Authentication and authenticated key exchanges

Diffie, Whitfield; Oorschot, Paul C. van; Wiener, Michael J.

doi:10.1007/bf00124891

Cited by 852 publications

(452 citation statements)

References 28 publications

Supporting

Mentioning

442

Contrasting

Unclassified

Order By: Relevance

“…Among the early works on this subject we note [30,10,7,16] as being instrumental in pointing out to the many subtleties involved in the analysis of ke protocols. The first complexity-theoretic treatment of the notion of security for ke protocols is due to Bellare and Rogaway [5] who formalize the security of ke protocols in the realistic setting of concurrent sessions running in an adversarycontrolled network.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

Canetti

Krawczyk

2001

Lecture Notes in Computer Science

1,131

1,017

View full text Add to dashboard Cite

Abstract. We present a formalism for the analysis of key-exchange protocols that combines previous definitional approaches and results in a definition of security that enjoys some important analytical benefits: (i) any key-exchange protocol that satisfies the security definition can be composed with symmetric encryption and authentication functions to provide provably secure communication channels (as defined here); and (ii) the definition allows for simple modular proofs of security: one can design and prove security of key-exchange protocols in an idealized model where the communication links are perfectly authenticated, and then translate them using general tools to obtain security in the realistic setting of adversary-controlled links. We exemplify the usability of our results by applying them to obtain the proof of two classes of key-exchange protocols, Diffie-Hellman and key-transport, authenticated via symmetric or asymmetric techniques.

show abstract

Section: Related Workmentioning

confidence: 99%

“…The design and analysis of secure ke protocols has proved to be a non-trivial task, with a large body of work written on the topic, including [15,30,10,7,16,5,6], [26,2,34] and many more. In fact, even today, after two decades of research, some important issues remain without satisfactory treatment.…”

Section: Introductionmentioning

confidence: 99%

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

Canetti

Krawczyk

2001

Lecture Notes in Computer Science

1,131

1,017

View full text Add to dashboard Cite

show abstract

“…The term (perfect) "forward secrecy" was first used in [12] in the context of session key exchange protocols, and later in [8]. The basic idea, as described in [8], is that compromise of long-term keys does not compromise past session keys, meaning that past actions are protected in some way against loss of the current key, the same basic idea as here in a different context. The above paradigm and the idea of a digital scheme with forward security were suggested by Ross Andersen in an invited lecture at the ACM CCS conference [1].…”

Section: Forward Secure Signaturesmentioning

confidence: 99%

A Forward-Secure Digital Signature Scheme

Bellare

Miner

1999

Lecture Notes in Computer Science

405

366

View full text Add to dashboard Cite

Abstract. We describe a digital signature scheme in which the public key is fixed but the secret signing key is updated at regular intervals so as to provide a forward security property: compromise of the current secret key does not enable an adversary to forge signatures pertaining to the past. This can be useful to mitigate the damage caused by key exposure without requiring distribution of keys. Our construction uses ideas from the Fiat-Shamir and Ong-Schnorr identification and signature schemes, and is proven to be forward secure based on the hardness of factoring, in the random oracle model. The construction is also quite efficient.

show abstract

“…The depth and difficulty come from the distributed, multi-party nature of mutual entity authentication. Typically, the requirement is that the beliefs, actions and actual achievements of all principals match [6,7] despite malicious activity.…”

Section: A Glance At Traditional Authenticationmentioning

confidence: 99%

Authentication for Pervasive Computing

Creese

Goldsmith

Roscoe

et al. 2004

Security in Pervasive Computing

View full text Add to dashboard Cite

Abstract. Key management is fundamental to communications security, and for security in pervasive computing sound key management is particularly difficult. However, sound key management itself depends critically on sound authentication. In this paper we review current notions of entity authentication and discuss why we believe these notions are unsuitable for the pervasive domain. We then present our views on how notions of authentication should be revised to address the challenges of the pervasive domain, and some of the new research problems that will arise. We end with some brief thoughts on how our revised notions may be implemented and some of the problems that may be encountered.

show abstract

Authentication and authenticated key exchanges

Cited by 852 publications

References 28 publications

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels

A Forward-Secure Digital Signature Scheme

Authentication for Pervasive Computing

Contact Info

Product

Resources

About