Improving the ISO/IEC 11770 Standard for Key Management Techniques

  • Cas Cremers
  • Marko Horvat
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8893)


We provide the first systematic analysis of the ISO/IEC 11770 standard for key management techniques [18,19], which describes a set of key exchange, key authentication, and key transport protocols. We analyse the claimed security properties, as well as additional modern requirements on key management protocols, for 30 protocols and their variants. Our formal, tool-supported analysis of the protocols uncovers several incorrect claims in the standard. We provide concrete suggestions for improving the standard.


Message Authentication Code Forward Secrecy Transport Layer Security Entity Authentication Perfect Forward Secrecy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barker, E., Johnson, D., Smid, M.: NIST SP 800-56: Recommendation for pair-wise key establishment schemes using discrete logarithm cryptography (revised) (2007)Google Scholar
  2. 2.
    Basin, D., Cremers, C.: Modeling and analyzing security in the presence of compromising adversaries. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 340–356. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  3. 3.
    Basin, D., Cremers, C., Horvat, M.: Actor key compromise: Consequences and countermeasures. In: Proc. of the 27th IEEE Computer Security Foundations Symposium (CSF) (to appear, 2014)Google Scholar
  4. 4.
    Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. Journal of Computer Security 21(6), 817–846 (2013)Google Scholar
  5. 5.
    Basin, D., Cremers, C., Miyazaki, K., Radomirovic, S., Watanabe, D.: Improving the security of cryptographic protocol standards. IEEE Security & Privacy (2014)Google Scholar
  6. 6.
    Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)Google Scholar
  7. 7.
    Blake-Wilson, S., Menezes, A.: Unknown Key-Share Attacks on the Station-to-Station (STS) Protocol (1999)Google Scholar
  8. 8.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Information Security and Cryptography. Springer (2003)Google Scholar
  9. 9.
    Chen, L., Mitchell, C.J.: Parsing ambiguities in authentication and key establishment protocols. Int. J. Electron. Secur. Digit. Forensics 3(1), 82–94 (2010)CrossRefGoogle Scholar
  10. 10.
    Cheng, Z., Comley, R.: Attacks on an ISO/IEC 11770-2 key establishment protocol. I. J. Network Security 3(3), 290–295 (2006)Google Scholar
  11. 11.
    Cremers, C.J.F.: The Scyther Tool: Verification, falsification, and analysis of security protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008), Available for download at CrossRefGoogle Scholar
  12. 12.
    Cremers, C., Feltz, M.: Beyond eCK: Perfect forward secrecy under actor compromise and ephemeral-key reveal. Designs, Codes and Cryptography, 1–36 (2013)Google Scholar
  13. 13.
    Cremers, C., Mauw, S.: Operational Semantics and Verification of Security Protocols. Information Security and Cryptography. Springer (2012)Google Scholar
  14. 14.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) protocol version 1.2. IETF RFC 5246 (August 2008)Google Scholar
  15. 15.
    European Payments Council. Guidelines on algorithms usage and key management. Technical report, EPC342-08 Version 1.1 (2009)Google Scholar
  16. 16.
    Horng, G., Hsu, C.-K.: Weakness in the Helsinki protocol. Electronics Letters 34, 354–355(1) (1998)CrossRefGoogle Scholar
  17. 17.
    International Organization for Standardization, Genève, Switzerland. ISO/IEC 9798-2:2008, Information technology – Security techniques – Entity Authentication – Part 2: Mechanisms using symmetric encipherment algorithms, 3rd edn. (2008)Google Scholar
  18. 18.
    International Organization for Standardization, Genève, Switzerland. ISO/IEC 11770-2:2008, Information technology – Security techniques – Key Management – Part 2: Mechanisms using Symmetric Techniques, 2009. Incorporating corrigendum (September 2009)Google Scholar
  19. 19.
    International Organization for Standardization, Genève, Switzerland. ISO/IEC 11770-3:2008, Information technology – Security techniques – Key Management – Part 3: Mechanisms using Asymmetric Techniques, Incorporating corrigendum (September 2009)Google Scholar
  20. 20.
    Krawczyk, H.: HMQV: A high-performance secure Diffie-Hellman protocol. Cryptology ePrint Archive, Report 2005/176 (2005), (retrieved on June 1, 2014)
  21. 21.
    Law, L., Menezes, A., Qu, M., Solinas, J., Vanstone, S.: An efficient protocol for authenticated key agreement. Designs, Codes and Cryptography 28, 119–134 (2003)CrossRefMathSciNetzbMATHGoogle Scholar
  22. 22.
    Lowe, G.: A hierarchy of authentication specifications. In: Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pp. 31–44. IEEE (1997)Google Scholar
  23. 23.
    Mathuria, A., Sriram, G.: New attacks on ISO key establishment protocols. IACR Cryptology ePrint Archive, 2008:336 (2008)Google Scholar
  24. 24.
    Mitchell, C.J., Yeun, C.Y.: Fixing a problem in the Helsinki protocol. SIGOPS Oper. Syst. Rev. 32(4), 21–24 (1998)CrossRefGoogle Scholar
  25. 25.
    Schmid, L.: Improving the ISO/IEC 11770 standard, Bachelor’s thesis, ETH Zurich, Switzerland (2013)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Cas Cremers
    • 1
  • Marko Horvat
    • 1
  1. 1.University of OxfordOxfordUK

Personalised recommendations