M. Bellare, R. Canetti, and H. Krawczyk. Modular approach to the design and analysis of key exchange protocols. In 30th ACM STOC, pages 419-428, New York, NY, May 23-26 1998. ACM Press.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....for the bulk of the communication. At Eurocrypt 2001, Canetti and Krawczyk presented security de nitions for protocols of this form [8] They refer to such protocols as network channel protocols (or channel protocols for short) In their work, they derive a realistic adversarial model from [2] and formulate security de nitions using a mixture of both simulation based and indistinguishability based approaches. The former allows them to realistically and naturally capture the security properties of channel protocols and the settings in which the protocols are deployed. The latter allows ....

....a message M , rst compute its MAC via a message authentication scheme and encrypt the concatenation of M and the MAC to obtain the ciphertext to be transmitted. Decryption works in a natural way. Security model of Canetti and Krawczyk. In [8] Canetti and Krawczyk use the adversarial model of [2]: an adversary is in control of all message delivery and the execution of the protocol. In particular, once the setup phase of the protocol is completed, all parties in the system simply wait for activations from the adversary. Possible activations include sending messages, receiving messages, and ....

[Article contains additional citation context not shown here]

M. Bellare, R. Canetti, and H. Krawczyk. Modular approach to the design and analysis of key exchange protocols. In 30th ACM STOC, pages 419-428, New York, NY, May 23-26 1998. ACM Press.

....a unique ID number known to all parties. 14 Authentication Each message sent on the network come together with a tag, which identifies the sender. It is a convenience to assume that the network is authenticated but there is no loss of generality in doing so. We refer the reader to for instance [BCK98] for information on how to authenticate networks in a modular way fitting with the framework we present here. Non blocking All messages sent arrive at the intended receiver, the adversary cannot stop messages from arriving. Synchronous Execution of protocols is divided into rounds. During a ....

M. Bellare, R. Canetti, and H. Krawczyk. Modular approach to the design and analysis of key exchange protocols. In proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC-98) (New York, May 23--26

....are the most important approaches that have been proposed: 1. The use of verification logics such as BAN [15] to prove protocol properties. 2. Very high level programming languages in which security properties can be proved mechanically (i.e. by computers) 1] 3. Complete proofs of security [7, 6]. 4. The use of robustness principles, i.e. rules of thumb, protocol design principles [3] The biggest problem with the first approach is that encryption primitives are dissociated from the verification logics which implies that they do not provide complete proofs of security [6] As an example ....

....of security [7, 6] 4. The use of robustness principles, i.e. rules of thumb, protocol design principles [3] The biggest problem with the first approach is that encryption primitives are dissociated from the verification logics which implies that they do not provide complete proofs of security [6]. As an example of this problem one just needs to look at the problem of encryption and signature ordering: most verification logics do not complain when messages are encrypted before being signed which possibly results in a security vulnerability [3] The second approach seems promising however ....

[Article contains additional citation context not shown here]

BELLARE, M., CANETTI, R., AND KRAWCZYK, H. Modular approach to the design and analysis of key exchange protocols. In Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC-98) (New York, May 23--26 1998), ACM Press, pp. 419--428.

....are the most important approaches that have been proposed: 1. The use of verification logics such as BAN [18] to prove protocol properties. 2. Very high level programming languages in which security properties can be proved mechanically (i.e. by computers) 1] 3. Complete proofs of security [10, 9]. 4. The use of robustness principles, i.e. rules of thumb, protocol design principles [5] The biggest problem with the first approach is that encryption primitives are dissociated from the verification logics, which implies that they don t provide complete proofs of security [9] As an example ....

....of security [10, 9] 4. The use of robustness principles, i.e. rules of thumb, protocol design principles [5] The biggest problem with the first approach is that encryption primitives are dissociated from the verification logics, which implies that they don t provide complete proofs of security [9]. As an example of this problem one just needs to look at the problem of encryption and signature ordering: most verification logics don t complain when messages are encrypted before being signed which possibly results in a security vulnerability [5] The second approach seems very promising ....

[Article contains additional citation context not shown here]

BELLARE, M., CANETTI, R., AND KRAWCZYK, H. Modular approach to the design and analysis of key exchange protocols. In Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC-98) (New York, May 23--26 1998), ACM Press, pp. 419--428.

....here are the most important approaches that have been proposed: 1. The use of veri cation logics such as BAN [18] to prove protocol properties. 2. Very high level programming languages in which security properties can be proved mechanically (i.e. by computers) 1] 3. Complete proofs of security [10, 9]. 4. The use of robustness principles, i.e. rules of thumb, protocol design principles [5] The biggest problem with the rst approach is that encryption primitives are dissociated from the veri cation logics, which implies that they don t provide complete proofs of security [9] As an example ....

....of security [10, 9] 4. The use of robustness principles, i.e. rules of thumb, protocol design principles [5] The biggest problem with the rst approach is that encryption primitives are dissociated from the veri cation logics, which implies that they don t provide complete proofs of security [9]. As an example of this problem one just needs to look at the problem of encryption and signature ordering: most veri cation logics don t complain when messages are encrypted before being signed which possibly results in a security vulnerability [5] The second approach seems very promising ....

[Article contains additional citation context not shown here]

Bellare, M., Canetti, R., and Krawczyk, H. Modular approach to the design and analysis of key exchange protocols. In Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC-98) (New York, May 23-26 1998), ACM Press, pp. 419-428.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC