Introduction / 1: |
The Key Distribution Problem / 1.1: |
Solution: Key Establishment Protocols / 1.2: |
Computer Security Approach / 1.2.1: |
Computational Complexity Approach / 1.2.2: |
Research Objectives and Deliverables / 1.2.3: |
Structure of Book and Contributions to Knowledge / 1.3: |
References |
Background Materials / 2: |
Mathematical Background / 2.1: |
Abstract Algebra and the Main Groups / 2.1.1: |
Bilinear Maps from Elliptic Curve Pairings / 2.1.2: |
Computational Problems and Assumptions / 2.1.3: |
Cryptographic Tools / 2.1.4: |
Encryption Schemes: Asymmetric Setting / 2.1.4.1: |
Encryption Schemes: Symmetric Setting / 2.1.4.2: |
Digital Signature Schemes / 2.1.4.3: |
Message Authentication Codes / 2.1.4.4: |
Cryptographic Hash Functions / 2.1.4.5: |
Random Oracles / 2.1.4.6: |
Key Establishment Protocols and their Basis / 2.2: |
Protocol Architectures / 2.2.1: |
Existing Cryptographic Keys / 2.2.1.1: |
Method of Session Key Generation / 2.2.1.2: |
Number of Entities / 2.2.1.3: |
Protocol Goals and Attacks / 2.2.2: |
Protocol Goals / 2.2.2.1: |
Additional Security Attributes / 2.2.2.2: |
Types of Attacks / 2.2.2.3: |
A Need for Rigorous Treatment / 2.2.2.4: |
The Computational Complexity Approach / 2.3: |
Adversarial Powers / 2.3.1: |
Definition of Freshness / 2.3.2: |
Definition of Security / 2.3.3: |
The Bellare-Rogaway Models / 2.3.4: |
The BR93 Model / 2.3.4.1: |
The BR95 Model / 2.3.4.2: |
The BPR2000 Model / 2.3.4.3: |
The Canetti-Krawczyk Model / 2.3.5: |
Protocol Security / 2.3.6: |
Summary / 2.4: |
A Flawed BR95 Partnership Function / 3: |
A Flaw in the Security Proof for 3PKD Protocol / 3.1: |
The 3PKD Protocol / 3.1.1: |
Key Replicating Attack on 3PKD Protocol / 3.1.2: |
The Partner Function used in the BR95 Proof / 3.1.3: |
A Revised 3PKD Protocol in Bellare-Rogaway Model / 3.2: |
Defining SIDs in the 3PKD Protocol / 3.2.1: |
An Improved Provably Secure 3PKD Protocol / 3.2.2: |
Security Proof for the Improved 3PKD Protocol / 3.2.3: |
Adaptive MAC Forger F / 3.2.3.1: |
Multiple Eavesdropper Attacker ME / 3.2.3.2: |
Conclusion of Proof / 3.2.3.3: |
On The Key Sharing Requirement / 3.3: |
Bellare-Rogaway 3PKD Protocol in CK2001 Model / 4.1: |
New Attack on 3PKD Protocol / 4.1.1: |
A New Provably-Secure 3PKD Protocol in CK2001 Model / 4.1.3: |
Jeong-Katz-Lee Protocol JP2 / 4.2: |
Protocol JP2 / 4.2.1: |
New Attack on Protocol JP2 / 4.2.2: |
An Improved Protocol JP2 / 4.2.3: |
The Key Sharing Requirement / 4.3: |
Comparison of Bellare-Rogaway and Canetti-Krawczyk Models / 4.4: |
Relating The Notions of Security / 5.1: |
Proving BR93 (EA+KE) to BPR2000 (EA+KE) / 5.1.1: |
Proof for the key establishment goal / 5.1.1.1: |
Proof for the entity authentication goal / 5.1.1.2: |
Proving CK2001 to BPR2000 (KE) / 5.1.2: |
Proving CK2001 to BR93 (KE) / 5.1.3: |
BR93 (KE) to BR95 and BR93 (KE), CK2001 [not left arrow] BR95 / 5.1.4: |
BR93 (KE)/CK2001 [not left arrow] BPR2000 (KE) / 5.1.5: |
CK2001 [not left arrow] BR93 (EA+KE) / 5.1.6: |
BR93 (KE) [not left arrow] CK2001 / 5.1.7: |
BPR200 (KE) [not left arrow] BR95 / 5.1.8: |
A Drawback in the BPR2000 Model / 5.2: |
Case Study: Abdalla-Pointcheval 3PAKE / 5.2.1: |
Unknown Key Share Attack on 3PAKE / 5.2.2: |
An Extension to the Bellare-Rogaway Model / 5.3: |
A Provably-Secure Revised Protocol of Boyd / 6.1: |
Secure Authenticated Encryption Schemes / 6.1.1: |
Revised Protocol of Boyd / 6.1.2: |
Security Proof / 6.1.3: |
Integrity attacker / 6.1.3.1: |
Confidentiality attacker / 6.1.3.2: |
Conclusion of Security Proof / 6.1.3.3: |
An Extension to the BR93 Model / 6.2: |
An Efficient Protocol in Extended Model / 6.3: |
