UnivTrevesV1, Istex, Corpus, bibRecord, 001B57

Ideal Key Derivation and Encryption in Simulation-Based Security

Identifieur interne : 001B57 ( Istex/Corpus ); précédent : 001B56; suivant : 001B58

Ideal Key Derivation and Encryption in Simulation-Based Security

Auteurs : Ralf Küsters ; Max Tuengerthal

Source :

Lecture Notes in Computer Science [ 0302-9743 ] ; 2011.

RBID : ISTEX:FB032C108B47A12441DBD5E4BCF246ED4B8C8839

Abstract

Abstract: Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.

Url:

https://api.istex.fr/document/FB032C108B47A12441DBD5E4BCF246ED4B8C8839/fulltext/pdf

DOI: 10.1007/978-3-642-19074-2_12

Links to Exploration step

ISTEX:FB032C108B47A12441DBD5E4BCF246ED4B8C8839

Le document en format XML

<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Ideal Key Derivation and Encryption in Simulation-Based Security</title>
<author><name sortKey="Kusters, Ralf" sort="Kusters, Ralf" uniqKey="Kusters R" first="Ralf" last="Küsters">Ralf Küsters</name>
<affiliation><mods:affiliation>University of Trier, Germany</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: kuesters@uni-trier.de</mods:affiliation>
</affiliation>
</author>
<author><name sortKey="Tuengerthal, Max" sort="Tuengerthal, Max" uniqKey="Tuengerthal M" first="Max" last="Tuengerthal">Max Tuengerthal</name>
<affiliation><mods:affiliation>University of Trier, Germany</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: tuengerthal@uni-trier.de</mods:affiliation>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">ISTEX</idno>
<idno type="RBID">ISTEX:FB032C108B47A12441DBD5E4BCF246ED4B8C8839</idno>
<date when="2011" year="2011">2011</date>
<idno type="doi">10.1007/978-3-642-19074-2_12</idno>
<idno type="url">https://api.istex.fr/document/FB032C108B47A12441DBD5E4BCF246ED4B8C8839/fulltext/pdf</idno>
<idno type="wicri:Area/Istex/Corpus">001B57</idno>
<idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">001B57</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Ideal Key Derivation and Encryption in Simulation-Based Security</title>
<author><name sortKey="Kusters, Ralf" sort="Kusters, Ralf" uniqKey="Kusters R" first="Ralf" last="Küsters">Ralf Küsters</name>
<affiliation><mods:affiliation>University of Trier, Germany</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: kuesters@uni-trier.de</mods:affiliation>
</affiliation>
</author>
<author><name sortKey="Tuengerthal, Max" sort="Tuengerthal, Max" uniqKey="Tuengerthal M" first="Max" last="Tuengerthal">Max Tuengerthal</name>
<affiliation><mods:affiliation>University of Trier, Germany</mods:affiliation>
</affiliation>
<affiliation><mods:affiliation>E-mail: tuengerthal@uni-trier.de</mods:affiliation>
</affiliation>
</author>
</analytic>
<monogr></monogr>
<series><title level="s">Lecture Notes in Computer Science</title>
<imprint><date>2011</date>
</imprint>
<idno type="ISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="ISSN">0302-9743</idno>
</series>
<idno type="istex">FB032C108B47A12441DBD5E4BCF246ED4B8C8839</idno>
<idno type="DOI">10.1007/978-3-642-19074-2_12</idno>
<idno type="ChapterID">12</idno>
<idno type="ChapterID">Chap12</idno>
</biblStruct>
</sourceDesc>
<seriesStmt><idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass></textClass>
<langUsage><language ident="en">en</language>
</langUsage>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">Abstract: Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.</div>
</front>
</TEI>
<istex><corpusName>springer</corpusName>
<author><json:item><name>Ralf Küsters</name>
<affiliations><json:string>University of Trier, Germany</json:string>
<json:string>E-mail: kuesters@uni-trier.de</json:string>
</affiliations>
</json:item>
<json:item><name>Max Tuengerthal</name>
<affiliations><json:string>University of Trier, Germany</json:string>
<json:string>E-mail: tuengerthal@uni-trier.de</json:string>
</affiliations>
</json:item>
</author>
<language><json:string>eng</json:string>
</language>
<originalGenre><json:string>OriginalPaper</json:string>
</originalGenre>
<abstract>Abstract: Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.</abstract>
<qualityIndicators><score>8.816</score>
<pdfVersion>1.6</pdfVersion>
<pdfPageSize>429.725 x 659.895 pts</pdfPageSize>
<refBibsNative>false</refBibsNative>
<keywordCount>0</keywordCount>
<abstractCharCount>1363</abstractCharCount>
<pdfWordCount>9917</pdfWordCount>
<pdfCharCount>53080</pdfCharCount>
<pdfPageCount>19</pdfPageCount>
<abstractWordCount>193</abstractWordCount>
</qualityIndicators>
<title>Ideal Key Derivation and Encryption in Simulation-Based Security</title>
<chapterId><json:string>12</json:string>
<json:string>Chap12</json:string>
</chapterId>
<refBibs><json:item><host><author><json:item><name>A </name>
</json:item>
</author>
</host>
</json:item>
<json:item><host><author><json:item><name>S,A </name>
</json:item>
</author>
</host>
</json:item>
<json:item><host><pages><last>3</last>
<first>3</first>
</pages>
<author><json:item><name>A </name>
</json:item>
</author>
</host>
</json:item>
<json:item><host><author><json:item><name>S,A </name>
</json:item>
</author>
</host>
</json:item>
<json:item><author><json:item><name>M Backes</name>
</json:item>
<json:item><name>M Dürmuth</name>
</json:item>
<json:item><name>R Küsters</name>
</json:item>
</author>
<host><pages><last>120</last>
<first>108</first>
</pages>
<author></author>
<title>FSTTCS 2007</title>
<publicationDate>2007</publicationDate>
</host>
<title>On Simulatability Soundness and Mapping Soundness of Symbolic Cryptography</title>
<publicationDate>2007</publicationDate>
</json:item>
<json:item><author><json:item><name>M Backes</name>
</json:item>
<json:item><name>B Pfitzmann</name>
</json:item>
</author>
<host><pages><last>218</last>
<first>204</first>
</pages>
<author></author>
<title>CSFW-17 2004</title>
<publicationDate>2004</publicationDate>
</host>
<title>Symmetric Encryption in a Simulatable Dolev-Yao Style Cryptographic Library</title>
<publicationDate>2004</publicationDate>
</json:item>
<json:item><author><json:item><name>M Bellare</name>
</json:item>
<json:item><name>D Pointcheval</name>
</json:item>
