Abstract
We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key-exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and prove security of key-exchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversary-controlled links.
We exemplify the usability of our results by applying them to obtain the proof of two classes of key-exchange protocols, Diffie-Hellman and key-transport, authenticated via symmetric or asymmetric techniques.
This proceedings version is a condensed high-level outline of the results in this work; for a complete self-contained treatment the reader is referred to [13].
Supported by Irwin and Bethea Green & Detroit Chapter Career Development Chair.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
D. Beaver, “Secure Multi-party Protocols and Zero-Knowledge Proof Systems Tolerating a Faulty Minority”, J. Cryptology (1991) 4: 75–122.
M. Bellare, R. Canetti and H. Krawczyk, “A modular approach to the design and analysis of authentication and key-exchange protocols”, 30th STOC, 1998.
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations Among Notions of Security for Public-Key Encryption Schemes”, Advances in Cryptology-CRYPTO'98 Proceedings, Lecture Notes in Computer Science Vol. 1462, H. Krawczyk, ed., Springer-Verlag, 1998, pp. 26–45.
M. Bellare, E. Petrank, C. Rackoff and P. Rogaway, “Authenticated key exchange in the public key model,” manuscript 1995-96.
M. Bellare and P. Rogaway, “Entity authentication and key distribution”, Advances in Cryptology,-CRYPTO'93, Lecture Notes in Computer Science Vol. 773, D. Stinson ed, Springer-Verlag, 1994, pp. 232–249.
M. Bellare and P. Rogaway, “Provably secure session key distribution-the three party case,” Annual Symposium on the Theory of Computing (STOC), 1995.
R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva and M. Yung, “Systematic design of two-party authentication protocols,” IEEE Journal on Selected Areas in Communications (special issue on Secure Communications), 11(5):679–693, June 1993. (Preliminary version: Crypto'91.)
S. Blake-Wilson, D. Johnson and A. Menezes, “Key exchange protocols and their security analysis,” Proceedings of the sixth IMA International Conference on Cryptography and Coding, 1997.
S. Blake-Wilson and A. Menezes, “Entity authentication and key transport protocols employing asymmetric techniques”, Security Protocols Workshop, 1997.
M. Burrows, M. Abadi and R. Needham, “A logic for authentication,” DEC Systems Research Center Technical Report 39, February 1990. Earlier versions in Proceedings of the Second Conference on Theoretical Aspects of Reasoning about Knowledge, 1988, and Proceedings of the Twelfth ACM Symposium on Operating Systems Principles, 1989.
R. Canetti, “Security and Composition of Multiparty Cryptographic Protocols”, Journal of Cryptology, Vol. 13, No. 1, 2000.
R. Canetti, “A unified framework for analyzing security of Protocols”, manuscript, 2000. Available at http://eprint.iacr.org/2000/067.
R. Canetti and H. Krawczyk, “Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels (Full Version)”, http://eprint.iacr.org/2001.
R. Canetti and H. Krawczyk, “Proving secure composition of key-exchange protocols with any application”, in preparation.
W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Trans. Info. Theory IT-22, November 1976, pp. 644–654.
W. Diffie, P. van Oorschot and M. Wiener, “Authentication and authenticated key exchanges”, Designs, Codes and Cryptography, 2, 1992, pp. 107–125.
O. Goldreich, “Foundations of Cryptography (Fragments of a book)”, Weizmann Inst. of Science, 1995. (Available at http://philby.ucsd.edu/cryptolib.html)
O. Goldreich, S. Goldwasser and S. Micali, “How to construct random functions,” Journal of the ACM, Vol. 33, No. 4, 210–217, (1986).
S. Goldwasser, and L. Levin, “Fair Computation of General Functions in Presence of Immoral Majority”, CRYPTO '90, LNCS 537, Springer-Verlag, 1990.
S. Goldwasser and S. Micali, Probabilistic encryption, JCSS, Vol. 28, No 2, April 1984, pp. 270–299.
S. Goldwasser, S. Micali and C. Rackoff, “The Knowledge Complexity of Interactive Proof Systems”, SIAM Journal on Comput., Vol. 18, No. 1, 1989, pp. 186–208.
C.G. Günther, “An identity-based key-exchange protocol”, Advances in Cryptology-EUROCRYPT'89, Lecture Notes in Computer Science Vol. 434, Springer-Verlag, 1990, pp. 29–37.
D. Harkins and D. Carrel, ed., “The Internet Key Exchange (IKE)”, RFC 2409, November 1998.
ISO/IEC IS 9798-3, “Entity authentication mechanisms — Part 3: Entity authentication using asymmetric techniques”, 1993.
H. Krawczyk, “The order of encryption and authentication for protecting communications (Or: how secure is SSL?)”, manuscript.
H. Krawczyk, “SKEME: A Versatile Secure Key Exchange Mechanism for Internet,”, Proceedings of the 1996 Internet Society Symposium on Network and Distributed System Security, Feb. 1996, pp. 114–127.
P. Lincoln, J. Mitchell, M. Mitchell, A. Schedrov, “A Probabilistic Poly-time Framework for Protocol Analysis”, 5th ACMConf. on Computer and System Security, 1998.
A. Menezes, P. Van Oorschot and S. Vanstone, “Handbook of Applied Cryptography,” CRC Press, 1996.
S. Micali and P. Rogaway, “Secure Computation”, unpublished manuscript, 1992. Preliminary version in CRYPTO 91.
R. Needham and M. Schroeder, “Using encryption for authentication in large networks of computers,” Communications of the ACM, Vol. 21, No. 12, December 1978, pp. 993–999.
B. Pfitzmann, M. Schunter and M. Waidner, “Secure Reactive Systems”, IBM Research Report RZ 3206 (#93252), IBM Research, Zurich, May 2000.
B. Pfitzmann and M. Waidner, “A General Framework for Formal Notions of’ secure’ System”, Hildesheimer Informatik-Berichte 11/94 Institut für Informatik, Universität Hildesheim, April 1994.
B. Pfitzmann and M. Waidner, “A model for asynchronous reactive systems and its application to secure message transmission”, IBM Research Report RZ 3304 (#93350), IBM Research, Zurich, December 2000.
V. Shoup, “On Formal Models for Secure Key Exchange”, Theory of Cryptography Library, 1999. Available at: http://philby.ucsd.edu/cryptolib/1999/99-12.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Canetti, R., Krawczyk, H. (2001). Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (eds) Advances in Cryptology — EUROCRYPT 2001. EUROCRYPT 2001. Lecture Notes in Computer Science, vol 2045. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44987-6_28
Download citation
DOI: https://doi.org/10.1007/3-540-44987-6_28
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42070-5
Online ISBN: 978-3-540-44987-4
eBook Packages: Springer Book Archive