publication . Preprint . 2016

Security Protocols in a Nutshell

Toorani, Mohsen;
Open Access English
  • Published: 31 May 2016
Abstract
Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of protocols. Specifically, it clarifies differences between information-theoretic and computational security, and computational and symbolic models. Furthermore, a survey on comp...
Subjects
free text keywords: Computer Science - Cryptography and Security, 94A60, E.3, K.6.5, D.4.6, K.6.m
Related Organizations
Download from
177 references, page 1 of 12

1 Introduction 1 1.1 Security attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Security services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Security mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2 Taxonomy of attacks 3 2.1 Attacks on security protocols . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Attacks on encryption schemes . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 Attacks on implementations . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 Security models 14 3.1 Information-theoretic vs computational security . . . . . . . . . . . . . . 15 3.2 Idealized models in computational security . . . . . . . . . . . . . . . . . 16 3.3 Formal security models . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.4 Security proofs in reality . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

4 Security models for cryptographic protocols 20 4.1 AKE protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.1.1 Security models for AKE protocols . . . . . . . . . . . . . . . . . 23 4.1.2 PAKE protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 4.2 Formal verification of Security Protocols . . . . . . . . . . . . . . . . . . 36

[93] D. X. Song, D. Wagner, and X. Tian, “Timing analysis of keystrokes and timing attacks on ssh,” in Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, ser. SSYM'01. Berkeley, CA, USA: USENIX Association, 2001. [Online]. Available: http://dl.acm.org/citation.cfm?id=1251327.1251352

[94] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Advances in Cryptology - CRYPTO'99, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 1999, vol. 1666, pp. 388-397. [OpenAIRE]

[95] J.-J. Quisquater and D. Samyde, “Electromagnetic analysis (ema): Measures and counter-measures for smart cards,” in Smart Card Programming and Security, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2001, vol. 2140, pp. 200-210. [Online]. Available: http://dx.doi.org/10.1007/3-540-45418-7 17 [OpenAIRE]

[96] K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic analysis: Concrete results,” in Cryptographic Hardware and Embedded Systems - CHES'01, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2001, vol. 2162, pp. 251-261. [Online]. Available: http://dx.doi.org/10.1007/3-540-44709-1 21 [OpenAIRE]

[97] M. Vuagnoux and S. Pasini, “Compromising electromagnetic emanations of wired and wireless keyboards,” in Proceedings of the 18th Conference on USENIX Security Symposium, ser. SSYM'09. Berkeley, CA, USA: USENIX Association, 2009, pp. 1-16. [Online]. Available: http://dl.acm.org/citation.cfm?id=1855768. 1855769 [OpenAIRE]

[98] D. Genkin, A. Shamir, and E. Tromer, “RSA key extraction via low-bandwidth acoustic cryptanalysis,” in Advances in Cryptology - CRYPTO'14, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2014, vol. 8616, pp. 444-461. [OpenAIRE]

[99] D. Asonov and R. Agrawal, “Keyboard acoustic emanations,” in Proceedings of the IEEE Symposium on Security and Privacy, May 2004, pp. 3-11.

[100] L. Zhuang, F. Zhou, and J. D. Tygar, “Keyboard acoustic emanations revisited,” ACM Trans. Inf. Syst. Secur., vol. 13, no. 1, pp. 3:1-3:26, Nov. 2009.

[101] S. Vaudenay, “Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS...” in Advances in Cryptology - EUROCRYPT 2002, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2002, vol. 2332, pp. 534-545. [OpenAIRE]

[102] A. K. Yau, K. G. Paterson, and C. J. Mitchell, “Padding oracle attacks on cbc-mode encryption with secret and random ivs,” in Fast Software Encryption, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2005, vol. 3557, pp. 299-319.

[103] J. Manger, “A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS#1 v2.0,” in Advances in Cryptology - CRYPTO 2001, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2001, vol. 2139, pp. 230-238.