<json:item><name>P Rogaway</name>
</json:item>
</author>
<host><pages><last>155</last>
<first>139</first>
</pages>
<author></author>
<title>EUROCRYPT 2000</title>
<publicationDate>2000</publicationDate>
</host>
<title>Authenticated Key Exchange Secure against Dictionary Attacks</title>
<publicationDate>2000</publicationDate>
</json:item>
<json:item><author><json:item><name>M Bellare</name>
</json:item>
<json:item><name>P Rogaway</name>
</json:item>
</author>
<host><pages><last>66</last>
<first>57</first>
</pages>
<author></author>
<title>STOC 1995</title>
<publicationDate>1995</publicationDate>
</host>
<title>Provably Secure Session Key Distribution: The Three Party Case</title>
<publicationDate>1995</publicationDate>
</json:item>
<json:item><host><pages><last>468</last>
<first>459</first>
</pages>
<author><json:item><name>K Bhargavan</name>
</json:item>
<json:item><name>C Fournet</name>
</json:item>
<json:item><name>R Corin</name>
</json:item>
<json:item><name>E Zalinescu</name>
</json:item>
</author>
<title>Cryptographically Verified Implementations for TLS</title>
<publicationDate>2008</publicationDate>
</host>
</json:item>
<json:item><author><json:item><name>J Black</name>
</json:item>
<json:item><name>P Rogaway</name>
</json:item>
<json:item><name>T Shrimpton</name>
</json:item>
</author>
<host><pages><last>75</last>
<first>62</first>
</pages>
<author></author>
<title>SAC 2002</title>
<publicationDate>2003</publicationDate>
</host>
<title>Encryption-Scheme Security in the Presence of Key- Dependent Messages</title>
<publicationDate>2003</publicationDate>
</json:item>
<json:item><author><json:item><name>B Blanchet</name>
</json:item>
<json:item><name>A,D Jaggard</name>
</json:item>
<json:item><name>A Scedrov</name>
</json:item>
<json:item><name>J.-K Tsay</name>
</json:item>
</author>
<host><pages><last>99</last>
<first>87</first>
</pages>
<author></author>
<title>ASIACCS</title>
<publicationDate>2008</publicationDate>
</host>
<title>Computationally Sound Mechanized Proofs for Basic and Public-key Kerberos</title>
<publicationDate>2008</publicationDate>
</json:item>
<json:item><host><pages><last>145</last>
<first>136</first>
</pages>
<author><json:item><name>R Canetti</name>
</json:item>
</author>
<title>Universally Composable Security: A New Paradigm for Cryptographic Protocols</title>
<publicationDate>2001</publicationDate>
</host>
</json:item>
<json:item><host><pages><last>233</last>
<first>219</first>
</pages>
<author><json:item><name>R Canetti</name>
</json:item>
</author>
<title>Universally Composable Signature, Certification, and Authentication</title>
<publicationDate>2004</publicationDate>
</host>
</json:item>
<json:item><author><json:item><name>R Canetti</name>
</json:item>
</author>
<host><author></author>
<title>Cryptology ePrint Archive</title>
<publicationDate>2005-12</publicationDate>
</host>
<title>Universally Composable Security: A New Paradigm for Cryptographic Protocols</title>
<publicationDate>2005-12</publicationDate>
</json:item>
<json:item><author><json:item><name>R Canetti</name>
</json:item>
<json:item><name>H Krawczyk</name>
</json:item>
</author>
<host><pages><last>161</last>
<first>143</first>
</pages>
<author></author>
<title>CRYPTO 2002</title>
<publicationDate>2002</publicationDate>
</host>
<title>Security Analysis of IKE's Signature-Based Key-Exchange Protocol</title>
<publicationDate>2002</publicationDate>
</json:item>
<json:item><author><json:item><name>R Canetti</name>
</json:item>
<json:item><name>H Krawczyk</name>
</json:item>
</author>
<host><pages><last>351</last>
<first>337</first>
</pages>
<author></author>
<title>EUROCRYPT 2002</title>
<publicationDate>2002</publicationDate>
</host>
<title>Universally Composable Notions of Key Exchange and Secure Channels</title>
<publicationDate>2002</publicationDate>
</json:item>
<json:item><author><json:item><name>R Canetti</name>
</json:item>
<json:item><name>T Rabin</name>
</json:item>
</author>
<host><pages><last>281</last>
<first>265</first>
</pages>
<author></author>
<title>CRYPTO 2003</title>
<publicationDate>2003</publicationDate>
</host>
<title>Universal Composition with Joint State</title>
<publicationDate>2003</publicationDate>
</json:item>
<json:item><host><author><json:item><name>H Comon-Lundh</name>
</json:item>
<json:item><name>V Cortier</name>
</json:item>
</author>
<title>Computational soundness of observational equivalence</title>
</host>
</json:item>
<json:item><author><json:item><name>V Cortier</name>
</json:item>
<json:item><name>S Kremer</name>
</json:item>
<json:item><name>R Küsters</name>
</json:item>
<json:item><name>B Warinschi</name>
</json:item>
</author>
<host><pages><last>187</last>
<first>176</first>
</pages>
<author></author>
<title>FSTTCS 2006</title>
<publicationDate>2006</publicationDate>
</host>
<title>Computationally Sound Symbolic Secrecy in the Presence of Hash Functions</title>
<publicationDate>2006</publicationDate>
</json:item>
<json:item><author><json:item><name>S Gajek</name>
</json:item>
<json:item><name>M Manulis</name>
</json:item>
<json:item><name>O Pereira</name>
</json:item>
<json:item><name>A Sadeghi</name>
</json:item>
<json:item><name>J Schwenk</name>
</json:item>
</author>
<host><pages><last>327</last>
<first>313</first>
</pages>
<author></author>
<title>ProvSec 2008</title>
<publicationDate>2008</publicationDate>
</host>
<title>Universally Composable Security Analysis of TLS</title>
<publicationDate>2008</publicationDate>
</json:item>
<json:item><host><author><json:item><name>C He</name>
</json:item>
<json:item><name>J,C Mitchell</name>
</json:item>
</author>
<title>Security Analysis and Improvements for IEEE 802.11i</title>
<publicationDate>2005</publicationDate>
</host>
</json:item>
<json:item><host><pages><last>15</last>
<first>2</first>
</pages>
<author><json:item><name>C He</name>
</json:item>
<json:item><name>M Sundararajan</name>
</json:item>
<json:item><name>A Datta</name>
</json:item>
<json:item><name>A Derek</name>
</json:item>
<json:item><name>J,C Mitchell</name>
</json:item>
</author>
<title>A Modular Correctness Proof of IEEE 802.11i and TLS</title>
<publicationDate>2005</publicationDate>
