Sebery J.Cryptography.An introduction to computer security.1989

Key con rmation is a property of protocol that allows one principal to make sure that the other party possesses a given key. Implicit key authentication provides an assurance to one principal that no one except a speci c other party could have gained access to a given key. Implicit key authentication can be also viewed as key con dentiality. By explicit key authentication we mean that both implicit key authentication and key con rmation hold.

A treatment of key establishment protocols can be found in [497] and [338]. For a variety of other interpretations of entity authentication [214].

11.1 Classical Key Transport Protocols

An elementary event in a key establishment protocol is a single transmission of a message from one principal to another. This is also called a pass of a protocol. To indicate that a principal A sends a message m to a principal B, we write (A ! B : m). Note that m may consist of plaintext or ciphertext or both. For example, if A wants to use encryption to ensure the con dentiality of a plaintext ptxt the transmission would be written as (A ! B : fptxtgkAB ), where fptxtgkAB denotes the message obtained by encrypting ptxt using a (secret) cryptographic key kAB shared by A and B.

In 1978 Needham and Schroeder [371] published their key exchange protocols. The aim of the protocol is to establish a secret key between two principals A and B with the help of a trusted server S.

Needham-Schroeder protocol (private key case)

Goal: To distribute a fresh secret key to A and B using a trusted server S. Assumptions: S shares a common secret key kAS with A and a common secret

key kBS with B. A and B choose two random challenges (nonces) rA and rB, respectively.

Message Sequence: The protocol consists of the following sequence of messages:

1.A ! S : A; B; rA.

2.S ! A : frA; B; kAB; fkAB; AgkBS gkAS .

3.A ! B : fkAB; AgkBS .

4.B ! A : frBgkAB .

5.A ! B : frB 1gkAB .

382 11 KEY ESTABLISHMENT PROTOCOLS

The protocol is initiated by A who sends its name A, B's name and its challenge rA in clear to the server S. The server replies with the cryptogram

frA; B; kAB; fkAB; AgkBS gkAS , where kAB is the shared key to be used by A and B (also called a session key). A decrypts the cryptogram and checks whether rA

and B match the originals. This check enables A to make sure that the message has come from the holder of the secret key kAS in response to A's request. If the check is successful, A accepts kAB and forwards fkAB; AgkBS to B.

B decrypts the cryptogram, learns who wants to talk to it and stores the key kAB . The last two steps allow B to verify whether A knows the key kAB. B takes his random challenge rB and encrypts it using kAB. Since A knows the key, she extracts rB from the cryptogram, decrements rB by 1, encrypts the result and communicates frB 1gkAB to B. B decrypts the cryptogram and veri es whether the challenge has been decremented as required.

First, some general observations. The protocol uses three secure channels (each channel provides both the con dentiality and authentication). The two channels between the server and A (kAS) and between the server and B (kBS) are set up before hand. The third one is created as a result of the protocol execution. All communication is done via these three channels, except the rst message that is sent in clear.

Suppose that an opponent, Oscar, copies the message forwarded by A to B in the above protocol [138] and that somehow obtains the corresponding session key kAB. Perhaps, this key was used sometime ago and as a waste was carelessly discarded. Now he can trick B to accept an old session key kAB . Oscar replays the copied message in step 3 and successfully completes the rest of the protocol. B cannot detect Oscar's impersonation. Observe that the attack shows that the protocol fails to provide key freshness from the point of view of B. Denning and Sacco [138] suggest using timestamps to thwart the attack.

Needham-Schroeder protocol with timestamps [138]

Goal: To distribute a fresh secret key to A and B using a trusted server S. Assumptions: S shares a common secret key kAS with A and a common secret

key kBS with B. T denotes a timestamp value generated at S.

Message Sequence: The parties exchange the following sequence of messages: 1. A ! S : A; B.

2.S ! A : fB; kAB; T; fA; kAB; T gkBS gkAS .

3.A ! B : fA; kAB; T gkBS .

A and B can make sure that messages are fresh by checking whether the transmission is within the permitted time interval.

In public key cryptography, users need to know authentic public keys. The server S distributes authentic public keys provided that every user within the server domain knows the authentic public key KS of the server S. The original Needham-Schroeder protocol consists of seven steps. The version given below is a modi cation with timestamps by Denning and Sacco [138]. The protocol does not use con dentiality channels at all. All messages are transmitted in clear or in the form of public timestamped certi cates (signatures). A certi cate hmik signed using a secret key k allows anybody who knows the matching public key K to recover the message m. This is a usual way of providing an authentication channel under the assumption that K is an authentic public key of the sender and matches its secret key k.

