Abstract
Cryptographic protocols have usually been designed at an abstract level without concern for the cryptographic algorithms used in implementation. In this paper it is shown that the abstract protocol definition can have an important effect on the ability of an attacker to mount a successful attack on an implementation. In particular, it will be determined whether an adversary is able to generate corresponding pairs of plaintext and ciphertext to use as a lever in compromising secret keys. The ideas are illustrated by analysis of two well-known authentication systems which have been used in practice. They are Kerberos and KryptoKnight. It is shown that for the Kerberos protocol, an adversary can acquire at will an unlimited number of known plaintext-ciphertext pairs. Similarly, an adversary in the KryptoKnight system can acquire an unlimited number of data pairs which, by a less direct means, can be seen to be cryptanalytically equivalent to known plaintext-ciphertext pairs. We propose new protocols, using key derivation techniques, which achieve the same end goals as these others without this undesirable feature.
This work is funded by the UK Engineering and Physical Sciences Research Council under research grant GR/G19787.
Chapter PDF
References
R.J. Anderson and R.M.A. Lomas. On fortifying key negotiation schemes with poorly chosen passwords. Computer Laboratory, University of Cambridge (obtained from personal contact), 1994.
S.M. Bellovin and M. Merritt. Encrypted key exchange: Password-based protocols secure against dictionary attacks. In Proceedings of the 1992 IEEE Symposium on Research in Security and Privacy, 1992.
E. Biham and A. Shamir. Differential Cryptanalysis of the Data Encryption Standard. Springer Verlag, 1993.
R. Bird, I. Gopal, A. Herzberg, P. Janson, S. Kutten, R. Molva, and M. Yung. Systematic design of two-party authentication protocols. In Crypto '91, LNCS, 1991.
E.F. Brickell and A.M. Odlyzko. Cryptanalysis, A Survey of Recent Results, pages 501–540. IEEE Press, 1992.
D.E. Denning and G.M. Sacco. Timestamps in key distribution protocols. C.ACM, 24(8):533–536, August 1981.
W. Diffie and M.E. Hellman. New directions in cryptography. IEEE Trans. Info. Theory, IT-22(6):644–654, 1976.
W. Diffie, P.C. Van Oorschot, and M. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, 2:107–125, 1992.
E. Evan, W. Kantrowitz, and E. Weiss. A user authentication scheme not requiring secrecy in the computer. C.ACM, 17:437–442, 1974.
L. Gong. Using one-way function for authentication. Computer Communication Review, 19(5):8–11, 1989.
L. Gong. Authentication, key distribution, and secure broadcast in computer networks using no encryption or decryption. Technical Report SRI-CSL-94-08, SRI International, 1994.
ISO/IEC. N 739, DIS 9798-2, information technology — security techniques — entity authentication mechanisms — part 2: Entity authentication using symmetric techniques, 1993-08-13.
ISO/IEC. CD 11770-2: Key management, part 2: Key management mechanisms using symmetric techniques, 1993-10-03.
J. Kohl and C. Neuman. The Kerberos network authentication service (v5). Internet Archive RFC 1510, September 1993.
W. Mao and C. Boyd. Development of authentication protocols: Some misconceptions and a new approach. In Computer Security Foundations Workshop VII. IEEE Computer Society Press, 1994.
R.C. Merkle. Secure communications over insecure channels. C.ACM, 21:294–299, 1978.
S.P. Miller, C. Neuman, J.I. Schiller, and J.H. Saltzer. Kerberos authentication and authorization system. Project Athena Technical Plan Section E.2.1, 1987.
R. Molva, G. Tsudik, E. van Herreweghen, and S. Zatti. Kryptoknight authentication and key distribution system. In ESORICS '92, LNCS 648, pages 155–174, 1992.
R.M. Needham and M.D. Schroeder. Using encryption for authentication in large networks of computers. C.ACM, 21(12):993–999, 1978.
D. Otway and O. Rees. Efficient and timely mutual authentication. Operating Systems Review, Vol 21(1):8–10, 1987.
R.L. Rivest, A. Shamir, and L. Adleman. A method for obtaining digital signatures and public-key cryptosystems. C.ACM, 21:120–126, 1976.
B. Schneier. Applied Cryptography. John Wiley & Sons, 1994.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1994 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mao, W., Boyd, C. (1994). On strengthening authentication protocols to foil cryptanalysis. In: Gollmann, D. (eds) Computer Security — ESORICS 94. ESORICS 1994. Lecture Notes in Computer Science, vol 875. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-58618-0_64
Download citation
DOI: https://doi.org/10.1007/3-540-58618-0_64
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-58618-0
Online ISBN: 978-3-540-49034-0
eBook Packages: Springer Book Archive