A Computational Analysis of the Needham-Schroeder Protocol

Bogdan Warinschi

A Computational Analysis of the Needham-Schroeder Protocol

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

Abstract

We provide the first computational analysis of the well known Needham-\Schroeder(-Lowe) protocol. We show that Lowe's attack to the original protocol can naturally be cast to the computational framework. Then we prove that chosen-plaintext security for encryption schemes is not sufficient to ensure soundness of formal proofs with respect to the computational setting, by exhibiting an attack against the corrected version of the protocol implemented using an ElGamal encryption scheme. Our main result is a proof that, when implemented using an encryption scheme that satisfies indistinguishability under chosen-ciphertext attack, the Needham-\Schroeder-Lowe protocol is indeed a secure mutual authentication protocol. The technical details of our proof reveal new insights regarding the relation between formal and computational models for system security.

Translated title of the contribution	A Computational Analysis of the Needham-Schroeder protocol
Original language	English
Title of host publication	Proceedings of 16th Computer Science Foundation Workshop
Publisher	IEEE Computer Society
Pages	248-260
Volume	-
Publication status	Published - 2003

Bibliographical note

Other page information: 248-262
Conference Proceedings/Title of Journal: Proceedings of 16th Computer Science Foundation Workshop
Other identifier: 2000646

Access to Document

http://www.cs.bris.ac.uk/Publications/pub_master.jsp?id=2000646

Handle.net

Persistent link

Cite this

@inproceedings{77f55128c50f49c38e1c9b28fd3a0f9a,

title = "A Computational Analysis of the Needham-Schroeder Protocol",

abstract = "We provide the first computational analysis of the well known Needham-\textbackslash{}Schroeder(-Lowe) protocol. We show that Lowe's attack to the original protocol can naturally be cast to the computational framework. Then we prove that chosen-plaintext security for encryption schemes is not sufficient to ensure soundness of formal proofs with respect to the computational setting, by exhibiting an attack against the corrected version of the protocol implemented using an ElGamal encryption scheme. Our main result is a proof that, when implemented using an encryption scheme that satisfies indistinguishability under chosen-ciphertext attack, the Needham-\textbackslash{}Schroeder-Lowe protocol is indeed a secure mutual authentication protocol. The technical details of our proof reveal new insights regarding the relation between formal and computational models for system security. ",

author = "Bogdan Warinschi",

note = "Other page information: 248-262 Conference Proceedings/Title of Journal: Proceedings of 16th Computer Science Foundation Workshop Other identifier: 2000646",

year = "2003",

language = "English",

volume = "-",

pages = "248--260",

booktitle = "Proceedings of 16th Computer Science Foundation Workshop",

publisher = "IEEE Computer Society",

address = "United States",

}

TY - GEN

T1 - A Computational Analysis of the Needham-Schroeder Protocol

AU - Warinschi, Bogdan

N1 - Other page information: 248-262 Conference Proceedings/Title of Journal: Proceedings of 16th Computer Science Foundation Workshop Other identifier: 2000646

PY - 2003

Y1 - 2003

N2 - We provide the first computational analysis of the well known Needham-\Schroeder(-Lowe) protocol. We show that Lowe's attack to the original protocol can naturally be cast to the computational framework. Then we prove that chosen-plaintext security for encryption schemes is not sufficient to ensure soundness of formal proofs with respect to the computational setting, by exhibiting an attack against the corrected version of the protocol implemented using an ElGamal encryption scheme. Our main result is a proof that, when implemented using an encryption scheme that satisfies indistinguishability under chosen-ciphertext attack, the Needham-\Schroeder-Lowe protocol is indeed a secure mutual authentication protocol. The technical details of our proof reveal new insights regarding the relation between formal and computational models for system security.

AB - We provide the first computational analysis of the well known Needham-\Schroeder(-Lowe) protocol. We show that Lowe's attack to the original protocol can naturally be cast to the computational framework. Then we prove that chosen-plaintext security for encryption schemes is not sufficient to ensure soundness of formal proofs with respect to the computational setting, by exhibiting an attack against the corrected version of the protocol implemented using an ElGamal encryption scheme. Our main result is a proof that, when implemented using an encryption scheme that satisfies indistinguishability under chosen-ciphertext attack, the Needham-\Schroeder-Lowe protocol is indeed a secure mutual authentication protocol. The technical details of our proof reveal new insights regarding the relation between formal and computational models for system security.

M3 - Conference Contribution (Conference Proceeding)

VL - -

SP - 248

EP - 260

BT - Proceedings of 16th Computer Science Foundation Workshop

PB - IEEE Computer Society

ER -

A Computational Analysis of the Needham-Schroeder Protocol

Abstract

Bibliographical note

Access to Document

Handle.net

Fingerprint

Cite this