计算可靠的Diffie-Hellman密钥交换协议自动证明
上传者:陈佳品|上传时间:2015-04-22|密次下载
计算可靠的Diffie-Hellman密钥交换协议自动证明
?32??10? 2011?10?
? ? ? ?
Journal on Communications
Vol.32 No.10 October 2011
?????Diffie-Hellman??????????
?бē??ē?д?
??????? ????????┦??? ?? 410073?
?????????Diffie-Hellman????????????????????????????????????????????????CryptoVerif????????????Kerberos??????Ё????????┻???????????????CryptoVerif???????Diffie-Hellman?Kerberos??????????????????????????????????????????Н???????????????????????????
?????????Diffie-Hellman???Kerberos????????
Ё?????TP393 ??????B ?????1000-436X(2011)10-0118-09
Computationally sound mechanized proofs for
Diffie-Hellman key exchange protocols
FENG Chao, ZHANG Quan, TANG Chao-jing
(School of Electronic Science and Engineering, National University of Defense Technology, Changsha 410073, China)
Abstract: A computationally observational equivalence model for the Diffe-Hellman key agreement primitive was pro-posed and the soundness of the model was proved. Compared with prior works, this model can extend the power of the mechanized prover CryptoVerif directly. When applying the model to proving the public-key Kerberos, the de?ciency of the adversary’s capability was uncovered and an enhanced model for the adversary was presented. The model was vali-dated by verifying the public-key Kerberos in Diffie-Hellman mode with CryptoVerif automatically. Being different from current approaches, the verification procedure is both automatic and computationally sound. Key words: security protocols; Diffie-Hellman primitives; Kerberos protocol; mechanized proofs
1 ??
Diffie-Hellman????[1](DHKE)????????????????2???????????????????????????????????????SSL/TLS?SSH?Kerberos?ISO-9798-3?Just Fast Key?PKI????Ё???????
????DHKE??????????2??
???????????????????????????????Ё????????Dolev- Yao?????????-????????????????????????????????????DHKE???????▂??????????[2, 3]?Dolev-Yao?????????????Diffie-Hellman?????????????????????????????????????????????????????Ё[4,5]?
?????2010-12-07??????2011-04-04
??-????????????-??60872052?
Foundation Item: The National Natural Science Foundation of China (60872052)
?10? ?????????Diffie-Hellman?????????? g119g
??????????????????????-??????????????????????????Ё????????????????L?????????????????????????????
??????????????????????????????????????????[6]?????DHKE??????????????????Backes????????Kerberos??[7]?????????[8]????????Diffie-Hellman??(???DHINIT)?Lakhnech??????????Diffie-Hellman??????[9]?Datta?????????????[10]?????Diffie-Hellman?????????[11]??????????????
Blanchet???[11]Ё????????????CryptoVerif??????????????????????????????????????????[12,13]???????????[12]????DHKE????????????????DHKE????????
?????????????DHKE????????????DHKE?????????????CryptoVerif???????????????CryptoVerif?????????DHKE???????????????????????????????????????Ё???????????┻???[13]?????KerberosЁ???????????????????????
???????Kerberos??????????
???????????????????Diffie- Hellman?????Kerberos????????????????????????????????????????????????????DHKE???(?IKE, Just Fast Key?)?????
????????2?????????CryptoVerif??3???DHKE????????????????????????4????Kerberos??????????????[13]Ё????????┻??5??????
2 ??????
??????????CryptoVerif?????
?????[12]?
CryptoVerif??????????????????????????π?????c<M>?????c?????M?c(m)?????c??????????mЁ?new m:T????T???╓????m?P|Q????P?Q??????if M then P else Q?????????P; Q???
?P?Q?.????!i??
nP??P?n???????????????i?????Ё???x?x[i]???????find i?n such that defined(M) then P else Q??????????????i???Н???M????P?????Q?
CryptoVerif??????????????????????Ё???????????????????????????Ё????????????????????????????????????????Ё????????????????????????????
CryptoVerif????????(G1,?,Gm)≈ (G1′,?,Gm′)????????????????Ё???G??????Н??1???
?1
??????????
?? ?Н G::=
??? !????
?? new y??:T??,?,y :T (G??,?,G??)
╓???? (x??:T??,??,x??:T??)→FP ???? FP::= ???? M
- new x[i]:T;FP ╓???? let x[i]:T=M in FP
?? find (⊕????=??u????[??i]?n????suchthat defined
????
