计算可靠的Diffie-Hellman密钥交换协议自动证明
上传者:陈佳品|上传时间:2015-04-22|密次下载
计算可靠的Diffie-Hellman密钥交换协议自动证明
?32??10? 2011?10?
? ? ? ?
Journal on Communications
Vol.32 No.10 October 2011
?????Diffie-Hellman??????????
?бē??ē?д?
??????? ????????┦??? ?? 410073?
?????????Diffie-Hellman????????????????????????????????????????????????CryptoVerif????????????Kerberos??????Ё????????┻???????????????CryptoVerif???????Diffie-Hellman?Kerberos??????????????????????????????????????????Н???????????????????????????
?????????Diffie-Hellman???Kerberos????????
Ё?????TP393 ??????B ?????1000-436X(2011)10-0118-09
Computationally sound mechanized proofs for
Diffie-Hellman key exchange protocols
FENG Chao, ZHANG Quan, TANG Chao-jing
(School of Electronic Science and Engineering, National University of Defense Technology, Changsha 410073, China)
Abstract: A computationally observational equivalence model for the Diffe-Hellman key agreement primitive was pro-posed and the soundness of the model was proved. Compared with prior works, this model can extend the power of the mechanized prover CryptoVerif directly. When applying the model to proving the public-key Kerberos, the de?ciency of the adversary’s capability was uncovered and an enhanced model for the adversary was presented. The model was vali-dated by verifying the public-key Kerberos in Diffie-Hellman mode with CryptoVerif automatically. Being different from current approaches, the verification procedure is both automatic and computationally sound. Key words: security protocols; Diffie-Hellman primitives; Kerberos protocol; mechanized proofs
1 ??
Diffie-Hellman????[1](DHKE)????????????????2???????????????????????????????????????SSL/TLS?SSH?Kerberos?ISO-9798-3?Just Fast Key?PKI????Ё???????
????DHKE??????????2??
???????????????????????????????Ё????????Dolev- Yao?????????-????????????????????????????????????DHKE???????▂??????????[2, 3]?Dolev-Yao?????????????Diffie-Hellman?????????????????????????????????????????????????????Ё[4,5]?
?????2010-12-07??????2011-04-04
??-????????????-??60872052?
Foundation Item: The National Natural Science Foundation of China (60872052)
?10? ?????????Diffie-Hellman?????????? g119g
??????????????????????-??????????????????????????Ё????????????????L?????????????????????????????
??????????????????????????????????????????[6]?????DHKE??????????????????Backes????????Kerberos??[7]?????????[8]????????Diffie-Hellman??(???DHINIT)?Lakhnech??????????Diffie-Hellman??????[9]?Datta?????????????[10]?????Diffie-Hellman?????????[11]??????????????
Blanchet???[11]Ё????????????CryptoVerif??????????????????????????????????????????[12,13]???????????[12]????DHKE????????????????DHKE????????
?????????????DHKE????????????DHKE?????????????CryptoVerif???????????????CryptoVerif?????????DHKE???????????????????????????????????????Ё???????????┻???[13]?????KerberosЁ???????????????????????
???????Kerberos??????????
???????????????????Diffie- Hellman?????Kerberos????????????????????????????????????????????????????DHKE???(?IKE, Just Fast Key?)?????
????????2?????????CryptoVerif??3???DHKE????????????????????????4????Kerberos??????????????[13]Ё????????┻??5??????
2 ??????
??????????CryptoVerif?????
?????[12]?
CryptoVerif??????????????????????????π?????c<M>?????c?????M?c(m)?????c??????????mЁ?new m:T????T???╓????m?P|Q????P?Q??????if M then P else Q?????????P; Q???
?P?Q?.????!i??
nP??P?n???????????????i?????Ё???x?x[i]???????find i?n such that defined(M) then P else Q??????????????i???Н???M????P?????Q?
CryptoVerif??????????????????????Ё???????????????????????????Ё????????????????????????????????????????Ё????????????????????????????
CryptoVerif????????(G1,?,Gm)≈ (G1′,?,Gm′)????????????????Ё???G??????Н??1???
?1
??????????
?? ?Н G::=
??? !????
?? new y??:T??,?,y :T (G??,?,G??)
╓???? (x??:T??,??,x??:T??)→FP ???? FP::= ???? M
- new x[i]:T;FP ╓???? let x[i]:T=M in FP
?? find (⊕????=??u????[??i]?n????suchthat defined
????