</host>
</json:item>
<json:item><author><json:item><name>D Hofheinz</name>
</json:item>
<json:item><name>D Unruh</name>
</json:item>
<json:item><name>J Müller-Quade</name>
</json:item>
</author>
<host><author></author>
<title>Cryptology ePrint Archive</title>
<publicationDate>2009</publicationDate>
</host>
<title>Polynomial Runtime and Composability</title>
<publicationDate>2009</publicationDate>
</json:item>
<json:item><author></author>
<host><volume>802</volume>
<pages><last>2007</last>
<first>11</first>
</pages>
<author></author>
<title>IEEE Standard</title>
<publicationDate>2007-06</publicationDate>
</host>
<title>Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, Part 11 of IEEE Standard for Information technology – Telecommunications and information exchange between systems – Local and metropolitan area networks – Specific requirements</title>
<publicationDate>2007-06</publicationDate>
</json:item>
<json:item><author><json:item><name>K Kobara</name>
</json:item>
<json:item><name>S Shin</name>
</json:item>
<json:item><name>M Strefler</name>
</json:item>
</author>
<host><pages><last>170</last>
<first>161</first>
</pages>
<author></author>
<title>ASIACCS 2009</title>
<publicationDate>2009</publicationDate>
</host>
<title>Partnership in key exchange protocols</title>
<publicationDate>2009</publicationDate>
</json:item>
<json:item><host><pages><last>320</last>
<first>309</first>
</pages>
<author><json:item><name>R Küsters</name>
</json:item>
</author>
<title>Simulation-Based Security with Inexhaustible Interactive Turing Machines</title>
<publicationDate>2006</publicationDate>
</host>
</json:item>
<json:item><host><pages><last>284</last>
<first>270</first>
</pages>
<author><json:item><name>R Küsters</name>
</json:item>
<json:item><name>M Tuengerthal</name>
</json:item>
</author>
<title>Joint State Theorems for Public-Key Encryption and Digitial Signature Functionalities with Local Computation</title>
<publicationDate>2008</publicationDate>
</host>
</json:item>
<json:item><host><pages><last>100</last>
<first>91</first>
</pages>
<author><json:item><name>R Küsters</name>
</json:item>
<json:item><name>M Tuengerthal</name>
</json:item>
</author>
<title>Computational Soundness for Key Exchange Protocols with Symmetric Encryption</title>
<publicationDate>2009</publicationDate>
</host>
</json:item>
<json:item><host><pages><last>307</last>
<first>293</first>
</pages>
<author><json:item><name>R Küsters</name>
</json:item>
<json:item><name>M Tuengerthal</name>
</json:item>
</author>
<title>Universally Composable Symmetric Encryption</title>
<publicationDate>2009</publicationDate>
</host>
</json:item>
<json:item><author><json:item><name>R Küsters</name>
</json:item>
<json:item><name>M Tuengerthal</name>
</json:item>
</author>
<host><author></author>
<title>Cryptology ePrint Archive</title>
<publicationDate>2010</publicationDate>
</host>
<title>Ideal Key Derivation and Encryption in Simulation-based Security</title>
<publicationDate>2010</publicationDate>
</json:item>
<json:item><author><json:item><name>D Micciancio</name>
</json:item>
<json:item><name>B Warinschi</name>
</json:item>
</author>
<host><pages><last>151</last>
<first>133</first>
</pages>
<author></author>
<title>TCC 2004</title>
<publicationDate>2004</publicationDate>
</host>
<title>Soundness of Formal Encryption in the Presence of Active Adversaries</title>
<publicationDate>2004</publicationDate>
</json:item>
<json:item><author><json:item><name>P Morrissey</name>
</json:item>
<json:item><name>N,P Smart</name>
</json:item>
<json:item><name>B Warinschi</name>
</json:item>
</author>
<host><pages><last>73</last>
<first>55</first>
</pages>
<author></author>
<title>ASIACRYPT 2008</title>
<publicationDate>2008</publicationDate>
</host>
<title>A Modular Security Analysis of the TLS Handshake Protocol</title>
<publicationDate>2008</publicationDate>
</json:item>
<json:item><host><pages><first>2009</first>
</pages>
<author><json:item><name>T Ohigashi</name>
</json:item>
<json:item><name>M Morii</name>
</json:item>
</author>
<title>A Practical Message Falsification Attack on WPA</title>
<publicationDate>2009</publicationDate>
</host>
</json:item>
<json:item><host><pages><last>201</last>
<first>184</first>
</pages>
<author><json:item><name>B Pfitzmann</name>
</json:item>
<json:item><name>M Waidner</name>
</json:item>
</author>
<title>A Model for Asynchronous Reactive Systems and its Application to Secure Message Transmission</title>
<publicationDate>2001</publicationDate>
</host>
</json:item>
<json:item><author><json:item><name>A Roy</name>
</json:item>
<json:item><name>A Datta</name>
</json:item>
<json:item><name>A Derek</name>
</json:item>
<json:item><name>J,C Mitchell</name>
</json:item>
</author>
<host><pages><last>234</last>
<first>219</first>
</pages>
<author></author>
<title>ESORICS 2007</title>
<publicationDate>2007</publicationDate>
</host>
<title>Inductive Proofs of Computational Secrecy</title>
<publicationDate>2007</publicationDate>
</json:item>
<json:item><author><json:item><name>E Tews</name>
</json:item>
<json:item><name>M Beck</name>
</json:item>
</author>
<host><pages><last>86</last>
<first>79</first>
</pages>
<author></author>
<title>WISEC 2009</title>
<publicationDate>2009</publicationDate>
</host>
<title>Practical Attacks against WEP and WPA</title>
<publicationDate>2009</publicationDate>
</json:item>
<json:item><author><json:item><name>F Zhang</name>
</json:item>
<json:item><name>J Ma</name>
</json:item>
<json:item><name>S Moon</name>
</json:item>
</author>
<host><pages><last>493</last>
<first>488</first>
</pages>
<author></author>
<title>CIS 2005</title>
<publicationDate>2005</publicationDate>
</host>
<title>The Security Proof of a 4-Way Handshake Protocol in IEEE 802.11i</title>
<publicationDate>2005</publicationDate>
</json:item>
</refBibs>
<genre><json:string>conference</json:string>
</genre>
<serie><editor><json:item><name>David Hutchison</name>
<affiliations><json:string>Lancaster University, Lancaster, UK</json:string>
</affiliations>
</json:item>
<json:item><name>Takeo Kanade</name>
