How to construct pseudorandom permutations from pseudorandom functions
SIAM Journal on Computing - Special issue on cryptography
Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Public-key cryptography and password protocols
ACM Transactions on Information and System Security (TISSEC)
Complete characterization of security notions for probabilistic private-key encryption
STOC '00 Proceedings of the thirty-second annual ACM symposium on Theory of computing
Foundations of Cryptography: Basic Tools
Foundations of Cryptography: Basic Tools
UMAC: Fast and Secure Message Authentication
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
LFSR-based Hashing and Authentication
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Bucket Hashing and its Application to Fast Message Authentication
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Relations Among Notions of Security for Public-Key Encryption Schemes
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
A Concrete Security Treatment of Symmetric Encryption
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
On the Security of CTR + CBC-MAC
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
Security Analysis of IKE's Signature-Based Key-Exchange Protocol
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
On the Security of Joint Signature and Encryption
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC, WTLS ...
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
A Certified E-mail System with Receiver's Selective Usage of Delivery Authority
INDOCRYPT '02 Proceedings of the Third International Conference on Cryptology: Progress in Cryptology
Formal Proofs for the Security of Signcryption
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Secure Channels Based on Authenticated Encryption Schemes: A Simple Characterization
ASIACRYPT '02 Proceedings of the 8th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Shark: scaling file servers via cooperative caching
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
FPGA Intrinsic PUFs and Their Use for IP Protection
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Enforcing User-Aware Browser-Based Mutual Authentication with Strong Locked Same Origin Policy
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Circular-Secure Encryption from Decision Diffie-Hellman
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
CLL: A Cryptographic Link Layer for Local Area Networks
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
Immunising CBC Mode Against Padding Oracle Attacks: A Formal Security Treatment
SCN '08 Proceedings of the 6th international conference on Security and Cryptography for Networks
A Browser-Based Kerberos Authentication Scheme
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Universally Composable Security Analysis of TLS
ProvSec '08 Proceedings of the 2nd International Conference on Provable Security
A Modular Security Analysis of the TLS Handshake Protocol
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Computationally Sound Formalization of Rerandomizable RCCA Secure Encryption
Formal to Practical Security
On the (in)security of IPsec in MAC-then-encrypt configurations
Proceedings of the 17th ACM conference on Computer and communications security
On the soundness of authenticate-then-encrypt: formalizing the malleability of symmetric encryption
Proceedings of the 17th ACM conference on Computer and communications security
Review: Privacy versus scalability in radio frequency identification systems
Computer Communications
Resiliency aspects of security protocols
Proceedings of the 15th international conference on Security protocols
A tool-supported method for the design and implementation of secure distributed applications
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Efficient authentication for mobile and pervasive computing
ICICS'10 Proceedings of the 12th international conference on Information and communications security
DNCOCO'06 Proceedings of the 5th WSEAS international conference on Data networks, communications and computers
E-MACs: towards more secure and more efficient constructions of secure channels
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
ECGSC: elliptic curve based generalized signcryption
UIC'06 Proceedings of the Third international conference on Ubiquitous Intelligence and Computing
Verified Cryptographic Implementations for TLS
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Combining message encryption and authentication
Annales UMCS, Informatica - Cryptography and data protection
On tolerant cryptographic constructions
CT-RSA'05 Proceedings of the 2005 international conference on Topics in Cryptology
Security notions for disk encryption
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Browser model for security analysis of browser-based protocols
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Analysis of a database and index encryption scheme – problems and fixes
SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
Plaintext-Dependent decryption: a formal security treatment of SSH-CTR
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Cryptography in theory and practice: the case of encryption in IPsec
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
A provable-security treatment of the key-wrap problem
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Tag size does matter: attacks and proofs for the TLS record protocol
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Authenticated-Encryption with padding: a formal security treatment
Cryptography and Security
Confidentiality and integrity: a constructive perspective
TCC'12 Proceedings of the 9th international conference on Theory of Cryptography
Security of symmetric encryption in the presence of ciphertext fragmentation
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Authenticated encryption: how reordering can impact performance
ACNS'12 Proceedings of the 10th international conference on Applied Cryptography and Network Security
Am i in good company? a privacy-protecting protocol for cooperating ubiquitous computing devices
SP'12 Proceedings of the 20th international conference on Security Protocols
On the security of TLS renegotiation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
We study the question of how to generically compose symmetric encryption and authentication when building "secure channels" for the protection of communications over insecure networks. We show that any secure channels protocol designed to work with any combination of secure encryption (against chosen plaintext attacks) and secure MAC must use the encrypt-then-authenticate method. We demonstrate this by showing that the other common methods of composing encryption and authentication, including the authenticate-then-encrypt method used in SSL, are not generically secure. We show an example of an encryption function that provides (Shannon's) perfect secrecy but when combined with any MAC function under the authenticate-then-encrypt method yields a totally insecure protocol (for example, finding passwords or credit card numbers transmitted under the protection of such protocol becomes an easy task for an active attacker). The same applies to the encrypt-and-authenticate method used in SSH. On the positive side we show that the authenticate-then-encrypt method is secure if the encryption method in use is either CBC mode (with an underlying secure block cipher) or a stream cipher (that xor the data with a random or pseudorandom pad). Thus, while we show the generic security of SSL to be broken, the current practical implementations of the protocol that use the above modes of encryption are safe.