Skip to main content
SpringerLink
Log in

Symmetric authentication in a simulatable Dolev–Yao-style cryptographic library

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Tool-supported proofs of security protocols typically rely on abstractions from real cryptography by term algebras, so-called Dolev–Yao models. However, until recently it was not known whether a Dolev–Yao model could be implemented with real cryptography in a provably secure way under active attacks. For public-key encryption and signatures, this was recently shown, if one accepts a few additions to a typical Dolev–Yao model such as an operation that returns the length of a term.

Here we extend this Dolev–Yao-style model, its realization, and the security proof to include a first symmetric primitive message authentication. This adds a major complication: we must deal with the exchange of secret keys. For symmetric authentication, we can allow this at any time, before or after the keys are first used for authentication, while working only with standard cryptographic assumptions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi M, Gordon AD (1997) A calculus for cryptographic protocols: the spi calculus. In: Proc. 4th ACM conference on computer and communications security, pp 36–47

  2. Abadi M, Jürjens J (2001) Formal eavesdropping and its computational interpretation. In: Proc. 4th international symposium on theoretical aspects of computer software (TACS), pp 82–94

  3. Abadi M, Rogaway P (2000) Reconciling two views of cryptography: the computational soundness of formal encryption. In: Proc. 1st IFIP international conference on theoretical computer science. Lecture notes in computer science, vol 1872. Springer, Berlin Heidelberg New York, pp 3–22

  4. Backes M, Pfitzmann B (2003) A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. In: Proc. 23rd conference on foundations of software technology and theoretical computer science (FSTTCS), pp 1–12 Full version in IACR Cryptology ePrint Archive 2003/121, June. http://eprint.iacr.org/

  5. Backes M, Pfitzmann B (2004) Symmetric encryption in a simulatable Dolev-Yao style cryptographic library. In: Proc. 17th IEEE computer security foundations workshop (CSFW). Full version in IACR Cryptology ePrint Archive 2004/059, February. http://eprint.iacr.org/

  6. Backes M, Pfitzmann B, Waidner M (2003) A composable cryptographic library with nested operations (extended abstract). In: Proc. 10th ACM conference on computer and communications security, pp 220–230. Full version in IACR Cryptology ePrint Archive 2003/015, January. http://eprint.iacr.org/

  7. Beaver D (1991) Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority. J Cryptol 4(2):75–122

    Article  Google Scholar 

  8. Bellare M, Canetti R, Krawczyk H (1996) Keying hash functions for message authentication. In: Advances in Cryptology: CRYPTO ’96. Lecture notes in computer science, vol 1109. Springer, Berlin Heidelberg New York, pp 1–15

  9. Canetti R (2000) Security and composition of multiparty cryptographic protocols. J Cryptol 3(1):143–202

    Article  MathSciNet  Google Scholar 

  10. Canetti R (2001) Universally composable security: a new paradigm for cryptographic protocols. In: Proc. 42nd IEEE symposium on foundations of computer science (FOCS), pp 136–145. Extended version in Cryptology ePrint Archive, Report 2000/67. http://eprint.iacr.org/

  11. Dolev D, Yao AC (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  Google Scholar 

  12. Even S, Goldreich O (1983) On the security of multi-party ping-pong protocols. In: Proc. 24th IEEE symposium on foundations of computer science (FOCS), pp 34–39

  13. Even S, Goldreich O, Shamir A (1986) On the security of ping-pong protocols when implemented using the RSA (extended abstract). In: Advances in Cryptology: CRYPTO ’85. Lecture notes in computer science, vol 218. Springer, Berlin Heidelberg New York, pp 58–72

  14. Goldreich O (2001) Foundations of cryptography: basic tools. Cambridge University Press, Cambridge, UK

    Google Scholar 

  15. Goldreich O, Micali S, Wigderson A (1987) How to play any mental game–or–a completeness theorem for protocols with honest majority. In: Proc. 19th annual ACM symposium on theory of computing (STOC), pp 218–229

  16. Goldwasser S, Levin L (1990) Fair computation of general functions in presence of immoral majority. In: Advances in Cryptology: CRYPTO ’90. Lecture notes in computer science, vol 537. Springer, Berlin Heidelberg New York, pp 77–93

  17. Goldwasser S, Micali S, Rivest RL (1988) A digital signature scheme secure against adaptive chosen-message attacks. SIAM J Comput 17(2):281–308

    Article  MathSciNet  Google Scholar 

  18. Herzog J, Liskov M, Micali S (2003) Plaintext awareness via key registration. In: Advances in Cryptology: CRYPTO 2003. Lecture notes in computer science, vol 2729. Springer, Berlin Heidelberg New York, pp 548–564

