A Framework for Authentication and Key-Exchange Protocols

Ran Canetti

IBM Research

We present a framework for constructing and analyzing authentication protocols in realistic models of communication networks. Drawing from a general approach for defining security of cryptographic protocols, this framework provides a sound formalization of the authentication problem and enables modular design and analysis of authentication and key exchange protocols.

In particular, within this framework we show how to systematically transform solutions that work in a model of idealized authenticated communications into solutions that are secure in the realistic setting of communication channels controlled by an active adversary.

Using these principles we construct and prove the security of simple and practical authentication and key-exchange protocols. In particular, we provide a security analysis of some well-known key exchange protocols (e.g. authenticated Diffie-Hellman key exchange), and of some of the techniques underlying the design of authentication protocols that are currently being deployed on the Internet, such as SSL/TLS and IPSec.

Ran Canetti, A Framework for Authentication and Key-Exchange Protocols

Gates 498, 2/16/1999, 4:15 PM