DocumentCode :
3255793
Title :
Authentication without Elision: Partially Specified Protocols, Associated Data, and Cryptographic Models Described by Code
Author :
Rogaway, Phillip ; Stegers, Till
Author_Institution :
Dept. of Comput. Sci., Univ. of California at Davis, Davis, CA, USA
fYear :
2009
fDate :
8-10 July 2009
Firstpage :
26
Lastpage :
39
Abstract :
Specification documents for real-world authentication protocols typically mandate some aspects of a protocol´s behavior but leave other features optional or undefined. In addition, real-world schemes often include parameter negotiations, authenticate associated data, and support a multiplicity of options. The cryptographic community has routinely elided such matters from our definitions, schemes, and proofs. We propose encompassing them by explicitly modeling the presence of unspecified protocol functionality. To demonstrate, we provide a new treatment for mutual authentication in the public-key setting, doing this in the computational cryptographic tradition. In our model, compactly described in pseudocode, a protocol core (PC) will call out to protocol details (PD), but, for defining security, such calls will be serviced by the adversary. Parties accepting an authentication exchange will output a string of associated data, the value of which may be determined by the PD calls. We illustrate the approach by re-proving security for the Needham-Schroeder-Lowe public-key protocol, but extended in a manner that would be typical were the mechanism embedded in a real-world standard.
Keywords :
cryptographic protocols; public key cryptography; Needham-Schroeder-Lowe public-key protocol; associated data; authentication protocol; code; computational cryptography; cryptographic model; mutual authentication; partially specified protocol; protocol core; protocol detail; Authentication; Computer science; Computer security; Cryptographic protocols; Cryptography; Data mining; Data security; Information security; Public key; Needham-Schroeder-Lowe protocol; associated data; authentication; provable security; security models;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Computer Security Foundations Symposium, 2009. CSF '09. 22nd IEEE
Conference_Location :
Port Jefferson, NY
ISSN :
1940-1434
Print_ISBN :
978-0-7695-3712-2
Type :
conf
DOI :
10.1109/CSF.2009.23
Filename :
5230489
Link To Document :
بازگشت