(M????,?,M?? )^??M?? then FP?? ) else FP
!i??
n new y1:T1,?,yl:Tl(G1,?,Gm)????T1,?,Tl???╓??y1,?,yl?????????
?G1,?,Gm????????????????!i??
n???????n??????????????????x?x[i]???
????(x1:T1,?,xl:Tl)→FP????????????8??????T1,?,Tl?????x1,?,xl???8??????FP?????????new x[i]:T;FP?????T???╓????
g120g ? ? ? ? ?32?
??xЁ????FP???let x[i]:T=M in FP??
?M???x????FP???find (⊕mj=1u??j[i??]?n??j suchthat defined(Mj1,?,Mjl)^Mj then FPj) else FP?
?????Mj1,?,Mjl?u
??j[i??]???????Mj?????FPj?????FP?????????
??G[i]??????????????G[j]Ё??????????????????IND-CCA2???Ё??????????????cchallenge???8????????????find (j?n suchthat defined(cchallenge)^cchallenge [j]= c then Error) else Decrypt(c,sk)?
?????????????(G1,?,Gm)≈ (G1′,?,Gm′)?????????????????????b??????2?8???(G1,?,Gm)?(G1′,?,Gm′)???????8????b?????b=0???????(G1,?,Gm)???????(G1′,?,Gm′)???????????????b′???b?????b′=b???????????????????????8????????2???([[G1]]|?|[[Gm]])?([[G1′]]|?|[[Gm′]])?[[G]]??8???G???????????????????????Ё???????????????2???????
3 DHKE??????
???CryptoVerif?????DHKE????????????DHKE???????????????????????????????????????????????? 3.1 DHKE?????
??????????DHKE???????????
1) ??Alice?Bob????????????p??Zp*????g?
2) Alice╓????Zp-1???x???X=gx mod p???X???Bob?
3) Bob╓????Zp?1???y?
??Y=gy mod p???Y???Alice?
4) Alice??Bob???Y??K=Yx mod p=(gy)x mod p = (gy)x mod p = gxy mod p??????Bob??????
5) Bob??Alice???X??K=Xy mod
p=(gx)y mod p = (gx)y mod p = gxy mod p??????Alice??????
6) Alice?Bob??K??????????????????????
DHKE?????????????Diffie- Hellman??(DDHA, decisional Diffie-Hellman as-sumption )???DDHA?????????A??
????<ga, gb, gab>?<ga, gb, gc>????
?Ёa, b, c??G?╓??????DDHA???????gx?gy??gxy????????3.2 ?????
CryptoVerif??????????????????????[12]?DDHA??????????
!i??
n new a:T; new b:T (()→ga, ()→gb, () →gab) ≈!i??
n new a:T ;new b:T ;new c:T (() →ga ,() → gb, ()→gc))
???????????????DDHA???????????Ё╓??a?b????????Ё????DHKEЁa?b????????╓????CryptoVerif???????????????Ё?
?CryptoVerif??????????????
??DHKE??????????3??????
1) ???????????(x,gy)?(y,gx)?????????????????????????????:(gx)y=(gy)x=gxy?
????????????????????????????????Ё?
2) ????
???????????????G???╓????
3) ????CryptoVerif???????????????????Ё?????????????????
???????????????[12]??????DHKE?????Ё? 3.3 ??????
DHKEЁ??????????????????????????gx(?gy)?????gxy???????????????????P?K??????gx(?gy)?gxy?????, ?S????x(?y)????????????????Н╓?????seed?
?Н1 (Diffie-Hellman??)????Trg?
?10? ?????????Diffie-Hellman?????????? g121g
Tsg?Tpg?Tkg????DHKEЁ╓????????????????????????g????????Щ??Н??exp:Ts→Tp???g??????????Ts????x???Tp????gx?Diffie-Hellman??DHA=(S, P, K)??3?????
1) DH??????S:Tr→Ts?????Tr?????r?????Ts????(?x?y)?
2) DH??????P:Tr→Tp?????Tr?????r?????Tp????(?gx?gy)?P????????????P(r)??r???
3) DH????????K:Ts×Tp?Tk???Ts(?x)?Tp(?gy)????????????(?gxy)?
?????????????????DH???DH???????????r:Tr; exp(S(r))? P(r)????????????????x?Ts, ?y?Ts,?gx?Tp,?gy?Tp, (K(x, gy)=K(y,gx)) ? ((exp(x)= gx?exp(y)=gy)?(x =y?gx=gy))???ā??????????CryptoVerif??K(x,gy)=K(y,gx)??????????(exp(x)= gx?exp(y)=gy)?(x =y?gx=gy)?
