Results 1  10
of
11
Robustness Principles for Public Key Protocols
, 1995
"... : We present a number of attacks, some new, on public key protocols. We also advance a number of principles which may help designers avoid many of the pitfalls, and help attackers spot errors which can be exploited. 1 Introduction Cryptographic protocols are typically used to identify a user to a co ..."
Abstract

Cited by 126 (9 self)
 Add to MetaCart
(Show Context)
: We present a number of attacks, some new, on public key protocols. We also advance a number of principles which may help designers avoid many of the pitfalls, and help attackers spot errors which can be exploited. 1 Introduction Cryptographic protocols are typically used to identify a user to a computer system, to authenticate a transaction, or to set up a key. They typically involve the exchange of about 25 messages, and they are very easy to get wrong: bugs have been found in well known protocols years after they were first published. This is quite remarkable; after all, a protocol is a kind of program, and one would expect to get any other program of this size right by staring at it for a while. A number of remedies have been proposed. One approach is formal mathematical proof, and can range from systematic protocol verification techniques such as the BAN logic [BAN89] to the casebycase reduction of security claims to the intractability of some problem such as factoring. Anot...
Authenticated Group Key Agreement and Friends
, 1998
"... Many modern computing environments involve dynamic peer groups. Distributed simulation, multiuser games, conferencing and replicated servers are just a few examples. Given the openness of today's networks, communication among group members must be secure and, at the same time, efficient. This ..."
Abstract

Cited by 97 (6 self)
 Add to MetaCart
Many modern computing environments involve dynamic peer groups. Distributed simulation, multiuser games, conferencing and replicated servers are just a few examples. Given the openness of today's networks, communication among group members must be secure and, at the same time, efficient. This paper studies the problem of authenticated key agreement in dynamic peer groups with the emphasis on efficient and provably secure key authentication, key confirmation and integrity. It begins by considering 2party authenticated key agreement and extends the results to Group DiffieHellman key agreement. In the process, some new security properties (unique to groups) are discussed. 1 Introduction This paper is concerned with security services in the context of dynamic peer groups (DPGs). Such groups are common in many network protocol layers and in many areas of modern computing and the solution to their security needs, in particular key management, are still open research challenges [19]. Exa...
Authenticated MultiParty Key Agreement
, 1996
"... We examine multiparty key agreement protocols that provide (i) key authentication, (ii) key confirmation and (iii) forward secrecy. Several minor (repairable) attacks are presented against previous twoparty key agreement schemes and a model for key agreement is presented that provably provides the ..."
Abstract

Cited by 77 (2 self)
 Add to MetaCart
We examine multiparty key agreement protocols that provide (i) key authentication, (ii) key confirmation and (iii) forward secrecy. Several minor (repairable) attacks are presented against previous twoparty key agreement schemes and a model for key agreement is presented that provably provides the properties listed above. A generalization of the BurmesterDesmedt model (Eurocrypt '94) for multiparty key agreement is given, allowing a transformation of any twoparty key agreement scheme into a multiparty scheme. Multiparty schemes (based on the general model and two specific 2party schemes) are presented that reduce the number of rounds required for key computation compared to the specific BurmesterDesmedt scheme. It is also shown how the specific BurmesterDesmedt scheme fails to provide key authentication. 1991 AMS Classification: 94A60 CR Categories: D.4.6 Key Words: multiparty, key agreement, key authentication, key confirmation, forward secrecy. Carleton University, Sc...
Keyless jam resistance
 in Proc. 8th Annual IEEE SMC Information Assurance Workshop (IAW
, 2007
"... Traditionally, omnidirectional, radio frequency (RF) communication has been made resistant to jamming by the use of a secret key that is shared by the sender and receiver. There are no known methods for achieving jam resistance without that shared key. Unfortunately, wireless communication is now re ..."
Abstract