Modi ed Needham-Schroeder protocol (public key case)

Goal: To distribute the authentic public keys KA and KB of A and B, respectively.

Assumptions: A and B know the authentic public key KS of the server. The timestamp is T . The key kS is the secret key of S.

Message Sequence: The protocol consists of the following sequence of messages:

1.A ! S : A; B.

2.S ! A : hA; KA; T ikS ; hB; KB ; TikS .

3.A ! B : hA; KA; TikS ; hB; KB; T ikS .

11.2DiÆe-Hellman Key Agreement Protocol

DiÆe and Hellman [152] in their seminal paper made several breakthroughs in cryptology. Apart from introducing the notion of public key cryptography, they showed how two parties A and B can establish a secret key via an insecure network using a public discussion.

DiÆe-Hellman key agreement protocol

384 11 KEY ESTABLISHMENT PROTOCOLS

Goal: To establish a secret key k between A and B.

Assumptions: A and B use a modulus p (p is a large enough prime) and a primitive element g 2 Zp . Both integers p and g are public. The integers and are randomly chosen from Zp 1 by A and B, respectively.

Message Sequence: The parties exchange the following sequence of messages: 1. A ! B : g mod p.

2. B ! A : g mod p.

A and B compute a common secret key as k = g = (g ) = g mod p:

Consider a toy example. Let the modulus p = 2447 and the primitive element

g = 1867. A and B choose their secret elements at random from Z2446. Let = 1347 and = 2186. In step 1, A communicates to B the integer g = 18671347 1756 mod 2447. In step 2, B sends to A the integer g = 18672186 848 mod 2447. A computes the secret key k = (g ) = 8481347 2177 mod 2447. B calculates the key k = (g ) = 17562186 2177 mod 2447.

The protocol su ers from the intruder-in-the-middle attack. Suppose that our attacker, Oscar, sits between A and B. The attack proceeds as follows:

1.A sends B a message (g mod p).

2.Oscar intercepts it and forwards to B his own message (g mod p), where

2 Zp 1 is an integer chosen by Oscar.

3.B responds by conveying the message (g mod p) to A.

4.Again, Oscar intercepts the message and sends (g mod p) to A.

5.Finally, A computes its secret key kA = (g ) and B calculates its kB = (g ) . Clearly, the secret keys computed by A and B are di erent. Note that Oscar knows both keys kA and kB and controls the message exchange between A and B.

Another manifestation of the same security problem emerges when A receives two (or more) replies g 1 , g 2 from two di erent persons. A cannot identify the senders of these messages. The parties can establish a secret key but they do not know with whom they share it! The protocol provides no key authentication and no key con rmation.

11.2.1 DH Problem

Security of the DiÆe-Hellman key exchange depends upon the diÆculty of nding g from two public messages g and g . This is known as the DiÆe-Hellman problem.

Name: DH search problem

Instance: Given a prime modulus p, a primitive element g a and b such that a g mod p and b g mod p.

Question: What is the integer c such that c g mod p?

Let us recall the de nition of the discrete logarithm (search) problem.

Name: DL problem

Instance: Integers (g; s) that belong to GF (p) determined by a prime p. Question: What is the integer h such that h = logg s (mod p) (or

equivalently gh s mod p)?

Note that the DL problem is not easier than the DH problem. In other words, the DL problem could be harder or as hard as the DH problem. To see this, it is enough to assume the existence of an algorithm that solves the DL problem. This algorithm also solves all instances of the DH problem. It is unknown what would have happened with complexity of the DL problem if the DH problem had been shown to be solvable in polynomial time.

It is easy to show that inverting the ElGamal encryption is equivalent to solving the DH problem (see [497]). For further study of the DH problem, the reader is referred to [328] and [329].

One of security goals we have not mentioned is forward secrecy. It is relevant to mention it in the context of the DH key agreement protocol as it is one of a few that actually provides it. Forward secrecy is achieved if disclosure of longterm keys does not compromise session keys generated before the disclosure.