??DHA??????DHKE?????????Lg≈Rg, ??g????????Щ?
Lg=!i??N new r:Ts;(() →P(r), !i??
N??(gy : Tp) →K(S(r), gy))
Rg=!i??N new r:Ts;(() →P′(r), !i??
N??(gy : Tp) → find j?N1 suchthat defined(gy[j], r1[j])?otheruses (r1[j])?gy = gy[j] then r1[j]
orfind j?N1, k?N suchthat defined(r[k], gy[j,k], r1[j,k])?otheruses(r1[j,k])?(exp(S′(r)) = gy[j,k] ?gy=exp(S′(r[k]))) then r1[j,k]
else new r1: Tk;r1).
??S′?P′??S?P??????????L?R??????????????CryptoVerif???????????????
???DHKE????CryptoVerif?????L??????R?????????????????Ё??LЁ??????????RЁ??????R????2??????????????j?N1, ??gy[j]??gy????????????K(S(r),gy), ??????????r1[j]???????????????????j?N1, k?N?
??exp(S′(r)) = gy[j,k]?gy=exp(S′(r[k]))?????????????????K(S′(r[k]),P′(r))??Ё?gy=exp(S′(r[k]))=P′(r[k])??+???????K(S′(r[k]),P′(r))?K(S′(r), P′(r[k]))????????2??????????????r1[j,k]??2???????????Tk???╓??r1???????
L≈R?????????????Ё?????????????????Ё??? 3.4 ?????
????CryptoVerif?DHKE????????????????G??DDHA?????????????Lg≈Rg?????ˊ1???
?ˊ1 ?????G?????g??G????Diffie-Hellman??(DDHA)??МLg≈Rg?
??ˊ?????????Н??ˊ??Ё??Н2??Н3???DDHA???????Lg≈Rg?????????ˊ1?????2??????
?Н2 (DDHA????ExpgDDHA(ADDHA,b))??????????2?Tr???╓??ra?rb????Tk???╓??rc??????????SDHra,rb,rc()8?????????8??????b=0???<P(ra),P(rb),K(S(ra),P(rb))>?????<P(ra),P(rb),rc>????????????b???
?b′???????1????Ё????r←?R
?Tā????T???╓???????rЁ???
?rR
1=r2←??Tā????T???╓???????r1?r2Ё?
??Exp?????? ??(A?????? ,b)
??r?? ←?
?Tr????
??,??←??T???r??←??T??b′←A?????????????? ??????
????
??????????b′
?1 DDHA????
????????Н??ADDHA???AdvDDHA
g
(ADDHA)=Pr[ExpDDHADDHA
g(ADDHA,0)=1]??Pr[Expg(ADDHA, 1)=1]????????AdvDDHA)=max{DDHAg(tAAdv ??????
g
(ADDHA)}??Ё?t???????
????ExpgDDHA?DDHA????????????G??DDHA?????????g?
g122g ? ? ? ?
?32?
?МAdvgDDHA(t)???Щ???
?Н3 (DHKE????ExpgDHKE(ADHKE,b))??????????qn?Tr???╓??ra[i]?qn2?Tk???╓??rc[i,j] (0<i,j?qn)????????qn?8???EGi()?KGi(·)?????qn???????????????
?EGi()????????P(ra[i])?????? ?KGi(·)??????????????????gb?????????gb???????EGj()8??????????b=0?1????K(S(ra[i]),gb)?rc[i,j]???????Tk???╓??r??????????????b′???b??????b′=b?????????Ё??????????????Ё?????ExpgDHKE???????2?????
??Exp
???? ????
(A???? ??,b)
??i,j∈[1,q ],??r??[i]←????T????r??[i,j]=r??[j,i]←???
?T??
b′←A??????????????????????????????????? ??
????????
?????
??b′
?2 DHKE????
??????????Н??ADHKE???
AdvgDHKE(ADHKE)=Pr[ExpgDHKE(ADHKE,0)=1]??Pr[ExpgDHKE·
(ADHKE, 1)=1]????????AdvDHKE
g
(t)= max{AAdvDHKE
g(ADHKE)}??Ё?t??????? ???? ??
?????ExpgDHKE
(ADHKE,0)??????L????ExpgDHKE(ADHKE,1)????R????М??Lg≈Rg????AdvgDHKE(t)???Щ???
