Filters








12,042 Hits in 5.5 sec

A Simulation-Based Treatment of Authenticated Message Exchange [chapter]

Klaas Ole Kürtz, Henning Schnoor, Thomas Wilke
2009 Lecture Notes in Computer Science  
In this paper, we give a simulation-based security definition for two-round authenticated message exchange and show that a concrete protocol, 2AMEX-1, satisfies our security property, that is, we provide  ...  an ideal functionality for tworound authenticated message exchange and show that 2AMEX-1 realizes it securely.  ...  In this paper, we deal with two-round authenticated message exchange protocols following the simulation-based approach.  ... 
doi:10.1007/978-3-642-10622-4_9 fatcat:v3i7u45dhffszoalkcb6k3zjgq

Universally Composable Notions of Key Exchange and Secure Channels [chapter]

Ran Canetti, Hugo Krawczyk
2002 Lecture Notes in Computer Science  
Furthermore, based on such composition theorems we reduce the analysis of a full-fledged multi-session keyexchange protocol to the (simpler) analysis of individual, stand-alone, key-exchange sessions.  ...  These tools allow us to bridge between seemingly limited indistinguishability-based definitions such as SK-security and more powerful, simulation-based definitions, such as UC security, where general composition  ...  Our treatment is based in a recently proposed such general framework [c01] .  ... 
doi:10.1007/3-540-46035-7_22 fatcat:5q3yq2isw5afzkoyr3pfdnmdny

Universally Composable Authentication and Key-Exchange with Global PKI [chapter]

Ran Canetti, Daniel Shahaf, Margarita Vald
2016 Lecture Notes in Computer Science  
We give a modular and universally composable analytical framework for PKI-based message authentication and key exchange protocols.  ...  Message authentication and key exchange are two of the most basic tasks of cryptography. Solutions based on public-key infrastructure (PKI) are prevalent.  ...  requirements of PKI-based authentication and key exchange.  ... 
doi:10.1007/978-3-662-49387-8_11 fatcat:hz6gsqgnmnb3blbxhzgnx64nzu

Formal Security Definition and Efficient Construction for Roaming with a Privacy-Preserving Extension

Duncan S. Wong, Guomin Yang, Xiaotie Deng
2007 Journal of universal computer science (Online)  
For building our protocols, we construct a one-pass counter based MT-authenticator and show its security under the assumption of a conventional MAC secure against chosen message attack.  ...  For building our protocols, we construct a one-pass counter based MTauthenticator and show its security under the assumption of a conventional MAC secure against chosen message attack.  ...  They also changed the definition of secure key exchange from the original simulation-based approach to an indistinguishability-based approach. In this paper, we call their model as the CK-model.  ... 
doi:10.3217/jucs-014-03-0441 dblp:journals/jucs/YangWD08 fatcat:77lxpwu7ffbhzjoxh4zjkgtqt4

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels [chapter]

Ran Canetti, Hugo Krawczyk
2001 Lecture Notes in Computer Science  
This proceedings version is a condensed high-level outline of the results in this work; for a complete self-contained treatment the reader is referred to [13] .  ...  We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits:  ...  Protocol smt represents a perfectly authenticated exchange of messages.  ... 
doi:10.1007/3-540-44987-6_28 fatcat:3dgqlk7rmzh6hgair42kimnwbm

A Unilateral-to-Mutual Authentication Compiler for Key Exchange (with Applications to Client Authentication in TLS 1.3)

Hugo Krawczyk
2016 Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16  
We study the question of how to build "compilers" that transform a unilaterally authenticated (UA) key-exchange protocol into a mutually-authenticated (MA) one.  ...  Our compiler is simple: To upgrade a unilateral protocol Π 1 into a mutually authenticated Π 2 , upon completion of Π 1 the client sends a single message comprised of: (i) the client's signature on a portion  ...  Let Π be a protocol resulting from the application of the SIGMAC compiler with encrypted CSM to a treplication-secure UA-secure protocol, and let Encrypt and Decrypt denote a stateful encryption scheme  ... 
doi:10.1145/2976749.2978325 dblp:conf/ccs/Krawczyk16 fatcat:ryymwghsunhx5hpru3cjw3qcza

Security Analysis of IKE's Signature-Based Key-Exchange Protocol [chapter]

Ran Canetti, Hugo Krawczyk
2002 Lecture Notes in Computer Science  
We present a security analysis of the Diffie-Hellman keyexchange protocol authenticated with digital signatures used by the Internet Key Exchange (IKE) standard.  ...  The analysis is based on an adaptation of the key-exchange model from [Canetti and Krawczyk, Eurocrypt'01] to the setting where peers identities are not necessarily known or disclosed from the start of  ...  A formal treatment of this anonymous uni-directional model of authentication is proposed in [22] .  ... 
doi:10.1007/3-540-45708-9_10 fatcat:qnjvr76jcvhndhaofclby2hbc4

Universally Composable Security Analysis of TLS [chapter]

