Information Security Seminar 

20/02/2009, 16:15 — 17:15 — Room P3.10, Mathematics Building
Manuel Bernardo Barbosa, Universidade do Minho

Security Analysis of Standard Authentication and Key Agreement Protocols Utilising Timestamps

We propose a generic modelling technique that can be used to extend existing frameworks for the theoretical security analysis of cryptographic protocols in order to formally capture the use of timestamps. For concreteness, we apply this technique to two of the most popular models adopted in literature: the family of models stemming from the work of Bellare and Rogaway (BR) and the model proposed by Canetti and Krawczyk (CK). We analyse previous results obtained using these models in light of the proposed extensions, and demonstrate their application to a new class of protocols. In the timed CK model we concentrate on modular design and analysis of protocols. We show that the original authenticated and unauthenticated models are not made redundant by their timed variants: one can still use them to analyse time-independent protocols, and the results naturally carry over to the timed models. Moreover, we propose a more efficient timed authenticator relying on timestamps. The structure of this new authenticator and the security proof we provide imply that a signature-based unilateral authentication mechanism standardised in ISO-9798 is secure for message authentication. Finally, we use our timed extension to the BR model to establish the security of an efficient ISO protocol for key transport and unilateral entity authentication, for which no proof of security was previously available.