(M????,?,M?? )^??M?? then FP?? ) else FP
!i??
n new y1:T1,?,yl:Tl(G1,?,Gm)????T1,?,Tl???╓??y1,?,yl?????????
?G1,?,Gm????????????????!i??
n???????n??????????????????x?x[i]???
????(x1:T1,?,xl:Tl)→FP????????????8??????T1,?,Tl?????x1,?,xl???8??????FP?????????new x[i]:T;FP?????T???╓????
g120g ? ? ? ? ?32?
??xЁ????FP???let x[i]:T=M in FP??
?M???x????FP???find (⊕mj=1u??j[i??]?n??j suchthat defined(Mj1,?,Mjl)^Mj then FPj) else FP?
?????Mj1,?,Mjl?u
??j[i??]???????Mj?????FPj?????FP?????????
??G[i]??????????????G[j]Ё??????????????????IND-CCA2???Ё??????????????cchallenge???8????????????find (j?n suchthat defined(cchallenge)^cchallenge [j]= c then Error) else Decrypt(c,sk)?
?????????????(G1,?,Gm)≈ (G1′,?,Gm′)?????????????????????b??????2?8???(G1,?,Gm)?(G1′,?,Gm′)???????8????b?????b=0???????(G1,?,Gm)???????(G1′,?,Gm′)???????????????b′???b?????b′=b???????????????????????8????????2???([[G1]]|?|[[Gm]])?([[G1′]]|?|[[Gm′]])?[[G]]??8???G???????????????????????Ё???????????????2???????
3 DHKE??????
???CryptoVerif?????DHKE????????????DHKE???????????????????????????????????????????????? 3.1 DHKE?????
??????????DHKE???????????
1) ??Alice?Bob????????????p??Zp*????g?
2) Alice╓????Zp-1???x???X=gx mod p???X???Bob?
3) Bob╓????Zp?1???y?
??Y=gy mod p???Y???Alice?
4) Alice??Bob???Y??K=Yx mod p=(gy)x mod p = (gy)x mod p = gxy mod p??????Bob??????
5) Bob??Alice???X??K=Xy mod
p=(gx)y mod p = (gx)y mod p = gxy mod p??????Alice??????
6) Alice?Bob??K??????????????????????
DHKE?????????????Diffie- Hellman??(DDHA, decisional Diffie-Hellman as-sumption )???DDHA?????????A??
????<ga, gb, gab>?<ga, gb, gc>????
?Ёa, b, c??G?╓??????DDHA???????gx?gy??gxy????????3.2 ?????
CryptoVerif??????????????????????[12]?DDHA??????????
!i??
n new a:T; new b:T (()→ga, ()→gb, () →gab) ≈!i??
n new a:T ;new b:T ;new c:T (() →ga ,() → gb, ()→gc))
???????????????DDHA???????????Ё╓??a?b????????Ё????DHKEЁa?b????????╓????CryptoVerif???????????????Ё?
?CryptoVerif??????????????
??DHKE??????????3??????
1) ???????????(x,gy)?(y,gx)?????????????????????????????:(gx)y=(gy)x=gxy?
????????????????????????????????Ё?
2) ????
???????????????G???╓????
3) ????CryptoVerif???????????????????Ё?????????????????
???????????????[12]??????DHKE?????Ё? 3.3 ??????
DHKEЁ??????????????????????????gx(?gy)?????gxy???????????????????P?K??????gx(?gy)?gxy?????, ?S????x(?y)????????????????Н╓?????seed?
?Н1 (Diffie-Hellman??)????Trg?
?10? ?????????Diffie-Hellman?????????? g121g
Tsg?Tpg?Tkg????DHKEЁ╓????????????????????????g????????Щ??Н??exp:Ts→Tp???g??????????Ts????x???Tp????gx?Diffie-Hellman??DHA=(S, P, K)??3?????
1) DH??????S:Tr→Ts?????Tr?????r?????Ts????(?x?y)?
2) DH??????P:Tr→Tp?????Tr?????r?????Tp????(?gx?gy)?P????????????P(r)??r???
3) DH????????K:Ts×Tp?Tk???Ts(?x)?Tp(?gy)????????????(?gxy)?
