Paper 2010/295

Ideal Key Derivation and Encryption in Simulation-based Security

Ralf Kuesters and Max Tuengerthal

Abstract

Many real-world protocols, such as SSL/TLS, SSH, IPsec, IEEE 802.11i, DNSSEC, and Kerberos, derive new keys from other keys. To be able to analyze such protocols in a composable way, in this paper we extend an ideal functionality for symmetric and public-key encryption proposed in previous work by a mechanism for key derivation. We also equip this functionality with message authentication codes (MACs) and ideal nonce generation. We show that the resulting ideal functionality can be realized based on standard cryptographic assumptions and constructions, hence, providing a solid foundation for faithful, composable cryptographic analysis of real-world security protocols. Based on this new functionality, we identify sufficient criteria for protocols to provide universally composable key exchange and secure channels. Since these criteria are based on the new ideal functionality, checking the criteria requires merely information-theoretic or even only syntactical arguments, rather than involved reduction arguments. As a case study, we use our method to analyze two central protocols of the IEEE 802.11i standard, namely the 4-Way Handshake Protocol and the CCM Protocol, proving composable security properties. As to the best of our knowledge, this constitutes the first rigorous cryptographic analysis of these protocols.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
simulation-based security
Contact author(s)
tuengerthal @ uni-trier de
History
2010-10-11: last of 2 revisions
2010-05-25: received
See all versions
Short URL
https://ia.cr/2010/295
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2010/295,
      author = {Ralf Kuesters and Max Tuengerthal},
      title = {Ideal Key Derivation and Encryption in Simulation-based Security},
      howpublished = {Cryptology {ePrint} Archive, Paper 2010/295},
      year = {2010},
      url = {https://eprint.iacr.org/2010/295}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.