  19. Kemmerer R, Meadows C, Millen J (1994) Three systems for cryptographic protocol analysis. J Cryptol 7(2):79–130

    Article  Google Scholar 

  20. Krawczyk H (1994) LFSR-based hashing and authentication. In: Advances in Crptology: CRYPTO ’94. Lecture notes in computer science, vol 839. Springer, Berlin Heidelberg New York, pp 129–139

  21. Laud P (2001) Semantics and program analysis of computationally secure information flow. In: Proc. 10th European symposium on programming (ESOP), pp 77–91

  22. Laud P (2004) Symmetric encryption in automatic analyses for confidentiality against active adversaries. In: Proc. 25th IEEE symposium on security and privacy, pp 71–85

  23. Lowe G (1996) Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Proc. 2nd international conference on tools and algorithms for the construction and analysis of systems (TACAS). Lecture notes in computer science, vol 1055. Springer, Berlin Heidelberg New York, pp 147–166

  24. Lowe G (1997) Casper: a compiler for the analysis of security protocols. In: Proc. 10th IEEE computer security foundations workshop (CSFW), pp 18–30

  25. Meadows C (1989) Using narrowing in the analysis of key management protocols. In: Proc. 10th IEEE symposium on security and privacy, pp 138–147

  26. Merritt M (1983) Cryptographic Protocols. PhD thesis, Georgia Institute of Technology, Atlanta, GA

  27. Micali S, Rogaway P (1991) Secure computation. In: Advances in Cryptology: CRYPTO ’91. Lecture notes in computer science, vol 576. Springer, Berlin Heidelberg New York, pp 392–404

  28. Micciancio D, Warinschi B (2004) Soundness of formal encryption in the presence of active adversaries. In: Proc. 1st conference on the theory of cryptography (TCC). Lecture notes in computer science, vol 2951. Springer, Berlin Heidelberg New York, pp 133–151

  29. Millen, JK (1984) The interrogator: a tool for cryptographic protocol security. In: Proc. 5th IEEE symposium on security and privacy, pp 134–141

  30. Paulson L (1998) The inductive approach to verifying cryptographic protocols. J Cryptol 6(1):85–128

    Google Scholar 

  31. Pfitzmann B, Schunter M, Waidner M (2000) Cryptographic security of reactive systems. Presented at the DERA/RHUL workshop on secure architectures and information flow. Electronic notes in theoretical computer science (ENTCS). http://www.elsevier.nl/cas/tree/store/tcs/free/noncas/pc/menu.htm

  32. Pfitzmann B, Waidner M (2000) Composition and integrity preservation of secure reactive systems. In: Proc. 7th ACM conference on computer and communications security, pp 245–254. Extended version (with Matthias Schunter) IBM Research Report RZ 3206, May. http://www.semper.org/sirene/publ/PfSW1-00ReactSimulIBM.ps.gz

  33. Pfitzmann B, Waidner M (2001) A model for asynchronous reactive systems and its application to secure message transmission. In: Proc. 22nd IEEE symposium on security and privacy, pp 184–200. Extended version of the model (with Michael Backes) IACR Cryptology ePrint Archive 2004/082. http://eprint.iacr.org/

  34. Rogaway P (1995) Bucket hashing and its application to fast message authentication. In: Advances in Crptology: CRYPTO ’95. Lecture notes in computer science, vol 963. Springer, Berlin Heidelberg New York, pp 29–42

  35. Roscoe WA (1995) Modelling and verifying key-exchange protocols using CSP and FDR. In: Proc. 8th IEEE computer security foundations workshop (CSFW), pp 98–107

  36. Schneider S (1996) Security properties and CSP. In: Proc. 17th IEEE symposium on security and privacy, pp 174–187

  37. Yao CA (1982) Theory and applications of trapdoor functions. In: Proc. 23rd IEEE symposium on foundations of computer science (FOCS), pp 80–91

Download references

Author information

Authors and Affiliations

  1. IBM Zurich Research Lab, Switzerland

    Michael Backes, Birgit Pfitzmann & Michael Waidner

Authors
  1. Michael Backes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Birgit Pfitzmann
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Waidner
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Backes.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Backes, M., Pfitzmann, B. & Waidner, M. Symmetric authentication in a simulatable Dolev–Yao-style cryptographic library. Int J Inf Secur 4, 135–154 (2005). https://doi.org/10.1007/s10207-004-0056-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-004-0056-6

Keywords

Search

Navigation