Skip to main content
SpringerLink
Log in

User-mediated authentication protocols and unforgeability in key collision

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

User interaction constitutes a largely unexplored field in protocol analysis, even in instances where the user takes an active role as a trusted third party, such as in the Internet of Things (IoT) device initialization protocols. Initializing the formal modeling of 3-party authentication protocols where one party is a physical user, this research introduces the 3-party possession user-mediated authentication (3-PUMA) model. The 3-PUMA model addresses active user participation in a protocol which is designed to authenticate possession of a fixed data string—such as in IoT device commissioning. Using the 3-PUMA model, we provide a computational analysis of the ISO/IEC 9798-6:2010 standard’s Mechanism 7a authentication protocol which includes a user interface and interaction as well as a device-to-device channel. Furthermore, we introduce existential unforgeability under key collision attacks (EUF-KCA) and provide a corresponding security experiment. We show that the security of ISO/IEC 9798-6:2010 Mechanism 7a relies upon EUF-KCA MAC security. Since it is unknown whether any standardized MAC algorithm achieves EUF-KCA security, this research demonstrates a potential vulnerability in the standard.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. Naturally, it is possible that two users each possess one of the devices participating in the authentication protocol. However, by requiring the user to behave honestly and reliably perform protocol steps, there is no conceptual difference between multiple users and a single user in possession of all devices.

References

  1. Anderson, R.J., Needham, R.M.: Robustness principles for public key protocols. In: Coppersmith, D. (ed.) CRYPTO’95. LNCS, vol. 963, pp. 236–247. Springer, Heidelberg (1995)

  2. Andreeva, E., Bogdanov, A., Mennink, B.: Towards understanding the known-key security of block ciphers. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 348–366. Springer, Heidelberg (2014)

  3. Applebaum, B., Harnik, D., Ishai, Y. (2011) Semantic security under related-key attacks and applications. In: Chazelle, B. (ed.) ICS 2011, pp. 45–60. Tsinghua University Press

  4. Basin, David, Cremers, Cas, Meier, Simon: Provably repairing the ISO/IEC 9798 standard for entity authentication. Principles of Security and Trust, pp. 129–148. Springer, Berlin (2012)

    Chapter  Google Scholar 

  5. Bellare, M., Cash, D.: Pseudorandom functions and permutations provably secure against related-key attacks. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 666–684. Springer, Heidelberg (2010)

  6. Bellare, M., Cash, D., Miller, R.: Cryptography secure against related-key attacks and tampering. In: Lee D.H., Wang X. (eds.) ASIACRYPT 2011, vol. 7073 of LNCS, pp. 486–503. Springer, Heidelberg (2011)

  7. Bellare, M., Kohno, T.: A theoretical treatment of related-key attacks: RKA-PRPs, RKA-PRFs, and applications. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 491–506. Springer, Heidelberg (2003)

  8. Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO’93. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1993)

  9. Bellare, M., Rogaway, P.: Provably secure session key distribution: the three party case. In: 27th ACM STOC, pp. 57–66. ACM Press (1995)

  10. Bhattacharyya, R., Roy, A.: Secure message authentication against related-key attack. In: Moriai, S. (ed.) FSE 2013. LNCS, vol. 8424, pp. 305–324. Springer, Heidelberg (2014)

  11. Biham, Eli: New types of cryptanalytic attacks using related keys. J. Cryptol. 7(4), 229–246 (1994)

    Article  Google Scholar 

  12. Biham, E., Dunkelman, O., Keller, N.: A unified approach to related-key attacks. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 73–96. Springer, Heidelberg (2008)

  13. Biryukov, A., Khovratovich, D., Nikolic, I.: Distinguisher and related-key attack on the full AES-256. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 231–249. Springer, Heidelberg (2009)

  14. Blondeau, C., Peyrin, T., Wang, L.: Known-key distinguisher on full PRESENT. In: Rosario G., Matthew, J.B.R. (eds.) CRYPTO 2015, Part I, vol. 9215 of LNCS, pp. 455–474. Springer, Heidelberg (2015)

  15. Böhl, F., Davies, G.T., Hofheinz, D.: Encryption schemes secure under related-key and key-dependent message attacks. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 483–500. Springer, Heidelberg (2014)

  16. Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014)

  17. Chang, R., Shmatikov, V.: Formal analysis of authentication in bluetooth device pairing (2018). https://www.cs.cornell.edu/~shmat/shmat_fcs07.pdf

  18. Cortier, Véronique, Kremer, Steve, Warinschi, Bogdan: A survey of symbolic methods in computational analysis of cryptographic systems. J. Autom. Reason. 46(3), 225–259 (2011)

    Article  MathSciNet  Google Scholar 

  19. Delaune, S., Kremer, S., Robin, L.: Formal verification of protocols based on short authenticated strings. In: 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pp. 130–143 (2017)

  20. Dong, L., Wenling, W., Shuang, W., Zou, J.: Known-key distinguisher on round-reduced 3D block cipher. In: Jung, S., Yung, M. (eds.) WISA 11. LNCS, vol. 7115, pp. 55–69. Springer, Heidelberg (2012)

