Abstract
Provable security [4] is a study of confidentiality within a complexity-theoretic framework. We argue that its findings are highly abstract. Our argument is supported by the mechanised inductive analysis of a protocol based on smart cards that was shown to enjoy provable security and then implemented. It appears that the protocol grants no reasonable guarantees of session key confidentiality to its peers in the realistic setting where an intruder can exploit other agents’ cards. Indeed, the formal argument on confidentiality requires assumptions that no peer can verify in practice. We discover and prove that the lack of explicitness of two protocol messages is the sole cause of the protocol weaknesses. Our argument requires significant extensions to the Inductive Approach [9] in order to allow for smart cards.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
M. Abadi and R. M. Needham. Prudent engineering practice for cryptographic protocols. Research Report 67, Digital-Systems Research Center, 1990.
G. Bella. Modelling agents’ knowledge inductively. In International Workshop on Security Protocols, volume 1796 of Lecture Notes in Computer Science. Springer-Verlag, 1999. In press.
G. Bella. Inductive verification of smart card protocols. Submitted to Journal of Computer Security, 2000.
M. Bellare and P. Rogaway. Provably secure session key distribution — the three party case. In Proceedings of the 27th ACM SIGACT Symposium on Theory of Computing (STOC’95), pages 57–66. ACM Press, 1995.
R. Jerdonek, P. Honeyman, K. Coffman, J. Rees, and K. Wheeler. Implementation of a provably secure, smartcard-based key distribution protocol. In J.-J. Quisquater and B. Schneier, editors, Smart Card Research and Advanced Application Conference (CARDIS’98), 1998.
O. Kömmerling and M. G. Kuhn. Design principles for tamper-resistant smartcard processors. In Proceedings of USENIX Workshop on Smartcard Technology, 1999.
T. Leighton and S. Micali. Secret-key agreement without public-key cryptogrphy. In D. R. Stinson, editor, Proceedings of Advances in Cryptography — CRYPTO’93, volume 773 of Lecture Notes in Computer Science, pages 456–479. Springer-Verlag, 1993.
G. Lowe. An attack on the Needham-Schroeder public-key authentication protocol. Information Processing Letters, 56(3):131–133, 1995.
L. C. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Computer Security, 6:85–128, 1998.
V. Shoup and A. Rubin. Session key distribution using smart cards. In U. Maurer, editor, Advances in Cryptology — Eurocrypt’96, volume 1070 of Lecture Notes in Computer Science, pages 321–331. Springer-Verlag, 1996.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bella, G. (2001). Lack of Explicitness Strikes Back. In: Christianson, B., Malcolm, J.A., Crispo, B., Roe, M. (eds) Security Protocols. Security Protocols 2000. Lecture Notes in Computer Science, vol 2133. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44810-1_13
Download citation
DOI: https://doi.org/10.1007/3-540-44810-1_13
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42566-3
Online ISBN: 978-3-540-44810-5
eBook Packages: Springer Book Archive