Cited by 25 (5 self)
 Add to MetaCart
(Show Context)
Traditionally, omnidirectional, radio frequency (RF) communication has been made resistant to jamming by the use of a secret key that is shared by the sender and receiver. There are no known methods for achieving jam resistance without that shared key. Unfortunately, wireless communication is now reaching a scale and a level of importance where such secretkey systems are becoming impractical. For example, the civilian side of the Global Positioning System (GPS) cannot use a shared secret, since that secret would have to be given to all 6.5 billion potential users, and so would no longer be secret. So civilian GPS cannot currently be protected from jamming. But the FAA has stated that the civilian airline industry will transition to using GPS for all navigational aids, even during landings. A terrorist with a simple jamming system could wreak havoc at a major airport. No existing system can solve this problem, and the problem itself has not even been widely discussed. The problem of keyless jam resistance is important. There is a great need for a system that can broadcast messages without any prior secret shared between the sender and receiver. We propose the first system for keyless jam resistance: the BBC algorithm. We describe the encoding, decoding, and broadcast algorithms. We then analyze it for expected resistance to jamming and error rates. We show that BBC can achieve the same level of jam resistance as traditional spread spectrum systems, at just under half the bit rate, and with no shared secret. Furthermore, a hybrid system can achieve the same average bit rate as traditional systems. I.
JAMRESISTANT COMMUNICATION WITHOUT SHARED SECRETS THROUGH THE USE OF CONCURRENT CODES
, 2007
"... We consider the problem of establishing jamresistant, wireless, omnidirectional communication channels when there is no initial shared secret. No existing system achieves this. We propose a general algorithm for this problem, the BBC algorithm, and give several instantiations of it. We develop an ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
We consider the problem of establishing jamresistant, wireless, omnidirectional communication channels when there is no initial shared secret. No existing system achieves this. We propose a general algorithm for this problem, the BBC algorithm, and give several instantiations of it. We develop and analyze this algorithm within the framework of a new type of code, concurrent codes, which are those superimposed codes that allow efficient decoding. Finally, we propose the Universal Concurrent Code algorithm, and prove that it covers all possible concurrent codes, and give connections between its theory and that of monotone Boolean functions.
Associative oneway functions: A new paradigm for secretkey agreement and digital signatures
, 1993
"... We propose associative oneway functions as a new cryptographic paradigm for exchanging secret keys and for signing digital documents. First, we precisely define these functions and establish some of their basic properties. Next, generalizing a theorem of Selman, we constructively prove that they e ..."
Abstract

Cited by 13 (1 self)
 Add to MetaCart
We propose associative oneway functions as a new cryptographic paradigm for exchanging secret keys and for signing digital documents. First, we precisely define these functions and establish some of their basic properties. Next, generalizing a theorem of Selman, we constructively prove that they exist if and only if P 6 = NP. In addition, we exhibit an implementation based on integer multiplication. We present a novel protocol that enables two parties to agree on a secret key, and we discuss the security of this protocol. Finally, we generalize our protocol to enable two or more parties to agree on a secret key, and we present a similar protocol for signing documents.
An observation on associative oneway functions in complexity theory
 INFORMATION PROCESSING LETTERS
, 1997
"... We introduce the notion of associative oneway functions and prove that they exist if and only if P != NP. As evidence of their utility, we present two novel protocols that apply strong forms of these functions to achieve secret key agreement and digital signatures. ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
We introduce the notion of associative oneway functions and prove that they exist if and only if P != NP. As evidence of their utility, we present two novel protocols that apply strong forms of these functions to achieve secret key agreement and digital signatures.
Jam resistant communications without shared secrets
 in Proceedings of the 3 rd International Conference on Information Warfare and Security
, 2008
"... Distribution A, Approved for public release, distribution unlimited Abstract. We consider the problem of establishing jamresistant, wireless, omnidirectional communication channels when there is no initial shared secret. No existing system achieves this. We propose a general algorithm for this prob ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
Distribution A, Approved for public release, distribution unlimited Abstract. We consider the problem of establishing jamresistant, wireless, omnidirectional communication channels when there is no initial shared secret. No existing system achieves this. We propose a general algorithm for this problem, the BBC algorithm, and give several instantiations of it. We develop and analyze this algorithm within the framework of a new type of code, concurrent codes, which are those superimposed codes that allow efficient decoding. Finally, we propose the Universal Concurrent Code algorithm, and prove that it covers all possible concurrent codes, and give connections between its theory and that of monotone Boolean functions.
Survey on Security Requirements and Models for Group Key Exchange
, 2008
"... In this report we provide an analytical survey on security issues that are relevant for group key exchange (GKE) protocols. We start with the description of the security requirements that have been informally described in the literature and widely used to analyze security of earlier GKE protocols. M ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
In this report we provide an analytical survey on security issues that are relevant for group key exchange (GKE) protocols. We start with the description of the security requirements that have been informally described in the literature and widely used to analyze security of earlier GKE protocols. Most of these definitions were originally stated for twoparty protocols and then adapted to a group setting. These informal definitions are foundational for the later appeared formal security models for GKE protocols whose