?ˊ1 ???G???AdvgDDHA(t)???Щ????AdvgDHKE(t)???Щ???
?? ????????????A?????ExpgDHKE??М???????ExpgDDHA???BA? 1) ??ExpgDHKE????Ё?????ExpHl(?Ё?0?l?qn)???3???
??ExpHl????????l?i?8??KGi(·)???╓????НPl=Pr[ExpHl=1]???ExpHl??1???????l=qn??ExpHl?ExpgDHKE(ADHKE,0)????l=0??ExpHl?ExpgDHKE(ADHKE,1)???????AdvgDHKE(A)= Pqn??P0?
2) ????A????ExpgDDHA???BA?BA???????4???
?? ExpH??(?Ё?0?l?q??)
a) ??i,j∈[1,q??],??r [i]←?
???T????r??[j,i]=r??[i,j]←????T
???b) ????A???????????A?EG ()?KG (·)8?????:
??????EG ()???????P(r??[i])???A? ??????KG (·)??????????gb??????? ??i?l????????j?l??gb?EG??()???????K(S(r??[i]),gb)???A??????????
??i>l????????j?l??gb?EG??()???????r??[i,j]???A?????????? c) ??????A??b′? d) ????b′?
?3 Ё?????
a) ??SDH???? ???? ????()8?????<gx,gy,gz>? b) ╓?????[1,q??]Ё???l? c) ??i∈[1,??,l?1]∪[l+2,??,q??] j∈[i,q??],
??r??[i]←????T r??[i,j]←???
?T???
d) ????A?
?+?????????EG ()?KG (·)???? ??????EG ()????
??i≠l,?i≠l+1?????P(r??[i])???A? ??i=l????gx?
??i=l+1????gy?
??????KG (·)??????????gb?????????
??i<l??????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i, j]???A????????EG??()?????????
??i>l+1??????????gb?EG??()???r??[i, j]???A????????EG??()?????????
??i=l??????gb=gy????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? ??i=l+1??????gb= gx????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? e) ??A??????b′? f) ??b′???b????
?4 ??B?????
?????ExpgDDHA(BA,0)??SDHra,rb,rc()??<P(ra),P(rb),K(S(ra),P(rb))>?KGl(·),KGl+1(·)????????????????l+1?i, KGi(·)???╓??????ExpHl+1????????
下载文档
热门试卷
- 2016年四川省内江市中考化学试卷
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
- 山东省滨州市三校2017届第一学期阶段测试初三英语试题
- 四川省成都七中2017届高三一诊模拟考试文科综合试卷
- 2017届普通高等学校招生全国统一考试模拟试题(附答案)
- 重庆市永川中学高2017级上期12月月考语文试题
- 江西宜春三中2017届高三第一学期第二次月考文科综合试题
- 内蒙古赤峰二中2017届高三上学期第三次月考英语试题
- 2017年六年级(上)数学期末考试卷
- 2017人教版小学英语三年级上期末笔试题
- 江苏省常州西藏民族中学2016-2017学年九年级思想品德第一学期第二次阶段测试试卷
- 重庆市九龙坡区七校2016-2017学年上期八年级素质测查(二)语文学科试题卷
- 江苏省无锡市钱桥中学2016年12月八年级语文阶段性测试卷
- 江苏省无锡市钱桥中学2016-2017学年七年级英语12月阶段检测试卷
- 山东省邹城市第八中学2016-2017学年八年级12月物理第4章试题(无答案)
- 【人教版】河北省2015-2016学年度九年级上期末语文试题卷(附答案)
- 四川省简阳市阳安中学2016年12月高二月考英语试卷
- 四川省成都龙泉中学高三上学期2016年12月月考试题文科综合能力测试
- 安徽省滁州中学2016—2017学年度第一学期12月月考高三英语试卷
- 山东省武城县第二中学2016.12高一年级上学期第二次月考历史试题(必修一第四、五单元)
- 福建省四地六校联考2016-2017学年上学期第三次月考高三化学试卷