  21. Gehrmann, Christian, Nyberg, Kaisa: Security in personal area networks. IEE Telecommun. Ser. 51, 191–229 (2004)

    Google Scholar 

  22. Hale, B., Boyd, C.: Computationally analyzing the ISO 9798-2.4 authentication protocol. In: Security Standardisation Research, SSR 2014. Proceedings, pp. 236–255 (2014)

  23. ISO: Information technology—security techniques—entity authentication—part 6: mechanisms using manual data transfer. ISO ISO/IEC 9798-6:2010, International Organization for Standardization, Geneva, Switzerland (2010)

  24. ISO: Information technology—security techniques—message authentication codes (MACs)—part 1: mechanisms using a block cipher. ISO ISO/IEC 9797-1:2011, International Organization for Standardization, Geneva, Switzerland (2011)

  25. ISO: Information technology—security techniques—message authentication codes (MACs)—part 2: mechanisms using a dedicated hash-function. ISO ISO/IEC 9797-2:2011, International Organization for Standardization, Geneva, Switzerland (2011)

  26. Just, M., Vaudenay, S.: Authenticated multi-party key agreement. In: Advances in Cryptology—ASIACRYPT ’96, pp. 36–49. Springer, Heidelberg (1996)

  27. Knudsen, L.R., Rijmen, V.: Known-key distinguishers for some block ciphers. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 315–324. Springer, Heidelberg (2007)

  28. Kohno, T.: Related-key and key-collision attacks against RMAC. Cryptology ePrint Archive, Report 2002/159 (2002). http://eprint.iacr.org/2002/159

  29. LaMacchia, B., Lauter, K., Mityagin, A.: Stronger security of authenticated key exchange. In: ProvSec 2007, pp. 1–16. LNCS vol. 4784, Springer (2007)

  30. Lamberger, M., Mendel, F., Rechberger, C., Rijmen, V., Schläffer, M.: Rebound distinguishers: results on the full whirlpool compression function. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 126–143. Springer, Heidelberg (2009)

  31. Lowe, G.: A hierarchy of authentication specifications. In: Proceedings of the 10th IEEE Workshop on Computer Security Foundations, CSFW ’97, pp. 31–43. IEEE Computer Society (1997)

  32. Lucks, S.: Ciphers secure against related-key attacks. In: Roy, B.K., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 359–370. Springer, Heidelberg (2004)

  33. Mennink, B., Preneel, B.: On the impact of known-key attacks on hash functions. In: Tetsu I., Jung, H.C. (eds.) ASIACRYPT 2015, Part II, vol. 9453 of LNCS, pp. 59–84. Springer, Heidelberg (2015)

  34. Nguyen, P.H., Robshaw, M.J.B., Wang, H.: On related-key attacks and KASUMI: the case of A5/3. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 146–159. Springer, Heidelberg (2011)

  35. Nguyen, T., Leneutre, J.: Formal analysis of secure device pairing protocols. In: 2014 IEEE 13th International Symposium on Network Computing and Applications, pp. 291–295 (2014)

  36. Nikolic, I., Pieprzyk, J., Sokolowski, P., Steinfeld, R.: Known and chosen key differential distinguishers for block ciphers. In: Rhee, K.H., Nyang, D. (eds.) ICISC 10, vol. 6829 of LNCS, pp. 29–48. Springer, Heidelberg (2011)

  37. Rosa, T.: Key-collisions in (EC)DSA: attacking non-repudiation. Cryptology ePrint Archive, Report 2002/129 (2002). http://eprint.iacr.org/2002/129

  38. Sasaki, Y.: Known-key attacks on Rijndael with large blocks and strengthening ShiftRow parameter. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 10. LNCS, vol. 6434, pp. 301–315. Springer, Heidelberg (2010)

  39. Sasaki, Y., Emami, S., Hong, D., Kumar, A.: Improved known-key distinguishers on Feistel-SP ciphers and application to Camellia. In: Susilo, W., Yi, M., Seberry, J. (eds.) ACISP 12. LNCS, vol. 7372, pp. 87–100. Springer, Heidelberg (2012)

  40. Sasaki, Y., Yasuda, K.: Known-key distinguishers on 11-round Feistel and collision attacks on its hashing modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 397–415. Springer, Heidelberg (2011)

  41. Sheikh Z., Bruno M.: Formal analysis of ISO/IEC 9798-2 authentication standard using AVISPA, 07 (2013)

Download references

Acknowledgements

This research was in part performed while the author was at NPS and supported in part by an NPS RIP Grant (internal university Grant, no Grant No.).

Author information

Authors and Affiliations

  1. Naval Postgraduate School (NPS), Monterey, CA, USA

    Britta Hale

Authors
  1. Britta Hale
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Britta Hale.

Ethics declarations

Funding

This research was partially performed while the author was employed by SINTEF AS.

Ethical approval

This article does not contain any studies with human participants or animals performed by any of the authors.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Approved for public release; distribution is unlimited. The views expressed in this document are those of the author and do not reflect the official policy or position of the Department of Defense or the US Government.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Hale, B. User-mediated authentication protocols and unforgeability in key collision. Int. J. Inf. Secur. 19, 609–621 (2020). https://doi.org/10.1007/s10207-019-00479-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-019-00479-2

Keywords

Search

Navigation