A Simulation-Based Treatment of Authenticated Message Exchange.

In this paper, we give a simulation-based security definition for two-round authenticated message exchange and show that a concrete protocol, 2AMEX-1, satisfies our security property, that is, we provide ... an ideal functionality for tworound authenticated message exchange and show that 2AMEX-1 realizes it securely. ... In this paper, we deal with two-round authenticated message exchange protocols following the simulation-based approach. ...

doi:10.1007/978-3-642-10622-4_9 fatcat:v3i7u45dhffszoalkcb6k3zjgq

Furthermore, based on such composition theorems we reduce the analysis of a full-fledged multi-session keyexchange protocol to the (simpler) analysis of individual, stand-alone, key-exchange sessions. ... These tools allow us to bridge between seemingly limited indistinguishability-based definitions such as SK-security and more powerful, simulation-based definitions, such as UC security, where general composition ... Our treatment is based in a recently proposed such general framework [c01] . ...

doi:10.1007/3-540-46035-7_22 fatcat:5q3yq2isw5afzkoyr3pfdnmdny

We give a modular and universally composable analytical framework for PKI-based message authentication and key exchange protocols. ... Message authentication and key exchange are two of the most basic tasks of cryptography. Solutions based on public-key infrastructure (PKI) are prevalent. ... requirements of PKI-based authentication and key exchange. ...

doi:10.1007/978-3-662-49387-8_11 fatcat:hz6gsqgnmnb3blbxhzgnx64nzu

For building our protocols, we construct a one-pass counter based MT-authenticator and show its security under the assumption of a conventional MAC secure against chosen message attack. ... For building our protocols, we construct a one-pass counter based MTauthenticator and show its security under the assumption of a conventional MAC secure against chosen message attack. ... They also changed the definition of secure key exchange from the original simulation-based approach to an indistinguishability-based approach. In this paper, we call their model as the CK-model. ...

doi:10.3217/jucs-014-03-0441 dblp:journals/jucs/YangWD08 fatcat:77lxpwu7ffbhzjoxh4zjkgtqt4

DOAJ

This proceedings version is a condensed high-level outline of the results in this work; for a complete self-contained treatment the reader is referred to [13] . ... We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: ... Protocol smt represents a perfectly authenticated exchange of messages. ...

doi:10.1007/3-540-44987-6_28 fatcat:3dgqlk7rmzh6hgair42kimnwbm

We study the question of how to build "compilers" that transform a unilaterally authenticated (UA) key-exchange protocol into a mutually-authenticated (MA) one. ... Our compiler is simple: To upgrade a unilateral protocol Π 1 into a mutually authenticated Π 2 , upon completion of Π 1 the client sends a single message comprised of: (i) the client's signature on a portion ... Let Π be a protocol resulting from the application of the SIGMAC compiler with encrypted CSM to a treplication-secure UA-secure protocol, and let Encrypt and Decrypt denote a stateful encryption scheme ...

doi:10.1145/2976749.2978325 dblp:conf/ccs/Krawczyk16 fatcat:ryymwghsunhx5hpru3cjw3qcza

We present a security analysis of the Diffie-Hellman keyexchange protocol authenticated with digital signatures used by the Internet Key Exchange (IKE) standard. ... The analysis is based on an adaptation of the key-exchange model from [Canetti and Krawczyk, Eurocrypt'01] to the setting where peers identities are not necessarily known or disclosed from the start of ... A formal treatment of this anonymous uni-directional model of authentication is proposed in [22] . ...

doi:10.1007/3-540-45708-9_10 fatcat:qnjvr76jcvhndhaofclby2hbc4

Simulating receipt of a response message by I. Upon A delivers the message (r R , P ) to I, S proceeds as follows: ... This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and ... If the simulation does not abort then S prepares for the secure message exchange on behalf of I. 6 . Simulating Message Transmission. ...

doi:10.1007/978-3-540-88733-1_22 fatcat:zert7cxmaze2dfoc5xwtxljfru

We present a secure model for key exchange with anonymous authentication derived from the Canetti-Krawczyk key-exchange security model. ... Our key exchange protocol can be also extended to support group signature schemes instead of DAA. ... We give a rigorous treatment to anonymous authentication and introduce a new security model for key exchange with anonymous authentication. ...

