Paper 2011/406

Composition Theorems Without Pre-Established Session Identifiers

Ralf Kuesters and Max Tuengerthal

Abstract

Canetti's universal composition theorem and the joint state composition theorems by Canetti and Rabin are useful and widely employed tools for the modular design and analysis of cryptographic protocols. However, these theorems assume that parties participating in a protocol session have pre-established a unique session ID (SID). While the use of such SIDs is a good design principle, existing protocols, in particular real-world security protocols, typically do not use pre-established SIDs, at least not explicitly and not in the particular way stipulated by the theorems. As a result, the composition theorems cannot be applied for analyzing such protocols in a modular and faithful way. In this paper, we therefore present universal and joint state composition theorems which do not assume pre-established SIDs. In our joint state composition theorem, the joint state is an ideal functionality which supports several cryptographic operations, including public-key encryption, (authenticated and unauthenticated) symmetric encryption, MACs, digital signatures, and key derivation. This functionality has recently been proposed by Küsters and Tuengerthal and has been shown to be realizable under standard cryptographic assumptions and for a reasonable class of environments. We demonstrate the usefulness of our composition theorems by several case studies on real-world security protocols, including IEEE 802.11i, SSL/TLS, SSH, IPsec, and EAP-PSK. While our applications focus on real-world security protocols, our theorems, models, and techniques should be useful beyond this domain.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Keywords
universal composition theoremscomposition with joint statereal-world security protocols
Contact author(s)
tuengerthal @ uni-trier de
History
2011-08-11: revised
2011-07-30: received
See all versions
Short URL
https://ia.cr/2011/406
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/406,
      author = {Ralf Kuesters and Max Tuengerthal},
      title = {Composition Theorems Without Pre-Established Session Identifiers},
      howpublished = {Cryptology ePrint Archive, Paper 2011/406},
      year = {2011},
      note = {\url{https://eprint.iacr.org/2011/406}},
      url = {https://eprint.iacr.org/2011/406}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.