?????????????????DH???DH???????????r:Tr; exp(S(r))? P(r)????????????????x?Ts, ?y?Ts,?gx?Tp,?gy?Tp, (K(x, gy)=K(y,gx)) ? ((exp(x)= gx?exp(y)=gy)?(x =y?gx=gy))???ā??????????CryptoVerif??K(x,gy)=K(y,gx)??????????(exp(x)= gx?exp(y)=gy)?(x =y?gx=gy)?
??DHA??????DHKE?????????Lg≈Rg, ??g????????Щ?
Lg=!i??N new r:Ts;(() →P(r), !i??
N??(gy : Tp) →K(S(r), gy))
Rg=!i??N new r:Ts;(() →P′(r), !i??
N??(gy : Tp) → find j?N1 suchthat defined(gy[j], r1[j])?otheruses (r1[j])?gy = gy[j] then r1[j]
orfind j?N1, k?N suchthat defined(r[k], gy[j,k], r1[j,k])?otheruses(r1[j,k])?(exp(S′(r)) = gy[j,k] ?gy=exp(S′(r[k]))) then r1[j,k]
else new r1: Tk;r1).
??S′?P′??S?P??????????L?R??????????????CryptoVerif???????????????
???DHKE????CryptoVerif?????L??????R?????????????????Ё??LЁ??????????RЁ??????R????2??????????????j?N1, ??gy[j]??gy????????????K(S(r),gy), ??????????r1[j]???????????????????j?N1, k?N?
??exp(S′(r)) = gy[j,k]?gy=exp(S′(r[k]))?????????????????K(S′(r[k]),P′(r))??Ё?gy=exp(S′(r[k]))=P′(r[k])??+???????K(S′(r[k]),P′(r))?K(S′(r), P′(r[k]))????????2??????????????r1[j,k]??2???????????Tk???╓??r1???????
L≈R?????????????Ё?????????????????Ё??? 3.4 ?????
????CryptoVerif?DHKE????????????????G??DDHA?????????????Lg≈Rg?????ˊ1???
?ˊ1 ?????G?????g??G????Diffie-Hellman??(DDHA)??МLg≈Rg?
??ˊ?????????Н??ˊ??Ё??Н2??Н3???DDHA???????Lg≈Rg?????????ˊ1?????2??????
?Н2 (DDHA????ExpgDDHA(ADDHA,b))??????????2?Tr???╓??ra?rb????Tk???╓??rc??????????SDHra,rb,rc()8?????????8??????b=0???<P(ra),P(rb),K(S(ra),P(rb))>?????<P(ra),P(rb),rc>????????????b???
?b′???????1????Ё????r←?R
?Tā????T???╓???????rЁ???
?rR
1=r2←??Tā????T???╓???????r1?r2Ё?
??Exp?????? ??(A?????? ,b)
??r?? ←?
?Tr????
??,??←??T???r??←??T??b′←A?????????????? ??????
????
??????????b′
?1 DDHA????
????????Н??ADDHA???AdvDDHA
g
(ADDHA)=Pr[ExpDDHADDHA
g(ADDHA,0)=1]??Pr[Expg(ADDHA, 1)=1]????????AdvDDHA)=max{DDHAg(tAAdv ??????
g
(ADDHA)}??Ё?t???????
????ExpgDDHA?DDHA????????????G??DDHA?????????g?
g122g ? ? ? ?
?32?
?МAdvgDDHA(t)???Щ???
?Н3 (DHKE????ExpgDHKE(ADHKE,b))??????????qn?Tr???╓??ra[i]?qn2?Tk???╓??rc[i,j] (0<i,j?qn)????????qn?8???EGi()?KGi(·)?????qn???????????????
?EGi()????????P(ra[i])?????? ?KGi(·)??????????????????gb?????????gb???????EGj()8??????????b=0?1????K(S(ra[i]),gb)?rc[i,j]???????Tk???╓??r??????????????b′???b??????b′=b?????????Ё??????????????Ё?????ExpgDHKE???????2?????
??Exp
???? ????
(A???? ??,b)
??i,j∈[1,q ],??r??[i]←????T????r??[i,j]=r??[j,i]←???
?T??
b′←A??????????????????????????????????? ??
????????
?????
??b′
?2 DHKE????
??????????Н??ADHKE???
AdvgDHKE(ADHKE)=Pr[ExpgDHKE(ADHKE,0)=1]??Pr[ExpgDHKE·
(ADHKE, 1)=1]????????AdvDHKE
g
(t)= max{AAdvDHKE
g(ADHKE)}??Ё?t??????? ???? ??