<affiliations><json:string>Carnegie Mellon University, Pittsburgh, PA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Josef Kittler</name>
<affiliations><json:string>University of Surrey, Guildford, UK</json:string>
</affiliations>
</json:item>
<json:item><name>Jon M. Kleinberg</name>
<affiliations><json:string>Cornell University, Ithaca, NY, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Friedemann Mattern</name>
<affiliations><json:string>ETH Zurich, Zurich, Switzerland</json:string>
</affiliations>
</json:item>
<json:item><name>John C. Mitchell</name>
<affiliations><json:string>Stanford University, Stanford, CA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Moni Naor</name>
<affiliations><json:string>Weizmann Institute of Science, Rehovot, Israel</json:string>
</affiliations>
</json:item>
<json:item><name>Oscar Nierstrasz</name>
<affiliations><json:string>University of Bern, Bern, Switzerland</json:string>
</affiliations>
</json:item>
<json:item><name>C. Pandu Rangan</name>
<affiliations><json:string>Indian Institute of Technology, Madras, India</json:string>
</affiliations>
</json:item>
<json:item><name>Bernhard Steffen</name>
<affiliations><json:string>University of Dortmund, Dortmund, Germany</json:string>
</affiliations>
</json:item>
<json:item><name>Madhu Sudan</name>
<affiliations><json:string>Massachusetts Institute of Technology, MA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Demetri Terzopoulos</name>
<affiliations><json:string>University of California, Los Angeles, CA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Doug Tygar</name>
<affiliations><json:string>University of California, Berkeley, CA, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Moshe Y. Vardi</name>
<affiliations><json:string>Rice University, Houston, TX, USA</json:string>
</affiliations>
</json:item>
<json:item><name>Gerhard Weikum</name>
<affiliations><json:string>Max-Planck Institute of Computer Science, Saarbrücken, Germany</json:string>
</affiliations>
</json:item>
</editor>
<issn><json:string>0302-9743</json:string>
</issn>
<language><json:string>unknown</json:string>
</language>
<eissn><json:string>1611-3349</json:string>
</eissn>
<title>Lecture Notes in Computer Science</title>
<copyrightDate>2011</copyrightDate>
</serie>
<host><editor><json:item><name>Aggelos Kiayias</name>
<affiliations><json:string>Department of Informatics and Telecommunications, National and Kapodistrian University of Athen, Panepistimiopolis Ilisia, 15784, Athens, Greece</json:string>
<json:string>E-mail: aggelos@kiayias.com</json:string>
</affiliations>
</json:item>
</editor>
<subject><json:item><value>Computer Science</value>
</json:item>
<json:item><value>Computer Science</value>
</json:item>
<json:item><value>Data Encryption</value>
</json:item>
<json:item><value>Discrete Mathematics in Computer Science</value>
</json:item>
<json:item><value>Systems and Data Security</value>
</json:item>
<json:item><value>Computer Communication Networks</value>
</json:item>
<json:item><value>Algorithm Analysis and Problem Complexity</value>
</json:item>
</subject>
<isbn><json:string>978-3-642-19073-5</json:string>
</isbn>
<language><json:string>unknown</json:string>
</language>
<eissn><json:string>1611-3349</json:string>
</eissn>
<title>Topics in Cryptology – CT-RSA 2011</title>
<bookId><json:string>978-3-642-19074-2</json:string>
</bookId>
<volume>6558</volume>
<pages><last>179</last>
<first>161</first>
</pages>
<issn><json:string>0302-9743</json:string>
</issn>
<genre><json:string>book-series</json:string>
</genre>
<eisbn><json:string>978-3-642-19074-2</json:string>
</eisbn>
<copyrightDate>2011</copyrightDate>
<doi><json:string>10.1007/978-3-642-19074-2</json:string>
</doi>
</host>
<publicationDate>2011</publicationDate>
<copyrightDate>2011</copyrightDate>
<doi><json:string>10.1007/978-3-642-19074-2_12</json:string>
</doi>
<id>FB032C108B47A12441DBD5E4BCF246ED4B8C8839</id>
<score>1.16777</score>
<fulltext><json:item><extension>pdf</extension>
<original>true</original>
<mimetype>application/pdf</mimetype>
<uri>https://api.istex.fr/document/FB032C108B47A12441DBD5E4BCF246ED4B8C8839/fulltext/pdf</uri>
</json:item>
<json:item><extension>zip</extension>
<original>false</original>
<mimetype>application/zip</mimetype>
<uri>https://api.istex.fr/document/FB032C108B47A12441DBD5E4BCF246ED4B8C8839/fulltext/zip</uri>
</json:item>
<istex:fulltextTEI uri="https://api.istex.fr/document/FB032C108B47A12441DBD5E4BCF246ED4B8C8839/fulltext/tei"><teiHeader><fileDesc><titleStmt><title level="a" type="main" xml:lang="en">Ideal Key Derivation and Encryption in Simulation-Based Security</title>
<respStmt><resp>Références bibliographiques récupérées via GROBID</resp>
<name resp="ISTEX-API">ISTEX-API (INIST-CNRS)</name>
</respStmt>
<respStmt><resp>Références bibliographiques récupérées via GROBID</resp>
<name resp="ISTEX-API">ISTEX-API (INIST-CNRS)</name>
</respStmt>
</titleStmt>
<publicationStmt><authority>ISTEX</authority>
<publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<availability><p>Springer Berlin Heidelberg, 2011</p>
</availability>
<date>2011</date>
</publicationStmt>
<sourceDesc><biblStruct type="inbook"><analytic><title level="a" type="main" xml:lang="en">Ideal Key Derivation and Encryption in Simulation-Based Security</title>
<author xml:id="author-1"><persName><forename type="first">Ralf</forename>
<surname>Küsters</surname>
</persName>
<email>kuesters@uni-trier.de</email>
<affiliation>University of Trier, Germany</affiliation>
</author>
<author xml:id="author-2"><persName><forename type="first">Max</forename>
<surname>Tuengerthal</surname>
</persName>
<email>tuengerthal@uni-trier.de</email>
<affiliation>University of Trier, Germany</affiliation>
</author>
</analytic>
<monogr><title level="m">Topics in Cryptology – CT-RSA 2011</title>
<title level="m" type="sub">The Cryptographers’ Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings</title>
<idno type="pISBN">978-3-642-19073-5</idno>
<idno type="eISBN">978-3-642-19074-2</idno>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="DOI">10.1007/978-3-642-19074-2</idno>
<idno type="book-ID">978-3-642-19074-2</idno>
<idno type="book-title-ID">216708</idno>
