Skip to main content
Log in

Authentication and authenticated key exchanges

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

We discuss two-party mutual authentication protocols providing authenticated key exchange, focusing on those using asymmetric techniques. A simple, efficient protocol referred to as the station-to-station (STS) protocol is introduced, examined in detail, and considered in relation to existing protocols. The definition of a secure protocol is considered, and desirable characteristics of secure protocols are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Information Technology—Security Techniques. Entity Authentication Mechanisms — Part 3: Entity Authentication Using a Public-Key Algorithm (CD 9798-3), Nov. 199 (ISO/IEC JTCI/SC27 Committee Draft #4).

  2. Bauspiess, F. and Knobloch, H.-J. 1990. How to keep authenticity alive in a computer network. Advances in Cryptology — Eurocrypt 89, (J.J. Quisquater and J. Vandewalle, eds.) Lecture Notes in Computer Science 434: 38–46, Berlin/New York: Springer-Verlag.

    Google Scholar 

  3. Bellovin, S.M. and Merritt, M. 1990. Limitations of the Kerberos authentication system. ACM Computer Communication Review 20 (5):119–132.

    Google Scholar 

  4. Bengio, S., Brassard, G., Desmedt, Y.G., Coutier, C., Quisquater, J.-J. 1991. Secure implementation of identification system. J. Cryptology 4 (3):175–183.

    Google Scholar 

  5. Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., and Yung, M. Forthcoming. Systematic design of two-party authentication protocols. Advances in Cryptology—Crypto '91, Berlin/New York: Springer-Verlag.

  6. Brassard, G. 1988. Modern Cryptology, Lecture Notes in Computer Science 325. Berlin/New York: Springer-Verlag.

    Google Scholar 

  7. Burrows, M., Abadi, M., and Needham, R. 1990. A logic of authentication. ACM Transactions on Computer Systems 8 (1):18–36.

    Google Scholar 

  8. Denning, D.E. and Sacco, G.M. 1981. Timestamps in key distribution protocols. Comm. ACM 24 (8):533–536.

    Google Scholar 

  9. Diffie, W. and Hellman, M.E. 1976. New directions in cryptography. IEEE Trans. Info. Theory IT-22 (6):644–654.

    Google Scholar 

  10. (proposed U.S. FIPS) Digital Signature Standard (DSS), announced in Federal Register, vol. 56, no. 169 (Aug. 30, 1991), 42980–42982.

  11. ElGamal, T. 1988. A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory IT-31 (4):469–472.

    Google Scholar 

  12. Fiat, A. and Shamir, A. 1987. How to prove yourself: practical solutions to identification and signature problems. Advances in Cryptology—Crypto 86. (A. Odlyzko, ec.), Lecture Notes in Computer Science 263:196–194, Berlin/New York: Springer-Verlag.

    Google Scholar 

  13. Gaarder, K. and Snekkenes, E. 1991. Applying a formal analysis technique to CCITT X.509 strong two-way authentication protocol. J. Cryptology 3 (2):81–98.

    Google Scholar 

  14. Guillou, L.C. and Quisquater, J.-J. 1988. A practical zero-knowledge protocol fitted to security microprocessing minimizing both transmission and memory. Advances in Cryptology—Eurocrypt '88, C.G. Günther, (ed.), Lecture Notes in Computer Science 330:123–128, Berlin/New York: Springer-Verlag.

    Google Scholar 

  15. Günther, C.G. 1990. An identity-based key-exchange protocol. Advances in Cryptology—Eurocrypt 89, (J.-J. Quisquater and J. Vandewalle, eds.), Lecture Notes in Computer Science 434:29–37, Berlin/New York: Springer-Verlag.

    Google Scholar 

  16. Haber, S. and Stornetta, W.S. 1991. How to time-stamp a digital document. J. Cryptology 3 (2):99–111.

    Google Scholar 

  17. I'Anson, C. and Michell, C. 1990. Security defects in CCITT Recommendation X.509—The Directory Authentication Framework. Computer Communication Review 20 (2):30–34.

    Google Scholar 

  18. Kohl, J. and Neuman, B.C. 1991. The Kerberos network authentication service. MIT Project Athena Version 5.

  19. Mitchell, C. 1989. Limitations of challenge-response entity authentication. Electronic Letters 25 (17):195–196.

    Google Scholar 

  20. Moore, J.H. 1988. Protocol failures in cryptosystems. Proc. of the IEEE 76 (5):594–602.

    Google Scholar 

  21. O'Higgins, B., Diffie, W., Strawczynski, L. and de Hoog, R. 1987. Encryption and ISDN—A Natural fit. In Proc. 1987 International Switching Symposium, Pheonix Arizona, pp. A1141-7.

  22. Okamoto, E. and Tanaka, K. 1989. Key distribution system based on identification information. IEEE J. Selected Areas in Comm. 7 (4):481–485.

    Google Scholar 

  23. Odlyzko, A.M. 1985. Discrete logarithms in finite fields and their cryptographic significance. Advances in Cryptology—Eurocrypt 84, (T. Beth, N. Cot and I. Ingemarsson, eds.), Lecture Notes in Computer Science 209:224–314, Berlin,/New York: Springer-Verlag.

    Google Scholar 

  24. LaMacchia, B.A. and Odlyzko, A.M. 1991. Computation of discrete logarithms in prime fields. Designs, Codes and Cryptography I (1):47–62.

    Google Scholar 

  25. Pohlig, S.C. and Hellman, M. 1978. An improved algorithm for computing logarithms over GF(p) and its cryptographic significance. IEEE Transactions on Information Theory IT-24:106–110.

    Google Scholar 

  26. Rivest, R.L. Shamir, A. and Adleman, L. 1978. A method for obtaining digital signatures and public-key cryptosystems. Comm. ACM 21:120–126.

    Google Scholar 

  27. Rivest, R.L. and Shamir, A. 1984. How to expose an eavesdropper. Comm. ACM 27 (4):393–395.

    Google Scholar 

  28. Schnorr, C.P. 1990, 1991. Efficient signature generation by smart cards. J. Cryptology 4 (3):161–174; see also: Efficient identification and signatures for smart cards. Advances in Cryptology—Crypto 89, (G. Brassard, ed.), Lecture Notes in Computer Science 435:239–251, Berlin/New York: Springer-Verlag.

    Google Scholar 

  29. Shamir, A. 1985. Identity-based cryptosystems and signature schemes. Advances in Cryptology—Crypto 84, (G.R. Blakley and D. Chaum, ed.), Lecture Notes in Computer Science 196:47–53, Berlin/New York: Springer-Verlag.

    Google Scholar 

  30. CCITT Blue Book Recommendation X.509, The Directory-Authentication Framework. 1988. Geneva, March 1988; amended by resolution of Defect 9594/016 (1Q 1991). Also ISO 9594-8.

Download references

Author information

Authors and Affiliations

Authors

Additional information

Communicated by S.A. Vanstone

This work was done while Whitfield Diffie was with Northern Telecom, Mountain View, California.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Diffie, W., Van Oorschot, P.C. & Wiener, M.J. Authentication and authenticated key exchanges. Des Codes Crypt 2, 107–125 (1992). https://doi.org/10.1007/BF00124891

Download citation

  • Received:

  • Revised:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF00124891

Keywords

Navigation