An Efficient Protocol / 6.3.1: |
Integrity Breaker / 6.3.2: |
Confidentiality Breaker / 6.3.2.2: |
Comparative Security and Efficiency / 6.3.2.3: |
A Proof of Revised Yahalom Protocol / 6.5: |
The Yahalom Protocol and its Simplified Version / 7.1: |
A New Provably-Secure Protocol / 7.2: |
Proof for Protocol 7.2 / 7.2.1: |
Conclusion of Proof for Theorem 7.2.1 / 7.2.1.1: |
An Extension to Protocol 7.2 / 7.2.2: |
Partnering Mechanism: A Brief Discussion / 7.3: |
Errors in Computational Complexity Proofs for Protocols / 7.4: |
Boyd-Gonzalez Nieto Protocol / 8.1: |
Unknown Key Share Attack on Protocol / 8.1.1: |
An Improved Conference Key Agreement Protocol / 8.1.2: |
Limitations of Existing Proof / 8.1.3: |
Jakobsson-Pointcheval MAKEP / 8.2: |
Unknown Key Share Attack on JP-MAKEP / 8.2.1: |
Flaws in Existing Security Proof for JP-MAKEP / 8.2.2: |
Wong-Chan MAKEP / 8.3: |
A New Attack on WC-MAKEP / 8.3.1: |
Preventing the Attack / 8.3.2: |
Flaws in Existing Security Proof for WC-MAKEP / 8.3.3: |
An MT-Authenticator / 8.4: |
Encryption-Based MT-Authenticator / 8.4.1: |
Flaw in Existing Security Proof Revealed / 8.4.2: |
Addressing the Flaw / 8.4.3: |
An Example Protocol as a Case Study / 8.4.4: |
On Session Key Construction / 8.5: |
Chen-Kudla ID-Based Protocol / 9.1: |
The ID-Based Protocol / 9.1.1: |
Existing Arguments on Restriction of Reveal Query / 9.1.2: |
Improved Chen-Kudla Protocol / 9.1.3: |
Security Proof for Improved Chen-Kudla Protocol / 9.1.4: |
McCullagh-Barreto 2P-IDAKA Protocol / 9.2: |
The 2P-IDAKA Protocol / 9.2.1: |
Why Reveal Query is Restricted / 9.2.2: |
Errors in Existing Proof for 2P-IDAKA Protocol / 9.2.3: |
Error 1 / 9.2.3.1: |
Error 2 / 9.2.3.2: |
Improved 2P-IDAKA Protocol / 9.2.4: |
A Proposal for Session Key Construction / 9.3: |
Another Case Study / 9.4: |
Reflection Attack on Lee-Kim-Yoo Protocol / 9.4.1: |
Complementing Computational Protocol Analysis / 9.4.2: |
The Formal Framework / 10.1: |
Analysing a Provably-Secure Protocol / 10.2: |
Protocol Specification / 10.2.1: |
Initial State of Protocol 10.1 / 10.2.1.1: |
Step 1 of Protocol 10.1 / 10.2.1.2: |
A Malicious State Transition / 10.2.1.3: |
Protocol Analysis / 10.2.2: |
Hijacking Attack / 10.2.2.1: |
New Attack 1 / 10.2.2.2: |
New Attack 2 / 10.2.2.3: |
Analysing Another Two Protocols With Claimed Proofs of Security / 10.3: |
Analysis of Protocol 10.2 / 10.3.1: |
Analysis of Protocol 10.3 / 10.3.1.2: |
Flaws in Refuted Proofs / 10.3.2: |
A Possible Fix / 10.3.3: |
Analysing Protocols with Heuristic Security Arguments / 10.4: |
Case Studies / 10.4.1: |
Jan-Chen Mutual Protocol / 10.4.1.1: |
Yang-Shen-Shieh Protocol / 10.4.1.2: |
Kim-Huh-Hwang-Lee Protocol / 10.4.1.3: |
Lin-Sun-Hwang Key Protocols MDHEKE I and II / 10.4.1.4: |
Yeh-Sun Key Protocol / 10.4.1.5: |
Protocol Analyses / 10.4.2: |
Protocol Analysis 1 / 10.4.2.1: |
Protocol Analysis 2 / 10.4.2.2: |
Protocol Analysis 3 / 10.4.2.3: |
Protocol Analysis 4 / 10.4.2.4: |
Protocol Analysis 5 / 10.4.2.5: |
Protocol Analysis 6 / 10.4.2.6: |
Protocol Analysis 7 / 10.4.2.7: |
An Integrative Framework to Protocol Analysis and Repair / 10.5: |
Case Study Protocol / 11.1: |
Proposed Integrative Framework / 11.2: |
Protocols Specification / 11.2.1: |
Defining SIDs in Protocol 11.1 / 11.2.1.1: |
Description of Goal State / 11.2.1.2: |
Description of Possible Actions / 11.2.1.3: |
Protocols Analysis / 11.2.2: |
Protocol Repair / 11.2.3: |
Conclusion and Future Work / 11.3: |
Research Summary / 12.1: |
Open Problems and Future Directions / 12.2: |
Index |
Introduction / 1: |
The Key Distribution Problem / 1.1: |
Solution: Key Establishment Protocols / 1.2: |