem and the joint state composition theorems by Canetti and Rabin are useful and widely employed tools for the modular design and analysis of cryptographic protocols. However, these theorems assume that parties participating in a protocol session have pre-established a unique session ID (SID). While the use of such SIDs is a good design principle, existing protocols, in particular real-world security protocols, typically do not use pre-established SIDs, at least not explicitly and not in the particular way stipulated by the theorems. As a result, the composition theorems cannot be applied for analyzing such protocols in a modular and faithful way. In this paper, we therefore present universal and joint state composition theorems which do not assume pre-established SIDs. In our joint state composition theorem, the joint state is an ideal functionality which supports several cryptographic operations, including public-key encryption, (authenticated and unauthenticated) symmetric encryption, MACs, digital signatures, and key derivation. This functionality has recently been proposed by Küsters and Tuengerthal and has been shown to be realizable under standard cryptographic assumptions and for a reasonable class of environments. We demonstrate the usefulness of our composition theorems by several case studies on real-world security protocols, including IEEE 802.11i, SSL/TLS, SSH, IPsec, and EAP-PSK. While our applications focus on real-world security protocols, our theorems, models, and techniques should be useful beyond this domain.