Protocols for authentification and key establishment (Q1872784)

Protocols for authentication and key establishment are the foundation for the security of communications. The range and diversity of these protocols is immense, while the variation in the properties and vulnerabilities of different protocols can be remarkably subtle. This book is the first comprehensive treatment of protocols for authentication and key establishment. It allows researchers and practitioners to quickly access a protocol for their needs and become aware of existing protocols that have been broken in the literature. In addition to a clear and uniform presentation of the protocols, this book includes a description of all the main attack types and classifies most protocols in terms of their properties and resource requirements. The first two chapters are introductory and may be useful for the graduate student, or anyone coming to the field for the first time. Material in the remaining five chapters is arranged thematically to help the reader identify connections between different protocols. Between them, these five chapters survey more than 150 protocols from the literature. Ch.\,1, A Tutorial Introduction to Authentication and Key Establishment, starts with a tutorial aimed at explaining the general methods of how protocols work and the typical capabilities of protocol adversaries. Definitions for the basic protocol components follow, including a quick overview of cryptographic algorithms and their properties, as well as a list of typical protocol attacks. Ch.\,2, Goals for Authentication and Key Establishment, is devoted to a study of the different goals that protocols for authentication and key establishment may have. This is a critical part of understanding protocol analysis, and neglect of this issue has been the source of much error in the past. The chapter develops a hierarchy of different goals, considering only extensional goals. This hierarchy is used in subsequent chapters to evaluate various protocols. The hierarchy provides a simple yet effective tool for describing protocol properties and for evaluating attacks against protocols with unclear goals. The last section contains a brief survey of formal protocol analysis techniques, broadly divided into those using formal specification and those using complexity-theoretic proofs. Ch.\,3, Protocols Using Shared Key Cryptography, is concerned with protocols that employ symmetric cryptography. Many of these protocols involve an on-line trusted third party, in the tradition established by Needham and Schroeder. Ch.\,4, Authentication and Key Transport Using Public Key Cryptography, deals with protocols using public key cryptography, but excluding key agreement protocols. Some standardized protocols and also some protocols in wide use today, such as the Transport Layer Security protocol, are included. Ch.\,5, Key Agreement Protocols, is concerned with key agreement based on public keys. Most of the protocols in this chapter are based on the Diffie-Hellman key exchange. There is a vast range of protocols in this class, and consequently this is the longest chapter. There is also a treatment of identity-based key agreement protocols. Much of Ch.\,6, Conference Key Protocols, concerns generalizations of protocols from Ch.\,5 to the multi-party setting. In particular, Diffie-Hellman key agreement with multiple parties is discussed in some detail. A topic that is not treated in any depth in this chapter is that of dynamic conferences. Ch.\,7 deals with Password-Based Protocols first developed not much over 10 years ago. Recently there have been many new protocols proposed in this area, and the authors take into account the most important of these. Appendix A is a brief overview of published \textit{Standards for Authentication and Key Establishment} protocols. This book will prove useful both to those who wish to learn more about the field and as a reference for those looking for tasks such as finding whether an established protocol exists for a specific application, or whether any attacks are known on a specific protocol or on related protocols.