?????ExpgDHKE
(ADHKE,0)??????L????ExpgDHKE(ADHKE,1)????R????М??Lg≈Rg????AdvgDHKE(t)???Щ???
?ˊ1 ???G???AdvgDDHA(t)???Щ????AdvgDHKE(t)???Щ???
?? ????????????A?????ExpgDHKE??М???????ExpgDDHA???BA? 1) ??ExpgDHKE????Ё?????ExpHl(?Ё?0?l?qn)???3???
??ExpHl????????l?i?8??KGi(·)???╓????НPl=Pr[ExpHl=1]???ExpHl??1???????l=qn??ExpHl?ExpgDHKE(ADHKE,0)????l=0??ExpHl?ExpgDHKE(ADHKE,1)???????AdvgDHKE(A)= Pqn??P0?
2) ????A????ExpgDDHA???BA?BA???????4???
?? ExpH??(?Ё?0?l?q??)
a) ??i,j∈[1,q??],??r [i]←?
???T????r??[j,i]=r??[i,j]←????T
???b) ????A???????????A?EG ()?KG (·)8?????:
??????EG ()???????P(r??[i])???A? ??????KG (·)??????????gb??????? ??i?l????????j?l??gb?EG??()???????K(S(r??[i]),gb)???A??????????
??i>l????????j?l??gb?EG??()???????r??[i,j]???A?????????? c) ??????A??b′? d) ????b′?
?3 Ё?????
a) ??SDH???? ???? ????()8?????<gx,gy,gz>? b) ╓?????[1,q??]Ё???l? c) ??i∈[1,??,l?1]∪[l+2,??,q??] j∈[i,q??],
??r??[i]←????T r??[i,j]←???
?T???
d) ????A?
?+?????????EG ()?KG (·)???? ??????EG ()????
??i≠l,?i≠l+1?????P(r??[i])???A? ??i=l????gx?
??i=l+1????gy?
??????KG (·)??????????gb?????????
??i<l??????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i, j]???A????????EG??()?????????
??i>l+1??????????gb?EG??()???r??[i, j]???A????????EG??()?????????
??i=l??????gb=gy????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? ??i=l+1??????gb= gx????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? e) ??A??????b′? f) ??b′???b????
?4 ??B?????
?????ExpgDDHA(BA,0)??SDHra,rb,rc()??<P(ra),P(rb),K(S(ra),P(rb))>?KGl(·),KGl+1(·)????????????????l+1?i, KGi(·)???╓??????ExpHl+1????????
下载文档
热门试卷
- 2016年四川省内江市中考化学试卷
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
- 山东省滨州市三校2017届第一学期阶段测试初三英语试题
- 四川省成都七中2017届高三一诊模拟考试文科综合试卷
- 2017届普通高等学校招生全国统一考试模拟试题(附答案)
- 重庆市永川中学高2017级上期12月月考语文试题
- 江西宜春三中2017届高三第一学期第二次月考文科综合试题
- 内蒙古赤峰二中2017届高三上学期第三次月考英语试题
- 2017年六年级(上)数学期末考试卷
- 2017人教版小学英语三年级上期末笔试题
- 江苏省常州西藏民族中学2016-2017学年九年级思想品德第一学期第二次阶段测试试卷
- 重庆市九龙坡区七校2016-2017学年上期八年级素质测查(二)语文学科试题卷
- 江苏省无锡市钱桥中学2016年12月八年级语文阶段性测试卷
- 江苏省无锡市钱桥中学2016-2017学年七年级英语12月阶段检测试卷
- 山东省邹城市第八中学2016-2017学年八年级12月物理第4章试题(无答案)
- 【人教版】河北省2015-2016学年度九年级上期末语文试题卷(附答案)
- 四川省简阳市阳安中学2016年12月高二月考英语试卷
- 四川省成都龙泉中学高三上学期2016年12月月考试题文科综合能力测试
- 安徽省滁州中学2016—2017学年度第一学期12月月考高三英语试卷