177 references, page 1 of 12
Abstract
Security protocols are building blocks in secure communications. They deploy some security mechanisms to provide certain security services. Security protocols are considered abstract when analyzed, but they can have extra vulnerabilities when implemented. This manuscript provides a holistic study on security protocols. It reviews foundations of security protocols, taxonomy of attacks on security protocols and their implementations, and different methods and models for security analysis of protocols. Specifically, it clarifies differences between information-theoretic and computational security, and computational and symbolic models. Furthermore, a survey on comp...
Subjects
free text keywords: Computer Science - Cryptography and Security, 94A60, E.3, K.6.5, D.4.6, K.6.m
Related Organizations
Download from
177 references, page 1 of 12

1 Introduction 1 1.1 Security attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Security services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Security mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3

2 Taxonomy of attacks 3 2.1 Attacks on security protocols . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Attacks on encryption schemes . . . . . . . . . . . . . . . . . . . . . . . 8 2.3 Attacks on implementations . . . . . . . . . . . . . . . . . . . . . . . . . 11

3 Security models 14 3.1 Information-theoretic vs computational security . . . . . . . . . . . . . . 15 3.2 Idealized models in computational security . . . . . . . . . . . . . . . . . 16 3.3 Formal security models . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 3.4 Security proofs in reality . . . . . . . . . . . . . . . . . . . . . . . . . . . 19

4 Security models for cryptographic protocols 20 4.1 AKE protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 4.1.1 Security models for AKE protocols . . . . . . . . . . . . . . . . . 23 4.1.2 PAKE protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 4.2 Formal verification of Security Protocols . . . . . . . . . . . . . . . . . . 36

[93] D. X. Song, D. Wagner, and X. Tian, “Timing analysis of keystrokes and timing attacks on ssh,” in Proceedings of the 10th Conference on USENIX Security Symposium - Volume 10, ser. SSYM'01. Berkeley, CA, USA: USENIX Association, 2001. [Online]. Available: http://dl.acm.org/citation.cfm?id=1251327.1251352

[94] P. Kocher, J. Jaffe, and B. Jun, “Differential power analysis,” in Advances in Cryptology - CRYPTO'99, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 1999, vol. 1666, pp. 388-397. [OpenAIRE]

[95] J.-J. Quisquater and D. Samyde, “Electromagnetic analysis (ema): Measures and counter-measures for smart cards,” in Smart Card Programming and Security, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2001, vol. 2140, pp. 200-210. [Online]. Available: http://dx.doi.org/10.1007/3-540-45418-7 17 [OpenAIRE]

[96] K. Gandolfi, C. Mourtel, and F. Olivier, “Electromagnetic analysis: Concrete results,” in Cryptographic Hardware and Embedded Systems - CHES'01, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2001, vol. 2162, pp. 251-261. [Online]. Available: http://dx.doi.org/10.1007/3-540-44709-1 21 [OpenAIRE]

[97] M. Vuagnoux and S. Pasini, “Compromising electromagnetic emanations of wired and wireless keyboards,” in Proceedings of the 18th Conference on USENIX Security Symposium, ser. SSYM'09. Berkeley, CA, USA: USENIX Association, 2009, pp. 1-16. [Online]. Available: http://dl.acm.org/citation.cfm?id=1855768. 1855769 [OpenAIRE]

[98] D. Genkin, A. Shamir, and E. Tromer, “RSA key extraction via low-bandwidth acoustic cryptanalysis,” in Advances in Cryptology - CRYPTO'14, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2014, vol. 8616, pp. 444-461. [OpenAIRE]

[99] D. Asonov and R. Agrawal, “Keyboard acoustic emanations,” in Proceedings of the IEEE Symposium on Security and Privacy, May 2004, pp. 3-11.

[100] L. Zhuang, F. Zhou, and J. D. Tygar, “Keyboard acoustic emanations revisited,” ACM Trans. Inf. Syst. Secur., vol. 13, no. 1, pp. 3:1-3:26, Nov. 2009.

[101] S. Vaudenay, “Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS...” in Advances in Cryptology - EUROCRYPT 2002, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2002, vol. 2332, pp. 534-545. [OpenAIRE]

[102] A. K. Yau, K. G. Paterson, and C. J. Mitchell, “Padding oracle attacks on cbc-mode encryption with secret and random ivs,” in Fast Software Encryption, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2005, vol. 3557, pp. 299-319.

[103] J. Manger, “A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS#1 v2.0,” in Advances in Cryptology - CRYPTO 2001, ser. Lecture Notes in Computer Science. Springer Berlin Heidelberg, 2001, vol. 2139, pp. 230-238.

177 references, page 1 of 12
Any information missing or wrong?Report an Issue