Ideal Key Derivation and Encryption in Simulation-Based Security
Identifieur interne : 000980 ( Main/Exploration ); précédent : 000979; suivant : 000981Ideal Key Derivation and Encryption in Simulation-Based Security
Auteurs : Ralf Küsters [Allemagne] ; Max Tuengerthal [Allemagne]Source :
- Lecture Notes in Computer Science [ 0302-9743 ] ; 2011.
Abstract
Abstract: Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.
Url:
DOI: 10.1007/978-3-642-19074-2_12
Affiliations:
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 001B57
- to stream Istex, to step Curation: 001A40
- to stream Istex, to step Checkpoint: 000193
- to stream Main, to step Merge: 000A11
- to stream Main, to step Curation: 000980
Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Ideal Key Derivation and Encryption in Simulation-Based Security</title><author><name sortKey="Kusters, Ralf" sort="Kusters, Ralf" uniqKey="Kusters R" first="Ralf" last="Küsters">Ralf Küsters</name></author><author><name sortKey="Tuengerthal, Max" sort="Tuengerthal, Max" uniqKey="Tuengerthal M" first="Max" last="Tuengerthal">Max Tuengerthal</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:FB032C108B47A12441DBD5E4BCF246ED4B8C8839</idno><date when="2011" year="2011">2011</date><idno type="doi">10.1007/978-3-642-19074-2_12</idno><idno type="url">https://api.istex.fr/document/FB032C108B47A12441DBD5E4BCF246ED4B8C8839/fulltext/pdf</idno><idno type="wicri:Area/Istex/Corpus">001B57</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">001B57</idno><idno type="wicri:Area/Istex/Curation">001A40</idno><idno type="wicri:Area/Istex/Checkpoint">000193</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">000193</idno><idno type="wicri:doubleKey">0302-9743:2011:Kusters R:ideal:key:derivation</idno><idno type="wicri:Area/Main/Merge">000A11</idno><idno type="wicri:Area/Main/Curation">000980</idno><idno type="wicri:Area/Main/Exploration">000980</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Ideal Key Derivation and Encryption in Simulation-Based Security</title><author><name sortKey="Kusters, Ralf" sort="Kusters, Ralf" uniqKey="Kusters R" first="Ralf" last="Küsters">Ralf Küsters</name><affiliation wicri:level="1"><country xml:lang="fr">Allemagne</country><wicri:regionArea>University of Trier</wicri:regionArea></affiliation><affiliation wicri:level="1"><country wicri:rule="url">Allemagne</country></affiliation></author><author><name sortKey="Tuengerthal, Max" sort="Tuengerthal, Max" uniqKey="Tuengerthal M" first="Max" last="Tuengerthal">Max Tuengerthal</name><affiliation wicri:level="1"><country xml:lang="fr">Allemagne</country><wicri:regionArea>University of Trier</wicri:regionArea></affiliation><affiliation wicri:level="1"><country wicri:rule="url">Allemagne</country></affiliation></author></analytic><monogr></monogr><series><title level="s">Lecture Notes in Computer Science</title><imprint><date>2011</date></imprint><idno type="ISSN">0302-9743</idno><idno type="eISSN">1611-3349</idno><idno type="ISSN">0302-9743</idno></series><idno type="istex">FB032C108B47A12441DBD5E4BCF246ED4B8C8839</idno><idno type="DOI">10.1007/978-3-642-19074-2_12</idno><idno type="ChapterID">12</idno><idno type="ChapterID">Chap12</idno></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0302-9743</idno></seriesStmt></fileDesc><profileDesc><textClass></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11i, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs), digital signatures, and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.</div></front></TEI><affiliations><list><country><li>Allemagne</li></country></list><tree><country name="Allemagne"><noRegion><name sortKey="Kusters, Ralf" sort="Kusters, Ralf" uniqKey="Kusters R" first="Ralf" last="Küsters">Ralf Küsters</name></noRegion><name sortKey="Kusters, Ralf" sort="Kusters, Ralf" uniqKey="Kusters R" first="Ralf" last="Küsters">Ralf Küsters</name><name sortKey="Tuengerthal, Max" sort="Tuengerthal, Max" uniqKey="Tuengerthal M" first="Max" last="Tuengerthal">Max Tuengerthal</name><name sortKey="Tuengerthal, Max" sort="Tuengerthal, Max" uniqKey="Tuengerthal M" first="Max" last="Tuengerthal">Max Tuengerthal</name></country></tree></affiliations></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Rhénanie/explor/UnivTrevesV1/Data/Main/Exploration
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000980 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Exploration/biblio.hfd -nk 000980 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Rhénanie
|area= UnivTrevesV1
|flux= Main
|étape= Exploration
|type= RBID
|clé= ISTEX:FB032C108B47A12441DBD5E4BCF246ED4B8C8839
|texte= Ideal Key Derivation and Encryption in Simulation-Based Security
}}
| This area was generated with Dilib version V0.6.31. |  |