Abstract
This research provides a computational analysis of the ISO 9798-6 standard’s Mechanism 7a authentication protocol. In contrast to typical authentication protocols, ISO 9798-6 mechanism 7a requires user interaction and aims to authenticate data possession instead of identities. Consequently, we introduce a 3-party possession user mediated authentication (3-PUMA) model. Furthermore, we demonstrate the necessary security guarantees of the MAC primitive – which include non-standard assumptions – and introduce existential unforgeability under key collision attacks (EUF-KCA). The resulting analysis demonstrates a notable lack in the standard’s requirements and has implications for other PUMA protocols.
This research was partially supported by and performed at SINTEF Digital, Trondheim, Norway.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Anderson, R., Needham, R.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO 1995. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-44750-4_19
Andreeva, E., Bogdanov, A., Mennink, B.: Towards understanding the known-key security of block ciphers. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 348–366. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43933-3_18
Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 129–148. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28641-4_8
Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: 27th ACM STOC, pp. 57–66. ACM Press, May/June 1995
Biham, E.: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)
Biryukov, A., Khovratovich, D., Nikolić, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_14
Hale, B., Boyd, C.: Computationally analyzing the ISO 9798–2.4 authentication protocol. In: Chen, L., Mitchell, C. (eds.) SSR 2014. LNCS, vol. 8893, pp. 236–255. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-14054-4_14
ISO: Information technology - Security techniques - Entity Authentication - Part 6: Mechanisms using manual data transfer. ISO ISO/IEC 9798–6:2010, International Organization for Standardization, Geneva, Switzerland (2010)
ISO: Information technology - Security techniques - Message Authentication Codes (MACs) - Part 1: Mechanisms using a block cipher. ISO ISO/IEC 9797–1:2011, International Organization for Standardization, Geneva, Switzerland (2011)
ISO: Information technology - Security techniques - Message Authentication Codes (MACs) - Part 2: Mechanisms using a dedicated hash-function. ISO ISO/IEC 9797–2:2011, International Organization for Standardization, Geneva, Switzerland (2011)
Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76900-2_19
Nguyen, T., Leneutre, J.: Formal analysis of secure device pairing protocols. In: 2014 IEEE 13th International Symposium on Network Computing and Applications, pp. 291–295 (2014)
Rosa, T.: Key-collisions in (EC) DSA: attacking non-repudiation. Cryptology ePrint Archive, Report 2002/129 (2002). http://eprint.iacr.org/2002/129
Ziauddin, S., Martin, B.: Formal Analysis of ISO/IEC 9798–2 Authentication Standard Using AVISPA, July 2013
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Hale, B. (2018). User-Mediated Authentication Protocols and Unforgeability in Key Collision. In: Baek, J., Susilo, W., Kim, J. (eds) Provable Security. ProvSec 2018. Lecture Notes in Computer Science(), vol 11192. Springer, Cham. https://doi.org/10.1007/978-3-030-01446-9_22
Download citation
DOI: https://doi.org/10.1007/978-3-030-01446-9_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01445-2
Online ISBN: 978-3-030-01446-9
eBook Packages: Computer ScienceComputer Science (R0)