<idno type="book-sequence-number">6558</idno>
<idno type="book-volume-number">6558</idno>
<idno type="book-chapter-count">25</idno>
<editor><persName><forename type="first">Aggelos</forename>
<surname>Kiayias</surname>
</persName>
<email>aggelos@kiayias.com</email>
<affiliation>Department of Informatics and Telecommunications, National and Kapodistrian University of Athen, Panepistimiopolis Ilisia, 15784, Athens, Greece</affiliation>
</editor>
<imprint><publisher>Springer Berlin Heidelberg</publisher>
<pubPlace>Berlin, Heidelberg</pubPlace>
<date type="published" when="2011"></date>
<biblScope unit="volume">6558</biblScope>
<biblScope unit="page" from="161">161</biblScope>
<biblScope unit="page" to="179">179</biblScope>
</imprint>
</monogr>
<series><title level="s">Lecture Notes in Computer Science</title>
<editor><persName><forename type="first">David</forename>
<surname>Hutchison</surname>
</persName>
<affiliation>Lancaster University, Lancaster, UK</affiliation>
</editor>
<editor><persName><forename type="first">Takeo</forename>
<surname>Kanade</surname>
</persName>
<affiliation>Carnegie Mellon University, Pittsburgh, PA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Josef</forename>
<surname>Kittler</surname>
</persName>
<affiliation>University of Surrey, Guildford, UK</affiliation>
</editor>
<editor><persName><forename type="first">Jon</forename>
<forename type="first">M.</forename>
<surname>Kleinberg</surname>
</persName>
<affiliation>Cornell University, Ithaca, NY, USA</affiliation>
</editor>
<editor><persName><forename type="first">Friedemann</forename>
<surname>Mattern</surname>
</persName>
<affiliation>ETH Zurich, Zurich, Switzerland</affiliation>
</editor>
<editor><persName><forename type="first">John</forename>
<forename type="first">C.</forename>
<surname>Mitchell</surname>
</persName>
<affiliation>Stanford University, Stanford, CA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Moni</forename>
<surname>Naor</surname>
</persName>
<affiliation>Weizmann Institute of Science, Rehovot, Israel</affiliation>
</editor>
<editor><persName><forename type="first">Oscar</forename>
<surname>Nierstrasz</surname>
</persName>
<affiliation>University of Bern, Bern, Switzerland</affiliation>
</editor>
<editor><persName><forename type="first">C.</forename>
<surname>Pandu Rangan</surname>
</persName>
<affiliation>Indian Institute of Technology, Madras, India</affiliation>
</editor>
<editor><persName><forename type="first">Bernhard</forename>
<surname>Steffen</surname>
</persName>
<affiliation>University of Dortmund, Dortmund, Germany</affiliation>
</editor>
<editor><persName><forename type="first">Madhu</forename>
<surname>Sudan</surname>
</persName>
<affiliation>Massachusetts Institute of Technology, MA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Demetri</forename>
<surname>Terzopoulos</surname>
</persName>
<affiliation>University of California, Los Angeles, CA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Doug</forename>
<surname>Tygar</surname>
</persName>
<affiliation>University of California, Berkeley, CA, USA</affiliation>
</editor>
<editor><persName><forename type="first">Moshe</forename>
<forename type="first">Y.</forename>
<surname>Vardi</surname>
</persName>
<affiliation>Rice University, Houston, TX, USA</affiliation>
</editor>
<editor><persName><forename type="first">Gerhard</forename>
<surname>Weikum</surname>
</persName>
<affiliation>Max-Planck Institute of Computer Science, Saarbrücken, Germany</affiliation>
</editor>
<biblScope><date>2011</date>
</biblScope>
<idno type="pISSN">0302-9743</idno>
<idno type="eISSN">1611-3349</idno>
<idno type="series-Id">558</idno>
</series>
<idno type="istex">FB032C108B47A12441DBD5E4BCF246ED4B8C8839</idno>
<idno type="DOI">10.1007/978-3-642-19074-2_12</idno>
<idno type="ChapterID">12</idno>
<idno type="ChapterID">Chap12</idno>
</biblStruct>
</sourceDesc>
</fileDesc>
<profileDesc><creation><date>2011</date>
</creation>
<langUsage><language ident="en">en</language>
</langUsage>
<abstract xml:lang="en"><p>Abstract: Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.</p>
</abstract>
<textClass><keywords scheme="Book-Subject-Collection"><list><label>SUCO11645</label>
<item><term>Computer Science</term>
</item>
</list>
</keywords>
</textClass>
<textClass><keywords scheme="Book-Subject-Group"><list><label>I</label>
<label>I15033</label>
<label>I17028</label>
<label>I14050</label>
<label>I13022</label>
<label>I16021</label>
<item><term>Computer Science</term>
</item>
<item><term>Data Encryption</term>
</item>
<item><term>Discrete Mathematics in Computer Science</term>
</item>
<item><term>Systems and Data Security</term>
</item>
<item><term>Computer Communication Networks</term>
</item>
<item><term>Algorithm Analysis and Problem Complexity</term>
</item>
</list>
</keywords>
</textClass>
</profileDesc>
<revisionDesc><change when="2011">Published</change>
<change xml:id="refBibs-istex" who="#ISTEX-API" when="2016-11-22">References added</change>
<change xml:id="refBibs-istex" who="#ISTEX-API" when="2017-01-21">References added</change>
</revisionDesc>
</teiHeader>
</istex:fulltextTEI>
<json:item><extension>txt</extension>
<original>false</original>
<mimetype>text/plain</mimetype>
<uri>https://api.istex.fr/document/FB032C108B47A12441DBD5E4BCF246ED4B8C8839/fulltext/txt</uri>
</json:item>
</fulltext>
<metadata><istex:metadataXml wicri:clean="Springer, Publisher found" wicri:toSee="no header"><istex:xmlDeclaration>version="1.0" encoding="UTF-8"</istex:xmlDeclaration>
<istex:docType PUBLIC="-//Springer-Verlag//DTD A++ V2.4//EN" URI="http://devel.springer.de/A++/V2.4/DTD/A++V2.4.dtd" name="istex:docType"></istex:docType>
<istex:document><Publisher><PublisherInfo><PublisherName>Springer Berlin Heidelberg</PublisherName>
<PublisherLocation>Berlin, Heidelberg</PublisherLocation>
</PublisherInfo>
<Series><SeriesInfo SeriesType="Series" TocLevels="0"><SeriesID>558</SeriesID>
<SeriesPrintISSN>0302-9743</SeriesPrintISSN>
<SeriesElectronicISSN>1611-3349</SeriesElectronicISSN>
<SeriesTitle Language="En">Lecture Notes in Computer Science</SeriesTitle>
</SeriesInfo>
