Designing secure key exchange protocols
Protocols for authentication and key exchange have proved difficult to develop correctly despite their apparent simplicity in terms of the length and number of messages involved. A number of formal techniques have been developed to help analyse such protocols and have been useful in detecting errors. Nevertheless it is still difficult to be certain that a particular protocol is correct.
This paper explores a different approach; instead of analysing existing protocols the aim is to design protocols to be secure in the first place. A methodology is developed for designing key exchange protocols in a restricted way such that they must be correct according to a defined security criterion. The protocols are defined abstractly with the cryptographic operations specified only according to their basic functions. This allows the protocols to be made concrete in a variety of ways. A number of concrete protocols are presented, some of which appear novel and, at the same time, efficient in comparison with existing ones.
KeywordsCryptographic protocols key management authentication
Unable to display preview. Download preview PDF.
- 1.C.A.Boyd, Security Architectures using Formal Methods, IEEE Journal on Selected Areas on Communications, June 1993, pp. 694–701.Google Scholar
- 2.C.A.Boyd and W.Mao, On a Limitation of BAN logic, Proceedings of Eurocrypt 93, Springer-Verlag 1993.Google Scholar
- 4.D.W.Davies and W.L.Price, Security for Computer Networks, John Wiley and Sons, 1989.Google Scholar
- 6.W.Diffie, P.C.VanOorschot and M.Wiener, Authentication and Authenticated Key Exchanges, Designs, Codes and Cryptography, 2, pp. 107–125 (1992).Google Scholar
- 7.L.Gong, R.Needham & R.Yahalom, Reasoning about Belief in Cryptographic Protocols Proceedings of the 1990 IEEE Computer Society Symposium on Security and Privacy, pp. 234–248, IEEE Computer Society Press, 1990.Google Scholar
- 8.L.Gong, Variations on the Themes of Message Freshness and Replay, IEEE Security Foundations Workshop, pp. 131–136, 1993.Google Scholar
- 9.L.Gong, Increasing Availability and Security of an Authentication Service, IEEE Journal on Selected Areas on Communications, June 1993, pp. 657–662.Google Scholar
- 10.C.B.Jones, Systematic Software Development Using VDM, Prentice-Hall, 1986.Google Scholar
- 11.W.Mao and C.A.Boyd Towards Formal Analysis of Security Protocols, IEEE Security Foundations Workshop, pp. 147–158, IEEE Press, 1993.Google Scholar
- 12.W.Mao and C.A.Boyd, On the use of Encryption in Cryptographic Protocols, Proceedings of 4th IMA Conference on Coding and Cryptography, to appear.Google Scholar
- 13.C.Meadows, A System for the Specification and Analysis of Key Management Protocols, Proceedings of the 1991 IEEE Computer Society Symposium on Security and Privacy, pp. 182–195, IEEE Computer Society Press, 1991.Google Scholar
- 19.R.L.Rivest, The MD4 Message Digest Algorithm, Advances in Cryptology-CRYPTO '90, Springer-Verlag, 1991.Google Scholar
- 20.C.E.Shannon, Communication Theory of Secrecy Systems, Bell Systems Technical Journal, pp. 656–715, 1949.Google Scholar
- 21.G.J.Simmons, A Survey of Information Authentication, in Contemporary Cryptology, G.J.Simmons Ed., pp. 379–419, IEEE Press, 1992.Google Scholar
- 22.E.Snekkenes, Exploring the BAN Approach to Protocol Analysis, Computer Security Foundations Workshop, pp. 171–181, IEEE Press, 1991.Google Scholar
- 23.P.Syverson, The Use of Logic in the Analysis of Cryptographic Protocols, IEEE Symposium on Security and Privacy, pp. 156–170, 1991.Google Scholar