Learn More
Proofs are invaluable tools in assuring protocol implementers about the security properties of protocols. However, several instances of undetected flaws in the proofs of protocols (resulting in flawed protocols) undermine the credibility of provably-secure protocols. In this work, we examine several protocols with claimed proofs of security by Boyd & Using(More)
A definition of secure multi-party key exchange in the Canetti-Krawczyk proof model is proposed, followed by a proof of the security of the Joux tripartite key agreement protocol according to that definition. The Joux protocol is then combined with two authentication mechanisms to produce a variety of provably secure key agreement protocols. The properties(More)
We examine various indistinguishability-based proof models for key establishment protocols, proof models. We then consider several variants of these proof models, identify several subtle differences between these variants and models, and compare the relative strengths of the notions of security between the models. For each of the pair of relations between(More)
We examine the role of session identifiers (SIDs) in security proofs for key establishment protocols. After reviewing the practical importance of SIDs we use as a case study the three-party server-based key distribution (3PKD) protocol of Bellare and Rogaway, proven secure in 1995. We show incidentally that the partnership function used in the existing(More)
We examine the role of session key construction in provably-secure key establishment protocols. We revisit an ID-based key establishment protocol due to Chen & Kudla (2003) and an ID-based protocol 2P-IDAKA due to McCullagh & Barreto (2005). Both protocols carry proofs of security in a weaker variant of the Bellare & Rogaway (1993) model where the adversary(More)
A password-based authentication mechanism, first proposed by Halevi and Krawczyk, is used to formally describe a password-based authenticator in the Canetti-Krawczyk proof model. A proof of the security of the authenticator is provided. The possible practical applications of the authenticator are demonstrated by applying it to two key exchange protocols(More)
We observe that the definitions of security in the computational complexity proof models of Bellare & Rogaway (1993) and Canetti & Krawczyk (2001) require two partners in the presence of a malicious adversary to accept the same session key, which we term a key sharing requirement. We then revisit the Bellare–Rogaway three-party key distribution (3PKD)(More)