doi:10.1007/978-3-642-25283-9_8 fatcat:git2vz37zvacxigqnlwqnvfxze

We extend the definitional work of Dwork, Naor and Sahai from deniable authentication to deniable key-exchange protocols. ... SKEME is an encryption-based protocol for which we prove full deniability based on the plaintext awareness of the underlying encryption scheme. ... One missing link in these works is the formal treatment of deniability for key-exchange (KE) protocols. ...

doi:10.1145/1180405.1180454 dblp:conf/ccs/RaimondoGK06 fatcat:w2zdnvgubfcldoq7454sy4xygm

Keying material propagates along these virtual chains via a message relaying mechanism. ... We show through simulations that the scheme's communication and computational overhead has negligible impact on network performance. ... a signature-based message transmission (MT)-authenticator to each message sent. ...

doi:10.1007/978-3-540-73275-4_7 fatcat:xvuv3zrn35cxvkyna66nespcam

of packets exchanged in the network, number of transmissions). ... To fix the security vulnerabilities of BANZKP, BAN-GZKP uses a novel random key allocation and a Hop-by-Hop authentication definition. ... is: A : (A, X, B) i , i ∈ 1, 5 (2) In BAN-GZKP, for the first time of the authentication, we need total five authentication phases (each authentication message exchange is seen as a authentication phase ...

arXiv:1802.07023v1 fatcat:r3mgzy6m7fcypbbenzqztgfo7e

of packets exchanged in the network, number of transmissions). ... To fix the security vulnerabilities of BANZKP, BAN-GZKP uses a novel random key allocation and a Hop-by-Hop authentication definition. ... is: A : (A, X, B) i , i ∈ 1, 5 (2) In BAN-GZKP, for the first time of the authentication, we need total five authentication phases (each authentication message exchange is seen as a authentication phase ...

doi:10.1016/j.adhoc.2018.04.006 fatcat:l6um4dzmfngbhe2xj6c5fggs3a

To overcome this drawback, we formalise the security model of single sign-on scheme with authenticated key exchange. ... However, most existing SSO schemes have not been formally proved to satisfy credential privacy and soundness of credential based authentication. ... The secure authenticated key exchange single sign-on (AKESSO) scheme requires secure credential based user authentication (SCU A), secure service provider authentication (SSP A), and secure session key ...

doi:10.1109/trustcom.2012.228 dblp:conf/trustcom/YuWM12 fatcat:jndwzhdmzvh65ioi2xmfdgebhm

We show that a protocol achieves our definition of on-line deniability if and only if it realizes the message authentication functionality in the generalized universal composability framework; any protocol ... Protocols for deniable authentication achieve seemingly paradoxical guarantees: upon completion of the protocol the receiver is convinced that the sender authenticated the message, but neither party can ... Either one of P i or P j can then use k as a MAC key to authenticate messages to the other. This type of key exchange is abstracted as non-interactive authenticated key exchange. ...

doi:10.1007/978-3-642-00457-5_10 fatcat:inannspinre3rnkdohnk5wcm7a

A Simulation-Based Treatment of Authenticated Message Exchange [chapter]

Preserved Fulltext

Universally Composable Notions of Key Exchange and Secure Channels [chapter]

Preserved Fulltext

Universally Composable Authentication and Key-Exchange with Global PKI [chapter]

Preserved Fulltext

Formal Security Definition and Efficient Construction for Roaming with a Privacy-Preserving Extension

Preserved Fulltext

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels [chapter]

Preserved Fulltext

A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)

Preserved Fulltext

Security Analysis of IKE's Signature-Based Key-Exchange Protocol [chapter]

Preserved Fulltext

Universally Composable Security Analysis of TLS [chapter]

Preserved Fulltext

Key Exchange with Anonymous Authentication Using DAA-SIGMA Protocol [chapter]

Preserved Fulltext

Deniable authentication and key exchange

Preserved Fulltext

Key Distribution in Mobile Ad Hoc Networks Based on Message Relaying [chapter]

Preserved Fulltext

BAN-GZKP: Optimal Zero Knowledge Proof based Scheme for Wireless Body Area Networks [article]

Preserved Fulltext

BAN-GZKP: Optimal Zero Knowledge Proof based Scheme for Wireless Body Area Networks

Preserved Fulltext

Provably Secure Single Sign-on Scheme in Distributed Systems and Networks

Preserved Fulltext

Composability and On-Line Deniability of Authentication [chapter]

Preserved Fulltext