Downgrade resilience in key-exchange protocols
Key-exchange protocols such as TLS, SSH, IPsec, and ZRTP are highly configurable, with
typical deployments supporting multiple protocol versions, cryptographic algorithms and …
typical deployments supporting multiple protocol versions, cryptographic algorithms and …
Examining indistinguishability-based security models for key exchange protocols: the case of CK, CK-HMQV, and eCK
C Cremers - Proceedings of the 6th ACM Symposium on Information …, 2011 - dl.acm.org
Many recent key exchange (KE) protocols have been proven secure in the CK, CK-HMQV,
or eCK security models. The exact relation between these security models, and hence the …
or eCK security models. The exact relation between these security models, and hence the …
No-match attacks and robust partnering definitions: defining trivial attacks for security protocols is not trivial
Y Li, S Schäge - Proceedings of the 2017 ACM SIGSAC Conference on …, 2017 - dl.acm.org
An essential cornerstone of the definition of security for key exchange protocols is the notion
of partnering. The de-facto standard definition of partnering is that of (partial) matching …
of partnering. The de-facto standard definition of partnering is that of (partial) matching …
Composition theorems without pre-established session identifiers
R Küsters, M Tuengerthal - Proceedings of the 18th ACM conference on …, 2011 - dl.acm.org
Canetti's universal composition theorem and the joint state composition theorems by Canetti
and Rabin are useful and widely employed tools for the modular design and analysis of …
and Rabin are useful and widely employed tools for the modular design and analysis of …
Formally and practically relating the CK, CK-HMQV, and eCK security models for authenticated key exchange
CJF Cremers - Cryptology ePrint Archive, 2009 - eprint.iacr.org
Many recent key exchange (KE) protocols have been proven secure in the CK, CK-HMQV,
or eCK security models. The exact relation between these security models, and hence …
or eCK security models. The exact relation between these security models, and hence …
A modular security analysis of EAP and IEEE 802.11
C Brzuska, H Jacobsen - IACR International Workshop on Public Key …, 2017 - Springer
We conduct a reduction-based security analysis of the Extensible Authentication Protocol
(EAP), a widely used three-party authentication framework. We show that the main EAP …
(EAP), a widely used three-party authentication framework. We show that the main EAP …
Falsifiability, Composability, and Comparability of Game-based Security Models for Key Exchange Protocols
A security proof for a key exchange protocol requires writing down a security definition.
Authors typically have a clear idea of the level of security they aim to achieve, eg, forward …
Authors typically have a clear idea of the level of security they aim to achieve, eg, forward …
Ideal key derivation and encryption in simulation-based security
R Küsters, M Tuengerthal - Cryptographers' Track at the RSA Conference, 2011 - Springer
Many real-world protocols, such as SSL/TLS, SSH, IPsec, DNSSEC, IEEE 802.11 i, and
Kerberos, derive new keys from other keys. To be able to analyze such protocols in a …
Kerberos, derive new keys from other keys. To be able to analyze such protocols in a …
The threat of forcing the identical roles for authenticated key establishment protocols
E Alekseev, S Kyazhin, S Smyshlyaev - Journal of Computer Virology and …, 2024 - Springer
The paper considers the following situation: as a result of interaction under the authenticated
key establishment protocol, the parties successfully establish a common key and correctly …
key establishment protocol, the parties successfully establish a common key and correctly …