11.3 Modern Key Distribution Protocols

Modern key distribution protocols are assumed to pass some sort of security scrutiny. Veri cation proceeds using formal methods. The algebraic approach to protocol veri cation applies a nite state machine analysis with a de nition of bad states (a protocol failure) [275]. Burrows, Abadi, and Needham have

386 11 KEY ESTABLISHMENT PROTOCOLS

developed a logic that can analyze the evolution of beliefs during the execution of cryptographic protocols [71]. This is the well known BAN logic. Gong, Needham and Yahalom have extended the BAN logic [218]. Their extension is often referred to as the GNY logic. A comprehensive review of formal veri cation methods for cryptographic protocols can be found in a survey paper by Meadows [335].

A di erent approach to the design of key distribution protocols has been suggested by Boyd and Mao [55, 56]. They argue that instead of verifying the protocol security after the design stage, it is better to formulate a rigorous design procedure so that the nal product is always a secure protocol. To achieve this, the designer needs to establish the minimum cryptographic requirements imposed on a protocol and identify how these requirements are to be realized.

Otway and Rees [397] designed a protocol that was intended to provide a secure alternative for the Needham and Schroeder protocol. The protocol presented below is a modi cation of the original (see [56] for further details). Challenges rA and rB play a role of timestamps and are used to prevent the replay attack.

Modi ed Otway-Rees protocol (Boyd and Mao [56])

Goals: 1. Establishment of a fresh secret key kAB between two principals A and

B.

2. Mutual key authentication.

Assumptions: S shares a common secret key kAS with A and a common key kBS with B. A and B choose two random challenges (nonces) rA and rB, respectively.

Message Sequence: The parties send the following sequence of messages:

1.A ! B : A; rA.

2.B ! S : A; B; rA; rB.

3.S ! B : fA; B; rB ; kABgkBS , fA; B; rA; kABgkAS .

4.B ! A : fA; B; rA; kABgkAS .

The Otway-Rees protocol uses the secure channels (de ned by two secret keys kAS and kBS) for both message con dentiality and authentication. These two roles can be clearly separated as is shown in the following alternative protocol designed by Boyd and Mao [56].

Boyd-Mao split channel protocol

Goals: 1. Establishment of a fresh secret key kAB between two principals A and

B.

2. Mutual key authentication.

Assumptions: S shares a common secret key kAS with A and a common key kBS with B. A and B choose two random challenges (nonces) rA and rB, respectively. MACkfmg stands for the message authentication code of the message m generated under the control of the secret key k.

Message Sequence: The parties send the following sequence of messages:

1.A ! B : A; rA.

2.B ! S : A; B; rA; rB.

3.S ! B : fkABgkBS , MACkBS fA; B; rB; kABg, fkABgkAS , MACkAS fA; B; rA; kABg.

4.B ! A : fkABgkAS , MACkAS fA; B; rA; kABg.

Note that MACkfmg provides an authentication channel, whereas fmgk provides a con dentiality channel. MACkfmg can be also generated using a keyed hashing algorithm. Only these messages that need to be recovered are encrypted. Messages sent over the authentication channel are short and of axed length (as determined by the length of the MAC). The advantage of the above protocol is that messages are relatively short.

11.3.1 Kerberos

Kerberos is an authentication system developed at the Massachusetts Institute of Technology (MIT) as part of the Athena project [490]. The aim of the project was to provide a broad range of computing services to students across the campus. Kerberos provides authentication services for principals over an open computer network. There are two trusted authorities: the authentication server AS and the ticket granting server T GS. The pre-distributed cryptographic key between a principal A and the authentication server is computed from A's password (passwdA) using a one-way function f as kA;AS = f(passwdA). The password and the secret key kA;AS are stored in the Kerberos database. The system is based on a private-key encryption, such as DES.

Kerberos uses two main protocols: credential initialization and client-server authentication. The rst protocol is executed every time a principal A logs on

388 11 KEY ESTABLISHMENT PROTOCOLS

a host H. Note that the exchange of messages between A and the host H are performed via a secure channel.

Kerberos credential initialization protocol (Version V)

Goals: 1. Veri cation of password of a principal A who logs on a host H.

2. Distribution of a fresh secret key to host H (acting on behalf of the principal A) for use with T GS.

Assumptions: The principal A and the authentication server AS share the secret key kA;AS . The authentication server AS and T GS share kT GS .

Message Sequence: The parties exchange the following sequence of messages:

1.A ! H : A.

2.H ! AS : A; T GS; L1; N1.

L1 is a lifespan of the ticket and N1 is a nonce. The authentication server AS undertakes the following steps:

{ retrieves the keys kA;AS and kT GS from the database.