- 山东省武城县第二中学2016.12高一年级上学期第二次月考历史试题(必修一第四、五单元)
- 福建省四地六校联考2016-2017学年上学期第三次月考高三化学试卷
- 甘肃省武威第二十三中学2016—2017学年度八年级第一学期12月月考生物试卷
网友关注
- 查询
- 科三考试步骤
- 一直不会有人愿意透露的跆拳道馆暑假招生秘诀——跆拳道道馆营销策划
- 语文阅读教学的文本如何细读 (3)
- 从今发奋(八3班歌曲)
- 中学物理实验教学现状及对策研究_杨先海
- 规章制度题库
- 高湾中心小学师德先进集体材料
- 小学英语教师远程研修个人学习总结---杨晴
- 七月
- 少年向上
- 考试题
- 英语课备课
- 城轨车辆电机电器题库
- See you again
- 2015论文《打造小学语文课堂教学的高效性》
- 办学特色
- 再谈中学化学实验教学改革_上_在_省略_化学实验教学高级研修班_上的讲话_宋心琦
- 包容
- 普通话水平测试范围及样卷
- 模拟1
- 事业单位工资改革丨养老保险新政策:养老“并轨”改革5月底前启动
- 深圳2014东森考场路考满分通过全攻略
- 关于科学教学的设计
- (邬蕾)2013-至2014学年优秀教研员材料
- 小学科学情境性试题探究_虞温妮
- 要成功学中文 总理讲俄罗斯汉语教师很重要
- 材料科学与工程专业课程总结
- 2015军转必读:第十届两岸经贸文化论坛在上海举行
- see you again
网友关注视频
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 7
- 外研版英语三起5年级下册(14版)Module3 Unit2
- 冀教版英语四年级下册第二课
- 化学九年级下册全册同步 人教版 第18集 常见的酸和碱(二)
- 河南省名校课堂七年级下册英语第一课(2020年2月10日)
- 化学九年级下册全册同步 人教版 第22集 酸和碱的中和反应(一)
- 【部编】人教版语文七年级下册《泊秦淮》优质课教学视频+PPT课件+教案,辽宁省
- 外研版英语七年级下册module1unit3名词性物主代词讲解
- 外研版英语三起6年级下册(14版)Module3 Unit2
- 冀教版小学英语四年级下册Lesson2授课视频
- 第五单元 民族艺术的瑰宝_16. 形形色色的民族乐器_第一课时(岭南版六年级上册)_T3751175
- 七年级英语下册 上海牛津版 Unit3
- 3月2日小学二年级数学下册(数一数)
- 8.对剪花样_第一课时(二等奖)(冀美版二年级上册)_T515402
- 小学英语单词
- 第12章 圆锥曲线_12.7 抛物线的标准方程_第一课时(特等奖)(沪教版高二下册)_T274713
- 七年级英语下册 上海牛津版 Unit5
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 4
- 沪教版八年级下册数学练习册21.3(3)分式方程P17
- 冀教版小学英语五年级下册lesson2教学视频(2)
- 沪教版牛津小学英语(深圳用) 六年级下册 Unit 7
- 【部编】人教版语文七年级下册《老山界》优质课教学视频+PPT课件+教案,安徽省
- 人教版二年级下册数学
- 【获奖】科粤版初三九年级化学下册第七章7.3浓稀的表示
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 2
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 3
- 冀教版小学数学二年级下册第二周第2课时《我们的测量》宝丰街小学庞志荣
- 北师大版小学数学四年级下册第15课小数乘小数一
- 【部编】人教版语文七年级下册《泊秦淮》优质课教学视频+PPT课件+教案,广东省
- 3.2 数学二年级下册第二单元 表内除法(一)整理和复习 李菲菲
精品推荐
- 2016-2017学年高一语文人教版必修一+模块学业水平检测试题(含答案)
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
分类导航
- 互联网
- 电脑基础知识
- 计算机软件及应用
- 计算机硬件及网络
- 计算机应用/办公自动化
- .NET
- 数据结构与算法
- Java
- SEO
- C/C++资料
- linux/Unix相关
- 手机开发
- UML理论/建模
- 并行计算/云计算
- 嵌入式开发
- windows相关
- 软件工程
- 管理信息系统
- 开发文档
- 图形图像
- 网络与通信
- 网络信息安全
- 电子支付
- Labview
- matlab
- 网络资源
- Python
- Delphi/Perl
- 评测
- Flash/Flex
- CSS/Script
- 计算机原理
- PHP资料
- 数据挖掘与模式识别
- Web服务
- 数据库
- Visual Basic
- 电子商务
- 服务器
- 搜索引擎优化
- 存储
- 架构
- 行业软件
- 人工智能
- 计算机辅助设计
- 多媒体
- 软件测试
- 计算机硬件与维护
- 网站策划/UE
- 网页设计/UI
- 网吧管理