Sebastian Gajek, Mark Manulis, Olivier Pereira, Ahmad-Reza Sadeghi, Jörg Schwenk
2008 Lecture Notes in Computer Science  
Simulating receipt of a response message by I. Upon A delivers the message (r R , P ) to I, S proceeds as follows:  ...  This analysis evaluates the composition of key exchange functionalities realized by the TLS handshake with the message transmission of the TLS record layer to emulate secure communication sessions and  ...  If the simulation does not abort then S prepares for the secure message exchange on behalf of I. 6 . Simulating Message Transmission.  ... 
doi:10.1007/978-3-540-88733-1_22 fatcat:zert7cxmaze2dfoc5xwtxljfru

Key Exchange with Anonymous Authentication Using DAA-SIGMA Protocol [chapter]

Jesse Walker, Jiangtao Li
2011 Lecture Notes in Computer Science  
We present a secure model for key exchange with anonymous authentication derived from the Canetti-Krawczyk key-exchange security model.  ...  Our key exchange protocol can be also extended to support group signature schemes instead of DAA.  ...  We give a rigorous treatment to anonymous authentication and introduce a new security model for key exchange with anonymous authentication.  ... 
doi:10.1007/978-3-642-25283-9_8 fatcat:git2vz37zvacxigqnlwqnvfxze

Deniable authentication and key exchange

Mario Di Raimondo, Rosario Gennaro, Hugo Krawczyk
2006 Proceedings of the 13th ACM conference on Computer and communications security - CCS '06  
We extend the definitional work of Dwork, Naor and Sahai from deniable authentication to deniable key-exchange protocols.  ...  SKEME is an encryption-based protocol for which we prove full deniability based on the plaintext awareness of the underlying encryption scheme.  ...  One missing link in these works is the formal treatment of deniability for key-exchange (KE) protocols.  ... 
doi:10.1145/1180405.1180454 dblp:conf/ccs/RaimondoGK06 fatcat:w2zdnvgubfcldoq7454sy4xygm

Key Distribution in Mobile Ad Hoc Networks Based on Message Relaying [chapter]

Johann van der Merwe, Dawoud Dawoud, Stephen McDonald
2007 Lecture Notes in Computer Science  
Keying material propagates along these virtual chains via a message relaying mechanism.  ...  We show through simulations that the scheme's communication and computational overhead has negligible impact on network performance.  ...  a signature-based message transmission (MT)-authenticator to each message sent.  ... 
doi:10.1007/978-3-540-73275-4_7 fatcat:xvuv3zrn35cxvkyna66nespcam

BAN-GZKP: Optimal Zero Knowledge Proof based Scheme for Wireless Body Area Networks [article]

Gewu Bu, Maria Potop-Butucaru
2018 arXiv   pre-print
of packets exchanged in the network, number of transmissions).  ...  To fix the security vulnerabilities of BANZKP, BAN-GZKP uses a novel random key allocation and a Hop-by-Hop authentication definition.  ...  is: A : (A, X, B) i , i ∈ 1, 5 (2) In BAN-GZKP, for the first time of the authentication, we need total five authentication phases (each authentication message exchange is seen as a authentication phase  ... 
arXiv:1802.07023v1 fatcat:r3mgzy6m7fcypbbenzqztgfo7e

BAN-GZKP: Optimal Zero Knowledge Proof based Scheme for Wireless Body Area Networks

Gewu Bu, Maria Potop-Butucaru
2018 Ad hoc networks  
of packets exchanged in the network, number of transmissions).  ...  To fix the security vulnerabilities of BANZKP, BAN-GZKP uses a novel random key allocation and a Hop-by-Hop authentication definition.  ...  is: A : (A, X, B) i , i ∈ 1, 5 (2) In BAN-GZKP, for the first time of the authentication, we need total five authentication phases (each authentication message exchange is seen as a authentication phase  ... 
doi:10.1016/j.adhoc.2018.04.006 fatcat:l6um4dzmfngbhe2xj6c5fggs3a

Provably Secure Single Sign-on Scheme in Distributed Systems and Networks

Jiangshan Yu, Guilin Wang, Yi Mu
2012 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications  
To overcome this drawback, we formalise the security model of single sign-on scheme with authenticated key exchange.  ...  However, most existing SSO schemes have not been formally proved to satisfy credential privacy and soundness of credential based authentication.  ...  The secure authenticated key exchange single sign-on (AKESSO) scheme requires secure credential based user authentication (SCU A), secure service provider authentication (SSP A), and secure session key  ... 
doi:10.1109/trustcom.2012.228 dblp:conf/trustcom/YuWM12 fatcat:jndwzhdmzvh65ioi2xmfdgebhm

Composability and On-Line Deniability of Authentication [chapter]

Yevgeniy Dodis, Jonathan Katz, Adam Smith, Shabsi Walfish
2009 Lecture Notes in Computer Science  
We show that a protocol achieves our definition of on-line deniability if and only if it realizes the message authentication functionality in the generalized universal composability framework; any protocol  ...  Protocols for deniable authentication achieve seemingly paradoxical guarantees: upon completion of the protocol the receiver is convinced that the sender authenticated the message, but neither party can  ...  Either one of P i or P j can then use k as a MAC key to authenticate messages to the other. This type of key exchange is abstracted as non-interactive authenticated key exchange.  ... 
doi:10.1007/978-3-642-00457-5_10 fatcat:inannspinre3rnkdohnk5wcm7a
« Previous Showing results 1 — 15 out of 12,042 results