Systematic design of two-party authentication protocols

Ray Bird; Inder Gopal; Amir Herzberg; Phil Janson; Shay Kutten; Refik Molva; Moti Yung

doi:10.1007/3-540-46766-1_3

Systematic design of two-party authentication protocols

Ray Bird, Inder Gopal, Amir Herzberg, Phil Janson, Shay Kutten, Refik Molva, Moti Yung

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

67 Scopus citations

Abstract

We investigate protocols for authenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such ‘solutions’ can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the ISO. We present a new authenticated exchange protocol which is both provably secure and highly efficient and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which was strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem. The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols.

Original language	English
Title of host publication	Advances in Cryptology — CRYPTO 1991, Proceedings
Editors	Joan Feigenbaum
Publisher	Springer Verlag
Pages	44-61
Number of pages	18
ISBN (Print)	9783540551881
DOIs	https://doi.org/10.1007/3-540-46766-1_3
State	Published - 1992
Externally published	Yes
Event	11th Confrence on Advances in Cryptology, CRYPTO 1991 - Santa Barbara, United States Duration: 11 Aug 1991 → 15 Aug 1991

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	576 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	11th Confrence on Advances in Cryptology, CRYPTO 1991
Country/Territory	United States
City	Santa Barbara
Period	11/08/91 → 15/08/91

Bibliographical note

Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 1992.

Access to Document

10.1007/3-540-46766-1_3

Cite this

Bird, R., Gopal, I., Herzberg, A., Janson, P., Kutten, S., Molva, R., & Yung, M. (1992). Systematic design of two-party authentication protocols. In J. Feigenbaum (Ed.), Advances in Cryptology — CRYPTO 1991, Proceedings (pp. 44-61). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 576 LNCS). Springer Verlag. https://doi.org/10.1007/3-540-46766-1_3

@inproceedings{c5abe7cfb43141a2b606b29af4e5be7c,

title = "Systematic design of two-party authentication protocols",

abstract = "We investigate protocols for authenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such {\textquoteleft}solutions{\textquoteright} can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the ISO. We present a new authenticated exchange protocol which is both provably secure and highly efficient and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which was strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem. The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols.",

author = "Ray Bird and Inder Gopal and Amir Herzberg and Phil Janson and Shay Kutten and Refik Molva and Moti Yung",

note = "Publisher Copyright: {\textcopyright} Springer-Verlag Berlin Heidelberg 1992.; 11th Confrence on Advances in Cryptology, CRYPTO 1991 ; Conference date: 11-08-1991 Through 15-08-1991",

year = "1992",

doi = "10.1007/3-540-46766-1_3",

language = "אנגלית",

isbn = "9783540551881",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "44--61",

editor = "Joan Feigenbaum",

booktitle = "Advances in Cryptology — CRYPTO 1991, Proceedings",

address = "גרמניה",

}

Bird, R, Gopal, I, Herzberg, A, Janson, P, Kutten, S, Molva, R & Yung, M 1992, Systematic design of two-party authentication protocols. in J Feigenbaum (ed.), Advances in Cryptology — CRYPTO 1991, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 576 LNCS, Springer Verlag, pp. 44-61, 11th Confrence on Advances in Cryptology, CRYPTO 1991, Santa Barbara, United States, 11/08/91. https://doi.org/10.1007/3-540-46766-1_3

Systematic design of two-party authentication protocols. / Bird, Ray; Gopal, Inder; Herzberg, Amir et al.
Advances in Cryptology — CRYPTO 1991, Proceedings. ed. / Joan Feigenbaum. Springer Verlag, 1992. p. 44-61 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 576 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Systematic design of two-party authentication protocols

AU - Bird, Ray

AU - Gopal, Inder

AU - Herzberg, Amir

AU - Janson, Phil

AU - Kutten, Shay

AU - Molva, Refik

AU - Yung, Moti

PY - 1992

Y1 - 1992

N2 - We investigate protocols for authenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such ‘solutions’ can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the ISO. We present a new authenticated exchange protocol which is both provably secure and highly efficient and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which was strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem. The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols.

AB - We investigate protocols for authenticated exchange of messages between two parties in a communication network. Secure authenticated exchange is essential for network security. It is not difficult to design simple and seemingly correct solutions for it, however, many such ‘solutions’ can be broken. We give some examples of such protocols and we show a useful methodology which can be used to break many protocols. In particular, we break a protocol that is being standardized by the ISO. We present a new authenticated exchange protocol which is both provably secure and highly efficient and practical. The security of the protocol is proven, based on an assumption about the the cryptosystem employed (namely, that it is secure when used in CBC mode on a certain message space). We think that this assumption is quite reasonable for many cryptosystems, and furthermore it is often assumed in practical use of the DES cryptosystem. Our protocol cannot be broken using the methodology we present (which was strong enough to catch all protocol flaws we found). The reduction to the security of the encryption mode, indeed captures the non-existence of the exposures that the methodology catches (specialized to the actual use of encryption in our protocol). Furthermore, the protocol prevents chosen plaintext or ciphertext attacks on the cryptosystem. The proposed protocol is efficient and practical in several aspects. First, it uses only conventional cryptography (like the DES, or any privately-shared one-way function) and no public-key. Second, the protocol does not require synchronized clocks or counter management. Third, only a small number of encryption operations is needed (we use no decryption), all with a single shared key. In addition, only three messages are exchanged during the protocol, and the size of these messages is minimal. These properties are similar to existing and proposed actual protocols. This is essential for integration of the proposed protocol into existing systems and embedding it in existing communication protocols.

UR - http://www.scopus.com/inward/record.url?scp=85016462400&partnerID=8YFLogxK

U2 - 10.1007/3-540-46766-1_3

DO - 10.1007/3-540-46766-1_3

M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???

AN - SCOPUS:85016462400

SN - 9783540551881

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 44

EP - 61

BT - Advances in Cryptology — CRYPTO 1991, Proceedings

A2 - Feigenbaum, Joan

PB - Springer Verlag

T2 - 11th Confrence on Advances in Cryptology, CRYPTO 1991

Y2 - 11 August 1991 through 15 August 1991

ER -

Bird R, Gopal I, Herzberg A, Janson P, Kutten S, Molva R et al. Systematic design of two-party authentication protocols. In Feigenbaum J, editor, Advances in Cryptology — CRYPTO 1991, Proceedings. Springer Verlag. 1992. p. 44-61. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/3-540-46766-1_3

Systematic design of two-party authentication protocols

Abstract

Publication series

Conference

Bibliographical note

Access to Document

Other files and links

Fingerprint

Cite this