<SeriesHeader><EditorGroup><Editor AffiliationIDS="Aff1"><EditorName DisplayOrder="Western"><GivenName>David</GivenName>
<FamilyName>Hutchison</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff2"><EditorName DisplayOrder="Western"><GivenName>Takeo</GivenName>
<FamilyName>Kanade</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff3"><EditorName DisplayOrder="Western"><GivenName>Josef</GivenName>
<FamilyName>Kittler</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff4"><EditorName DisplayOrder="Western"><GivenName>Jon</GivenName>
<GivenName>M.</GivenName>
<FamilyName>Kleinberg</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff5"><EditorName DisplayOrder="Western"><GivenName>Friedemann</GivenName>
<FamilyName>Mattern</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff6"><EditorName DisplayOrder="Western"><GivenName>John</GivenName>
<GivenName>C.</GivenName>
<FamilyName>Mitchell</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff7"><EditorName DisplayOrder="Western"><GivenName>Moni</GivenName>
<FamilyName>Naor</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff8"><EditorName DisplayOrder="Western"><GivenName>Oscar</GivenName>
<FamilyName>Nierstrasz</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff9"><EditorName DisplayOrder="Western"><GivenName>C.</GivenName>
<FamilyName>Pandu Rangan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff10"><EditorName DisplayOrder="Western"><GivenName>Bernhard</GivenName>
<FamilyName>Steffen</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff11"><EditorName DisplayOrder="Western"><GivenName>Madhu</GivenName>
<FamilyName>Sudan</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff12"><EditorName DisplayOrder="Western"><GivenName>Demetri</GivenName>
<FamilyName>Terzopoulos</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff13"><EditorName DisplayOrder="Western"><GivenName>Doug</GivenName>
<FamilyName>Tygar</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff14"><EditorName DisplayOrder="Western"><GivenName>Moshe</GivenName>
<GivenName>Y.</GivenName>
<FamilyName>Vardi</FamilyName>
</EditorName>
</Editor>
<Editor AffiliationIDS="Aff15"><EditorName DisplayOrder="Western"><GivenName>Gerhard</GivenName>
<FamilyName>Weikum</FamilyName>
</EditorName>
</Editor>
<Affiliation ID="Aff1"><OrgName>Lancaster University</OrgName>
<OrgAddress><City>Lancaster</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff2"><OrgName>Carnegie Mellon University</OrgName>
<OrgAddress><City>Pittsburgh</City>
<State>PA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff3"><OrgName>University of Surrey</OrgName>
<OrgAddress><City>Guildford</City>
<Country>UK</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff4"><OrgName>Cornell University</OrgName>
<OrgAddress><City>Ithaca</City>
<State>NY</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff5"><OrgName>ETH Zurich</OrgName>
<OrgAddress><City>Zurich</City>
<Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff6"><OrgName>Stanford University</OrgName>
<OrgAddress><City>Stanford</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff7"><OrgName>Weizmann Institute of Science</OrgName>
<OrgAddress><City>Rehovot</City>
<Country>Israel</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff8"><OrgName>University of Bern</OrgName>
<OrgAddress><City>Bern</City>
<Country>Switzerland</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff9"><OrgName>Indian Institute of Technology</OrgName>
<OrgAddress><City>Madras</City>
<Country>India</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff10"><OrgName>University of Dortmund</OrgName>
<OrgAddress><City>Dortmund</City>
<Country>Germany</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff11"><OrgName>Massachusetts Institute of Technology</OrgName>
<OrgAddress><State>MA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff12"><OrgName>University of California</OrgName>
<OrgAddress><City>Los Angeles</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff13"><OrgName>University of California</OrgName>
<OrgAddress><City>Berkeley</City>
<State>CA</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff14"><OrgName>Rice University</OrgName>
<OrgAddress><City>Houston</City>
<State>TX</State>
<Country>USA</Country>
</OrgAddress>
</Affiliation>
<Affiliation ID="Aff15"><OrgName>Max-Planck Institute of Computer Science</OrgName>
<OrgAddress><City>Saarbrücken</City>
<Country>Germany</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</SeriesHeader>
<Book Language="En"><BookInfo BookProductType="Proceedings" ContainsESM="No" Language="En" MediaType="eBook" NumberingDepth="2" NumberingStyle="ContentOnly" OutputMedium="All" TocLevels="0"><BookID>978-3-642-19074-2</BookID>
<BookTitle>Topics in Cryptology – CT-RSA 2011</BookTitle>
<BookSubTitle>The Cryptographers’ Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings</BookSubTitle>
<BookVolumeNumber>6558</BookVolumeNumber>
<BookSequenceNumber>6558</BookSequenceNumber>
<BookDOI>10.1007/978-3-642-19074-2</BookDOI>
<BookTitleID>216708</BookTitleID>
<BookPrintISBN>978-3-642-19073-5</BookPrintISBN>
<BookElectronicISBN>978-3-642-19074-2</BookElectronicISBN>
<BookChapterCount>25</BookChapterCount>
<BookCopyright><CopyrightHolderName>Springer Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2011</CopyrightYear>
</BookCopyright>
<BookSubjectGroup><BookSubject Code="I" Type="Primary">Computer Science</BookSubject>
<BookSubject Code="I15033" Priority="1" Type="Secondary">Data Encryption</BookSubject>
<BookSubject Code="I17028" Priority="2" Type="Secondary">Discrete Mathematics in Computer Science</BookSubject>
<BookSubject Code="I14050" Priority="3" Type="Secondary">Systems and Data Security</BookSubject>
<BookSubject Code="I13022" Priority="4" Type="Secondary">Computer Communication Networks</BookSubject>
<BookSubject Code="I16021" Priority="5" Type="Secondary">Algorithm Analysis and Problem Complexity</BookSubject>
<SubjectCollection Code="SUCO11645">Computer Science</SubjectCollection>
</BookSubjectGroup>
<BookContext><SeriesID>558</SeriesID>
</BookContext>
</BookInfo>
