Desired Features and Design Methodologies of Secure Authenticated Key Exchange Protocols in the Public-Key Infrastructure Setting

Wang, Hao-Hsien

January 2004

The importance of an authenticated key exchange (AKE) protocol has long been known in the field of cryptography. Two of the questions still being asked today are (1) what properties or features does a secure AKE protocol possess, and (2) How does one, in a step by step fashion, create a secure AKE protocol? This thesis aims to answer these two questions. The thesis contains two parts: one is a survey of previous works on the desired features of the Station-to-Station (STS) protocol, and the other is a study of a previously proposed design methodology in designing secure AKE protocols, as well as contributing an original idea of such methodologies. Descriptions and comparisons of the two design methodologies are included. The thesis surveys the literature and conducts a case study of the STS protocol, analyzes various attacks on STS through some known attacks to it, and extracts the desired properties and features of a secure AKE protocol via the case study. This part of the thesis does not propose any new result, but summarizes a complete list of issues one should take consideration of while designing an AKE protocol. We also show that at the end of this part, a secure version of STS which possesses the desired features of an AKE protocol. The other major part of the thesis surveys one design methodology of creating a secure AKE protocol by Bellare, Canetti, and Krawczyk; it is based on having a secure key exchange protocol then adding (mutual) authentication to it. The thesis then proposes another original design methodology; it starts with a secure mutual authentication protocol, then adds the secure key exchange feature without modifying overheads and number of flows of the original mutual authentication protocol. We show in this part the "secure" AKE protocol developed through these two design approaches is identical to the secure version of STS described in the other part, and thus possesses the desired features of a secure AKE protocol. We also give a proof of security of the secure AKE protocol developed under our design methodology.

Computer Science

authentication

authenticated key exchange

Diffie-Hellman

Station-to-Station protocol

STS

Konkrétní bezpečnost protokolu IPSec / Concrete Security of the IPSec Protocol

Švarcová, Marie

January 2015

The main goal of this thesis is to articulate and to prove security properties of the key exchange protocol IKE, through which the IPSec protocol establishes agreement on keys used for securing internet traffic. It also covers the description of differences between asymptotic and concrete security treatments and the notions of key exchange security and the security of underlying primitives used by key exchange protocols, in the context of concrete security. A general description of IPSec and its main functionalities follows, accompanied by detailed descriptions of both versions of IKE (IKEv1, IKEv2). A general introduction to key exchange is also included and a representative of signature-based version of IKE is introduced and its security is analysed. Powered by TCPDF (www.tcpdf.org)

Desired Features and Design Methodologies of Secure Authenticated Key Exchange Protocols in the Public-Key Infrastructure Setting

Wang, Hao-Hsien

January 2004

The importance of an authenticated key exchange (AKE) protocol has long been known in the field of cryptography. Two of the questions still being asked today are (1) what properties or features does a secure AKE protocol possess, and (2) How does one, in a step by step fashion, create a secure AKE protocol? This thesis aims to answer these two questions. The thesis contains two parts: one is a survey of previous works on the desired features of the Station-to-Station (STS) protocol, and the other is a study of a previously proposed design methodology in designing secure AKE protocols, as well as contributing an original idea of such methodologies. Descriptions and comparisons of the two design methodologies are included. The thesis surveys the literature and conducts a case study of the STS protocol, analyzes various attacks on STS through some known attacks to it, and extracts the desired properties and features of a secure AKE protocol via the case study. This part of the thesis does not propose any new result, but summarizes a complete list of issues one should take consideration of while designing an AKE protocol. We also show that at the end of this part, a secure version of STS which possesses the desired features of an AKE protocol. The other major part of the thesis surveys one design methodology of creating a secure AKE protocol by Bellare, Canetti, and Krawczyk; it is based on having a secure key exchange protocol then adding (mutual) authentication to it. The thesis then proposes another original design methodology; it starts with a secure mutual authentication protocol, then adds the secure key exchange feature without modifying overheads and number of flows of the original mutual authentication protocol. We show in this part the "secure" AKE protocol developed through these two design approaches is identical to the secure version of STS described in the other part, and thus possesses the desired features of a secure AKE protocol. We also give a proof of security of the secure AKE protocol developed under our design methodology.

Computer Science

authentication

authenticated key exchange

Diffie-Hellman

Station-to-Station protocol

STS

Convenient Decentralized Authentication Using Passwords

Van Der Horst, Timothy W.

10 March 2010

Passwords are a very convenient way to authenticate. In terms of simplicity and portability they are very difficult to match. Nevertheless, current password-based login mechanisms are vulnerable to phishing attacks and typically require users to create and manage a new password for each of their accounts. This research investigates the potential for indirect/decentralized approaches to improve password-based authentication. Adoption of a decentralized authentication mechanism requires the agreement between users and service providers on a trusted third party that vouches for users' identities. Email providers are the de facto trusted third parties on the Internet. Proof of email address ownership is typically required to both create an account and to reset a password when it is forgotten. Despite its shortcomings (e.g., latency, vulnerability to passive attack), this approach is a practical solution to the difficult problem of authenticating strangers on the Internet. This research utilizes this emergent, lightweight relationship with email providers to offload primary user authentication from service providers; thus reducing the need for service provider-specific passwords. Our goal is to provide decentralized authentication that maintains the convenience and portability of passwords, while improving its assurances (especially against phishing). Our first step to leverage this emergent trust, Simple Authentication for the Web (SAW), improves the security and convenience of email-based authentications and moves them from the background into the forefront, replacing need for an account-specific password. Wireless Authenticationg using Remote Passwords (WARP) adapts the principles of SAW to authentication in wireless networks. Lightweight User AUthentication (Luau) improves upon WARP and unifies user authentication across the application and network (especially wireless) layers. Our final protocol, pwdArmor, started as a simple wrapper to facilitate the use of existing databases of password verifiers in Luau, but grew into a generic middleware framework that augments the assurances of conventional password protocols.

authentication

email-based authentication

passwords

password-authenticated key exchange

single sign-on

authentication in wireless networks

Computer Sciences

Formal Verification of a LTE Security Protocol for Dual-Connectivity : An Evaluation of Automatic Model Checking Tools

Pfeffer, Katharina

January 2014

Security protocols are ubiquitously used in various applications with the intention to ensure secure and private communication. To achieve this goal, a mechanism offering reliable and systematic protocol verification is needed. Accordingly, a major interest in academic research on formal methods for protocol analysis has been apparent for the last two decades. Such methods formalize the operational semantics of a protocol, laying the base for protocol verification with automatic model checking tools. So far, little work in this field has focused on protocol standardization. Within this thesis a security analysis of a novel Authenticated Key-Exchange (AKE) protocol for secure association handover between two Long-Term Evolution (LTE) base stations (which support dual-connectivity) is carried out by applying two state-of-the-art tools for automated model checking (Scyther and Tamarin Prover). In the course of this a formal protocol model and tool input models are developed. Finally, the suitability of the used tools for LTE protocol analysis is evaluated. The major outcome is that none of the two applied tools is capable to accurately model and verify the dual-connectivity protocol in such detail that it would make them particularly useful in the considered setting. The reason for this are restrictions in the syntax of Scyther and a degraded performance of Tamarin when using complex protocol input models. However, the use of formal methods in protocol standardization can be highly beneficial, since it implies a careful consideration of a protocol’s fundamentals. Hence, formal methods are helpful to improve and structure a protocol’s design process when applied in conjunction to current practices. / Säkerhetsprotokoll används i många typer av applikationer för att säkerställa säkerhet och integritet för kommunikation. För att uppnå detta mål behövs en behövs mekanismer som tillhandahåller pålitlig och systematisk verifiering av protokollen. Därför har det visats stort akademiskt intresse för forskning inom formell verifiering av säkerhetsprotokoll de senaste två decennierna. Sådana metoder formaliserar protokollsemantiken, vilket lägger grunden till automatiserad verifiering med modellverifieringsverktyg. Än så la¨nge har det inte varit stort focus på praktiska tilla¨mpningar, som t.ex. hur väl metoderna fungerar för de problem som dyker upp under en standardiseringsprocess. I detta examensarbete konstrueras en formell modell för ett säkerhetsprotokoll som etablerar en säkerhetsassociation mellan en terminal och två Long-Term Evolution (LTE) basstationer i ett delsystem kallat Dual Connectivity. Detta delsystem standardiseras för närvarande i 3GPP. Den formella modellen verifieras sedan med bästa tillgängliga verktyg för automatiserad modellverifiering (Scyther och Tamarin Prover). För att åstadkomma detta har den formella modellen implementerats i inmatningsspråken för de två verktygen.  Slutligen ha de två verktygen evaluerats. Huvudslutsatsen är att inget av de två verktygen tillräckligt väl kan modellera de koncept där maskinstödd verifiering som mest behövs. Skälen till detta är Scythers begränsade syntax, och Tamarins begränsade prestanda och möjlighet att terminera för komplexa protokollmodeller. Trots detta är formella metoder andvändbara i standardiseringsprocessen eftersom de tvingar fram väldigt noggrann granskning av protokollens fundamentala delar. Därför kan formella metoder bidra till att förbättra strukturen på protokollkonstruktionsprocessen om det kombineras med nuvarande metoder.

security

authenticated key-exchange

3GPP

LTE

formal methods

protocol verification

automated model checking

säkerhet

autentiserad etablering av nycklar

3GPP

LTE

formella metoder

protokollverifiering

automatiserad modellverifiering

Communication Systems

Kommunikationssystem