Computationally Analyzing the ISO 9798–2.4 Authentication Protocol
We provide a computational analysis of the ISO 9798–2.4 mutual authentication standard protocol in the model of Bellare and Rogaway. In contrast to typical analyses of standardized protocols, we include the optional data fields specified in the standard by applying the framework of Rogaway and Stegers. To our knowledge this is the first application of the Rogaway–Stegers technique in a standardized protocol. As well as a precise definition of the computational security properties achieved by the protocol, our analysis supplies concrete security requirements for the cryptographic primitive applied, which are absent from the protocol standard. We show that a message authentication code can be used to replace the encryption primitive if desired and that if authenticated encryption is applied it must be strongly unforgeable.
KeywordsISO 9798 Bellare–Rogaway model real-world protocol analysis
Unable to display preview. Download preview PDF.
- 2.Basin, D., Cremers, C.J.F., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. Journal of Computer Security 21(6), 817–846 (2013)Google Scholar
- 5.Blake-Wilson, S., Johnson, D., Menezes, A.: Key agreement protocols and their security analysis. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 30–45. Springer, Heidelberg (1997)Google Scholar
- 6.ISO. Information technology – security techniques – entity authentication – part 2: Mechanisms using symmetric encipherment algorithms. ISO ISO/IEC 9798-2:2008, International Organization for Standardization, Geneva, Switzerland (2008)Google Scholar
- 7.ISO. Information technology – security techniques – entity authentication – part 2: Mechanisms using symmetric encipherment algorithms. ISO ISO/IEC 9798-2:2008/Cor 1:2010, International Organization for Standardization, Geneva, Switzerland, Technical Corrigendum 1 (2010)Google Scholar
- 11.Rogaway, P.: Authenticated-Encryption with Associated-Data. In: Ninth ACM Conference on Computer and Communications Security (CCS-9). ACM Press (2002)Google Scholar
- 12.Rogaway, P., Bellare, M., Black, J.: OCB: A Block-Cipher Mode of Operation for Efficient Authenticated Encryption. In: Eighth ACM Conference on Computer and Communications Security (CCS–8), pp. 365–403. ACM Press (2003)Google Scholar
- 13.Rogaway, P., Stegers, T.: Authentication without Elision: Partially Specified Protocols, Associated Data, and Cryptographic Models Described by Code. In: Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium, pp. 26–39. IEEE Computer Society (2009)Google Scholar