<BookHeader><EditorGroup><Editor AffiliationIDS="Aff16"><EditorName DisplayOrder="Western"><GivenName>Aggelos</GivenName>
<FamilyName>Kiayias</FamilyName>
</EditorName>
<Contact><Email>aggelos@kiayias.com</Email>
</Contact>
</Editor>
<Affiliation ID="Aff16"><OrgDivision>Department of Informatics and Telecommunications</OrgDivision>
<OrgName>National and Kapodistrian University of Athen</OrgName>
<OrgAddress><Street>Panepistimiopolis Ilisia</Street>
<Postcode>15784</Postcode>
<City>Athens</City>
<Country>Greece</Country>
</OrgAddress>
</Affiliation>
</EditorGroup>
</BookHeader>
<Part ID="Part6"><PartInfo TocLevels="0"><PartID>6</PartID>
<PartSequenceNumber>6</PartSequenceNumber>
<PartTitle>Proofs of Security</PartTitle>
<PartChapterCount>4</PartChapterCount>
<PartContext><SeriesID>558</SeriesID>
<BookTitle>Topics in Cryptology – CT-RSA 2011</BookTitle>
</PartContext>
</PartInfo>
<Chapter ID="Chap12" Language="En"><ChapterInfo ChapterType="OriginalPaper" ContainsESM="No" NumberingDepth="2" NumberingStyle="ContentOnly" TocLevels="0"><ChapterID>12</ChapterID>
<ChapterDOI>10.1007/978-3-642-19074-2_12</ChapterDOI>
<ChapterSequenceNumber>12</ChapterSequenceNumber>
<ChapterTitle Language="En">Ideal Key Derivation and Encryption in Simulation-Based Security</ChapterTitle>
<ChapterFirstPage>161</ChapterFirstPage>
<ChapterLastPage>179</ChapterLastPage>
<ChapterCopyright><CopyrightHolderName>Springer-Verlag Berlin Heidelberg</CopyrightHolderName>
<CopyrightYear>2011</CopyrightYear>
</ChapterCopyright>
<ChapterGrants Type="Regular"><MetadataGrant Grant="OpenAccess"></MetadataGrant>
<AbstractGrant Grant="OpenAccess"></AbstractGrant>
<BodyPDFGrant Grant="Restricted"></BodyPDFGrant>
<BodyHTMLGrant Grant="Restricted"></BodyHTMLGrant>
<BibliographyGrant Grant="Restricted"></BibliographyGrant>
<ESMGrant Grant="Restricted"></ESMGrant>
</ChapterGrants>
<ChapterContext><SeriesID>558</SeriesID>
<PartID>6</PartID>
<BookID>978-3-642-19074-2</BookID>
<BookTitle>Topics in Cryptology – CT-RSA 2011</BookTitle>
</ChapterContext>
</ChapterInfo>
<ChapterHeader><AuthorGroup><Author AffiliationIDS="Aff17"><AuthorName DisplayOrder="Western"><GivenName>Ralf</GivenName>
<FamilyName>Küsters</FamilyName>
</AuthorName>
<Contact><Email>kuesters@uni-trier.de</Email>
</Contact>
</Author>
<Author AffiliationIDS="Aff17"><AuthorName DisplayOrder="Western"><GivenName>Max</GivenName>
<FamilyName>Tuengerthal</FamilyName>
</AuthorName>
<Contact><Email>tuengerthal@uni-trier.de</Email>
</Contact>
</Author>
<Affiliation ID="Aff17"><OrgName>University of Trier</OrgName>
<OrgAddress><Country>Germany</Country>
</OrgAddress>
</Affiliation>
</AuthorGroup>
<Abstract ID="Abs1" Language="En"><Heading>Abstract</Heading>
<Para>Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols.</Para>
<Para>Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments.</Para>
<Para>As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.</Para>
</Abstract>
<KeywordGroup Language="En"><Heading>Keywords</Heading>
<Keyword>security protocols</Keyword>
<Keyword>compositional analysis</Keyword>
<Keyword>simulation-based security</Keyword>
</KeywordGroup>
<ArticleNote Type="Misc"><SimplePara>This work was partially supported by the DFG under Grant KU 1434/5-1 and KU 1434/6-1.</SimplePara>
</ArticleNote>
</ChapterHeader>
<NoBody></NoBody>
</Chapter>
</Part>
</Book>
</Series>
</Publisher>
</istex:document>
</istex:metadataXml>
<mods version="3.6"><titleInfo lang="en"><title>Ideal Key Derivation and Encryption in Simulation-Based Security</title>
</titleInfo>
<titleInfo type="alternative" contentType="CDATA" lang="en"><title>Ideal Key Derivation and Encryption in Simulation-Based Security</title>
</titleInfo>
<name type="personal"><namePart type="given">Ralf</namePart>
<namePart type="family">Küsters</namePart>
<affiliation>University of Trier, Germany</affiliation>
<affiliation>E-mail: kuesters@uni-trier.de</affiliation>
<role><roleTerm type="text">author</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Max</namePart>
<namePart type="family">Tuengerthal</namePart>
<affiliation>University of Trier, Germany</affiliation>
<affiliation>E-mail: tuengerthal@uni-trier.de</affiliation>
<role><roleTerm type="text">author</roleTerm>
</role>
</name>
<typeOfResource>text</typeOfResource>
<genre type="conference" displayLabel="OriginalPaper"></genre>
<originInfo><publisher>Springer Berlin Heidelberg</publisher>
<place><placeTerm type="text">Berlin, Heidelberg</placeTerm>
</place>
<dateIssued encoding="w3cdtf">2011</dateIssued>
<copyrightDate encoding="w3cdtf">2011</copyrightDate>
</originInfo>
<language><languageTerm type="code" authority="rfc3066">en</languageTerm>
<languageTerm type="code" authority="iso639-2b">eng</languageTerm>
</language>
<physicalDescription><internetMediaType>text/html</internetMediaType>
</physicalDescription>
<abstract lang="en">Abstract: Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.</abstract>
<relatedItem type="host"><titleInfo><title>Topics in Cryptology – CT-RSA 2011</title>
<subTitle>The Cryptographers’ Track at the RSA Conference 2011, San Francisco, CA, USA, February 14-18, 2011. Proceedings</subTitle>
</titleInfo>
<name type="personal"><namePart type="given">Aggelos</namePart>
<namePart type="family">Kiayias</namePart>
<affiliation>Department of Informatics and Telecommunications, National and Kapodistrian University of Athen, Panepistimiopolis Ilisia, 15784, Athens, Greece</affiliation>
<affiliation>E-mail: aggelos@kiayias.com</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<genre type="book-series" displayLabel="Proceedings"></genre>
<originInfo><copyrightDate encoding="w3cdtf">2011</copyrightDate>
<issuance>monographic</issuance>
</originInfo>
<subject><genre>Book-Subject-Collection</genre>
<topic authority="SpringerSubjectCodes" authorityURI="SUCO11645">Computer Science</topic>
</subject>
<subject><genre>Book-Subject-Group</genre>
<topic authority="SpringerSubjectCodes" authorityURI="I">Computer Science</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I15033">Data Encryption</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I17028">Discrete Mathematics in Computer Science</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I14050">Systems and Data Security</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I13022">Computer Communication Networks</topic>
