User-Mediated Authentication Protocols and Unforgeability in Key Collision

Hale, Britta

doi:10.1007/978-3-030-01446-9_22

User-Mediated Authentication Protocols and Unforgeability in Key Collision

Britta Hale¹⁶

Conference paper
First Online: 07 October 2018

739 Accesses
1 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11192))

Abstract

This research provides a computational analysis of the ISO 9798-6 standard’s Mechanism 7a authentication protocol. In contrast to typical authentication protocols, ISO 9798-6 mechanism 7a requires user interaction and aims to authenticate data possession instead of identities. Consequently, we introduce a 3-party possession user mediated authentication (3-PUMA) model. Furthermore, we demonstrate the necessary security guarantees of the MAC primitive – which include non-standard assumptions – and introduce existential unforgeability under key collision attacks (EUF-KCA). The resulting analysis demonstrates a notable lack in the standard’s requirements and has implications for other PUMA protocols.

This research was partially supported by and performed at SINTEF Digital, Trondheim, Norway.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

Anderson, R., Needham, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_19
Chapter Google Scholar
Andreeva, E., Bogdanov, A., Mennink, B.: Towards understanding the known-key security of block ciphers. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 348–366. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_18
Chapter Google Scholar
Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 129–148. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28641-4_8
Chapter Google Scholar
Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: 27th ACM STOC, pp. 57–66. ACM Press, May/June 1995
Google Scholar
Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)
Article MathSciNet Google Scholar
Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_14
Chapter Google Scholar
Hale, B., Boyd, C.: Computationally analyzing the ISO 9798–2.4 authentication protocol. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 236–255. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14054-4_14
Chapter Google Scholar
ISO: Information technology - Security techniques - Entity Authentication - Part 6: Mechanisms using manual data transfer. ISO ISO/IEC 9798–6:2010, International Organization for Standardization, Geneva, Switzerland (2010)
Google Scholar
ISO: Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher. ISO ISO/IEC 9797–1:2011, International Organization for Standardization, Geneva, Switzerland (2011)
Google Scholar
ISO: Information technology - Security techniques - Message Authentication Codes (MACs) - Part 2: Mechanisms using a dedicated hash-function. ISO ISO/IEC 9797–2:2011, International Organization for Standardization, Geneva, Switzerland (2011)
Google Scholar
Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_19
Chapter Google Scholar
Nguyen, T., Leneutre, J.: Formal analysis of secure device pairing protocols. In: 2014 IEEE 13th International Symposium on Network Computing and Applications, pp. 291–295 (2014)
Google Scholar
Rosa, T.: Key-collisions in (EC) DSA: attacking non-repudiation. Cryptology ePrint Archive, Report 2002/129 (2002). http://eprint.iacr.org/2002/129
Ziauddin, S., Martin, B.: Formal Analysis of ISO/IEC 9798–2 Authentication Standard Using AVISPA, July 2013
Google Scholar

Download references

Author information

Authors and Affiliations

Naval Postgraduate School (NPS), Monterey, CA, USA
Britta Hale

Authors

Britta Hale
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Britta Hale .

Editor information

Editors and Affiliations

University of Wollongong, Wollongong, NSW, Australia
Joonsang Baek
University of Wollongong, Wollongong, NSW, Australia
Willy Susilo
University of Wollongong, Wollongong, NSW, Australia
Jongkil Kim

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Hale, B. (2018). User-Mediated Authentication Protocols and Unforgeability in Key Collision. In: Baek, J., Susilo, W., Kim, J. (eds) Provable Security. ProvSec 2018. Lecture Notes in Computer Science(), vol 11192. Springer, Cham. https://doi.org/10.1007/978-3-030-01446-9_22

Download citation

DOI: https://doi.org/10.1007/978-3-030-01446-9_22
Published: 07 October 2018
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01445-2
Online ISBN: 978-3-030-01446-9
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics