Efficient and timely mutual authentication
ACM SIGOPS Operating Systems Review
ACM Transactions on Computer Systems (TOCS)
Optimal privacy and authentication on a portable communications system
ACM SIGOPS Operating Systems Review
Composition and integrity preservation of secure reactive systems
Proceedings of the 7th ACM conference on Computer and communications security
Strand spaces: proving security protocols correct
Journal of Computer Security
Authentication tests and the structure of bundles
Theoretical Computer Science
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Entity Authentication and Key Distribution
CRYPTO '93 Proceedings of the 13th Annual International Cryptology Conference on Advances in Cryptology
The Security of Cipher Block Chaining
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Universally Composable Notions of Key Exchange and Secure Channels
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
FME '02 Proceedings of the International Symposium of Formal Methods Europe on Formal Methods - Getting IT Right
Practice-Oriented Provable-Security
ISW '97 Proceedings of the First International Workshop on Information Security
A Hierarchy of Authentication Specifications
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Verifying authentication protocols with CSP
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Proving Properties of Security Protocols by Induction
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Protocol Independence through Disjoint Encryption
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
Security Protocol Design via Authentication Tests
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Universally Composable Security: A New Paradigm for Cryptographic Protocols
FOCS '01 Proceedings of the 42nd IEEE symposium on Foundations of Computer Science
SP '95 Proceedings of the 1995 IEEE Symposium on Security and Privacy
A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Skeletons, Homomorphisms, and Shapes: Characterizing Protocol Executions
Electronic Notes in Theoretical Computer Science (ENTCS)
Authentication tests and disjoint encryption: A design method for security protocols
Journal of Computer Security - Special issue on CSFW15
The Swiss-Knife RFID Distance Bounding Protocol
Information Security and Cryptology --- ICISC 2008
Bayesian Authentication: Quantifying Security of the Hancke-Kuhn Protocol
Electronic Notes in Theoretical Computer Science (ENTCS)
Hi-index | 0.00 |
Dolev and Yao initiated an approach to studying cryptographic protocols which abstracts from possible problems with the cryptography so as to focus on the structural aspects of the protocol. Recent work in this framework has developed easily applicable methods to determine many security properties of protocols. A separate line of work, initiated by Bellare and Rogaway, analyzes the way specific cryptographic primitives are used in protocols. It gives asymptotic bounds on the risk of failures of secrecy or authentication. In this paper we show how the Dolev-Yao model may be used for protocol analysis, while a further analysis gives a quantitative bound on the extent to which real cryptographic primitives may diverge from the idealized model. We illustrate this method where the cryptographic primitives are based on Carter-Wegman universal classes of hash functions. This choice allows us to give specific quantitative bounds rather than simply asymptotic bounds.