<topic authority="SpringerSubjectCodes" authorityURI="I16021">Algorithm Analysis and Problem Complexity</topic>
</subject>
<identifier type="DOI">10.1007/978-3-642-19074-2</identifier>
<identifier type="ISBN">978-3-642-19073-5</identifier>
<identifier type="eISBN">978-3-642-19074-2</identifier>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="BookTitleID">216708</identifier>
<identifier type="BookID">978-3-642-19074-2</identifier>
<identifier type="BookChapterCount">25</identifier>
<identifier type="BookVolumeNumber">6558</identifier>
<identifier type="BookSequenceNumber">6558</identifier>
<identifier type="PartChapterCount">4</identifier>
<part><date>2011</date>
<detail type="part"><title>Proofs of Security</title>
</detail>
<detail type="volume"><number>6558</number>
<caption>vol.</caption>
</detail>
<extent unit="pages"><start>161</start>
<end>179</end>
</extent>
</part>
<recordInfo><recordOrigin>Springer Berlin Heidelberg, 2011</recordOrigin>
</recordInfo>
</relatedItem>
<relatedItem type="series"><titleInfo><title>Lecture Notes in Computer Science</title>
</titleInfo>
<name type="personal"><namePart type="given">David</namePart>
<namePart type="family">Hutchison</namePart>
<affiliation>Lancaster University, Lancaster, UK</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Takeo</namePart>
<namePart type="family">Kanade</namePart>
<affiliation>Carnegie Mellon University, Pittsburgh, PA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Josef</namePart>
<namePart type="family">Kittler</namePart>
<affiliation>University of Surrey, Guildford, UK</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Jon</namePart>
<namePart type="given">M.</namePart>
<namePart type="family">Kleinberg</namePart>
<affiliation>Cornell University, Ithaca, NY, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Friedemann</namePart>
<namePart type="family">Mattern</namePart>
<affiliation>ETH Zurich, Zurich, Switzerland</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">John</namePart>
<namePart type="given">C.</namePart>
<namePart type="family">Mitchell</namePart>
<affiliation>Stanford University, Stanford, CA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Moni</namePart>
<namePart type="family">Naor</namePart>
<affiliation>Weizmann Institute of Science, Rehovot, Israel</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Oscar</namePart>
<namePart type="family">Nierstrasz</namePart>
<affiliation>University of Bern, Bern, Switzerland</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">C.</namePart>
<namePart type="family">Pandu Rangan</namePart>
<affiliation>Indian Institute of Technology, Madras, India</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Bernhard</namePart>
<namePart type="family">Steffen</namePart>
<affiliation>University of Dortmund, Dortmund, Germany</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Madhu</namePart>
<namePart type="family">Sudan</namePart>
<affiliation>Massachusetts Institute of Technology, MA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Demetri</namePart>
<namePart type="family">Terzopoulos</namePart>
<affiliation>University of California, Los Angeles, CA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Doug</namePart>
<namePart type="family">Tygar</namePart>
<affiliation>University of California, Berkeley, CA, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Moshe</namePart>
<namePart type="given">Y.</namePart>
<namePart type="family">Vardi</namePart>
<affiliation>Rice University, Houston, TX, USA</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<name type="personal"><namePart type="given">Gerhard</namePart>
<namePart type="family">Weikum</namePart>
<affiliation>Max-Planck Institute of Computer Science, Saarbrücken, Germany</affiliation>
<role><roleTerm type="text">editor</roleTerm>
</role>
</name>
<originInfo><copyrightDate encoding="w3cdtf">2011</copyrightDate>
<issuance>serial</issuance>
</originInfo>
<identifier type="ISSN">0302-9743</identifier>
<identifier type="eISSN">1611-3349</identifier>
<identifier type="SeriesID">558</identifier>
<recordInfo><recordOrigin>Springer Berlin Heidelberg, 2011</recordOrigin>
</recordInfo>
</relatedItem>
<identifier type="istex">FB032C108B47A12441DBD5E4BCF246ED4B8C8839</identifier>
<identifier type="DOI">10.1007/978-3-642-19074-2_12</identifier>
<identifier type="ChapterID">12</identifier>
<identifier type="ChapterID">Chap12</identifier>
<accessCondition type="use and reproduction" contentType="copyright">Springer Berlin Heidelberg, 2011</accessCondition>
<recordInfo><recordContentSource>SPRINGER</recordContentSource>
<recordOrigin>Springer-Verlag Berlin Heidelberg, 2011</recordOrigin>
</recordInfo>
</mods>
</metadata>
</istex>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Rhénanie/explor/UnivTrevesV1/Data/Istex/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 001B57 | SxmlIndent | more

HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 001B57 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Rhénanie
   |area=    UnivTrevesV1
   |flux=    Istex
   |étape=   Corpus
   |type=    RBID
   |clé=     ISTEX:FB032C108B47A12441DBD5E4BCF246ED4B8C8839
   |texte=   Ideal Key Derivation and Encryption in Simulation-Based Security
}}

This area was generated with Dilib version V0.6.31.
Data generation: Sat Jul 22 16:29:01 2017. Site generation: Wed Feb 28 14:55:37 2024

	Serveur d'exploration sur l'Université de Trèves
	Attention, ce site est en cours de développement ! Attention, site généré par des moyens informatiques à partir de corpus bruts. Les informations ne sont donc pas validées.

Serveur d'exploration sur l'Université de Trèves

Ideal Key Derivation and Encryption in Simulation-Based Security

Ideal Key Derivation and Encryption in Simulation-Based Security

Source :

Abstract

Links to Exploration step

Le document en format XML

Pour manipuler ce document sous Unix (Dilib)

Pour mettre un lien sur cette page dans le réseau Wicri