{ generates a fresh session key k and composes a ticketT GS = fA; H; T GS; k; T; LgkT GS , where T is a timestamp and L is the lifetime of the ticket.

3. AS ! H : A; ticketT GS; fT GS; k; T; L; N1gkA;AS . 4. H ! A : request for password.

5. A ! H : passwd.

~

H computes kA;AS = f(passwd) and uses the computed key to decrypt

the message fT GS; k; T; L; N1gkA;AS . If the decryption is successful, H

~

concludes that the keys kA;AS = kA;AS and the password provided by A is valid. In this case, H stores the session key k, the timestamp T, the ticket lifetime L and the ticketT GS. If the decryption fails (kA;AS 6=

~

kA;AS), login is aborted.

The next protocol is executed between a client C and a server S. The client C is a process run by a principal A on a host H. The server S provides computing resources to C. The client C runs the protocol to establish a secure channel with the server S. It is assumed that the host and the principal who resides in it, have completed successfully a run of the credential initialization protocol.

Kerberos client-server authentication protocol (Version V)

Goal: To distribute a fresh session key kCS generated by T GS for use between a client C and a server S. To con rm the key kCS.

Assumptions: The client C holds a valid ticketT GS and shares a key k with T GS. The server S shares kS with T GS.

Message Sequence: The parties exchange the following sequence of messages:

1.C ! T GS : S; N; L; ticketT GS; fC; T1gk ,

where N is a nonce, L is a lifespan of the ticket T1 is a timestamp. The ticket granting server T GS

{retrieves the key k from ticketT GS,

{checks the timeliness of the ticket,

{recovers the timestamp T1 from fC; T1gk,

{checks timeliness of T1,

{generates a fresh session key kCS ,

{creates a server ticketS = fA; C; S; kCS ; Ts; LsgkS , where Ts is a timestamp and Ls is a lifetime of the ticket.

2.T GS ! C : A; ticketS; fS; kCS; Ts; Ls; Ngk. The client C

{extracts kCS, timestamp Ts, the lifetime Ls and the nonce N,

{checks the timeliness of the message.

3.C ! S : ticketS ;fC; T2gkCS . The server S

{retrieves kCS from ticketS,

{checks the timeliness of the ticket,

{recovers the timestamp T2 from fC; T2gkCS ,

{checks timeliness of T2.

4.S ! C : fT2gkCS

An authentication server is responsible for a a single domain (in Kerberos called a realm). To support authentication services across di erent realms, authentication servers need to hold interrealm keys that provide secure interrealm communication channels. A principal A can obtain a granting ticket to contact a remote T GS from its local T GS [395].

390 11 KEY ESTABLISHMENT PROTOCOLS

11.3.2 SPX

SPX is an authentication system for large distributed systems [503]. It is a part of Digital Distributed System Security Architecture [196]. SPX uses both secret and public key cryptography. We are going to use the following notation:

{ fmgk { message m encrypted under a secret key k using a private-key cryptosystem; it is assumed that encryption preserves both con dentiality and integrity of m.

{ hmik { message m signed using a private key k; anyone who knows the matching public key K can verify the signed message m.

{[m]K { message m encrypted using a public key K; only the holder of the matching secret key k can read the message m.

There are two authentication servers: a login enrollment agent facility (LEAF) and a certi cate distribution center (CDC). There is also a collection of certi cation authorities (CA) organized in a hierarchical structure. A single CA has a jurisdiction over a subset of principals and is assumed to be trusted. The main goal of a CA is to issue public key certi cates. LEAF is a trusted authority, whereas CDC does not need to be trusted as all the information stored in the CDC is encrypted. Like Kerberos, SPX provides several authentication protocols. We are going to describe two basic ones: credential initialization and client-server authentication. The credential initialization protocol is initiated by a principal A who wants to login to his host H. The host exchanges messages with its local LEAF and CDC.

SPX credential initialisation protocol

Goals: 1. Delivery of the public key KCA of the local CA to host H of the principal A.

2. Veri cation of A's password.

Assumptions: Principal A holds a valid password (passwdA). LEAF has generated its pair of secret and public keys (kLEAF ; KLEAF ). Every host knows the authentic public key KLEAF of its local LEAF . CDC keeps the secret

key kA of principal A in the form of a record (fkAgh2(passwdA); h1(passwdA)), where h1 and h2 are two suitably chosen one-way functions.

Message Sequence: The parties exchange the following sequence of messages: 1. A ! H : A; passwd.