- 甘肃省武威第二十三中学2016—2017学年度八年级第一学期12月月考生物试卷
网友关注
- 减少WCDMA和TDMA系统中的干扰
- 至远赴海外的你—没有人能给你无时不刻的安全感,除了你自己
- TTE时间同步协议关键算法研究和仿真分析
- 贮碱罐焊接接头开裂原因及防止措施
- 日本关西电力集团
- 去旅游的英国签证的材料有哪些
- 小提花织物纱线位移的研究
- 变风量汽车空调系统的研究
- 双武器系统遥控武器站
- IT桔子沙龙-医疗健康-微心百源PPT分享
- 挤压再造大米技术问世_孙波
- 2014年度专业餐饮设计十大品牌榜单正式发布
- 木材浸渍用阻燃型石蜡乳液的研制
- 家装菜鸟必知 精装修房收房注意事项
- 黑蒜产品介绍
- 活动家-2015第十七届防水材料技术交流大会
- 802. 16 WiMAX 物理层模型实现与分析MATLAB - 0412
- 公交车自动报站器
- 基于单片机的低压脉冲发生器研制
- 让胶带乖乖听话——防腐胶带使用方法
- 天津职称评定材料-职称材料交件顺序
- The standards for skill assessment of operational marine
- 包装厂水性油墨废水处理设备操作说明
- 半管夹套计算模型
- 沙河市玻璃工业园区LNG卫星站项目可行性研究报告
- 自动焊接机器人项目建议书
- Aircraft-impact-analysis-of-nuclear-safety-related-concrete-structures-A-review
- 桑巴荣耀KC-390运输,加油机完成首飞
- 湖北石材市场
- InGaAsP_InP多薄层异质_省略_材料的晶格驰豫和晶体质量蜕化研究_丁国庆
网友关注视频
- 北师大版数学四年级下册3.4包装
- 六年级英语下册上海牛津版教材讲解 U1单词
- 七年级英语下册 上海牛津版 Unit5
- 冀教版英语五年级下册第二课课程解读
- 【部编】人教版语文七年级下册《泊秦淮》优质课教学视频+PPT课件+教案,辽宁省
- 二年级下册数学第一课
- 外研版英语七年级下册module3 unit1第二课时
- 人教版二年级下册数学
- 外研版英语三起6年级下册(14版)Module3 Unit2
- 冀教版小学英语四年级下册Lesson2授课视频
- 三年级英语单词记忆下册(沪教版)第一二单元复习
- 第五单元 民族艺术的瑰宝_16. 形形色色的民族乐器_第一课时(岭南版六年级上册)_T3751175
- 【获奖】科粤版初三九年级化学下册第七章7.3浓稀的表示
- 沪教版牛津小学英语(深圳用) 五年级下册 Unit 12
- 8.对剪花样_第一课时(二等奖)(冀美版二年级上册)_T515402
- 沪教版八年级下册数学练习册21.3(2)分式方程P15
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 8
- 精品·同步课程 历史 八年级 上册 第15集 近代科学技术与思想文化
- 第8课 对称剪纸_第一课时(二等奖)(沪书画版二年级上册)_T3784187
- 沪教版八年级下次数学练习册21.4(2)无理方程P19
- 【部编】人教版语文七年级下册《逢入京使》优质课教学视频+PPT课件+教案,安徽省
- 沪教版牛津小学英语(深圳用)五年级下册 Unit 1
- 飞翔英语—冀教版(三起)英语三年级下册Lesson 2 Cats and Dogs
- 七年级英语下册 上海牛津版 Unit3
- 第12章 圆锥曲线_12.7 抛物线的标准方程_第一课时(特等奖)(沪教版高二下册)_T274713
- 沪教版牛津小学英语(深圳用) 五年级下册 Unit 7
- 【部编】人教版语文七年级下册《泊秦淮》优质课教学视频+PPT课件+教案,天津市
- 二年级下册数学第二课
- 8.练习八_第一课时(特等奖)(苏教版三年级上册)_T142692
- 外研版英语三起6年级下册(14版)Module3 Unit1
精品推荐
- 2016-2017学年高一语文人教版必修一+模块学业水平检测试题(含答案)
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
分类导航
- 互联网
- 电脑基础知识
- 计算机软件及应用
- 计算机硬件及网络
- 计算机应用/办公自动化
- .NET
- 数据结构与算法
- Java
- SEO
- C/C++资料
- linux/Unix相关
- 手机开发
- UML理论/建模
- 并行计算/云计算
- 嵌入式开发
- windows相关
- 软件工程
- 管理信息系统
- 开发文档
- 图形图像
- 网络与通信
- 网络信息安全
- 电子支付
- Labview
- matlab
- 网络资源
- Python
- Delphi/Perl
- 评测
- Flash/Flex
- CSS/Script
- 计算机原理
- PHP资料
- 数据挖掘与模式识别
- Web服务
- 数据库
- Visual Basic
- 电子商务
- 服务器
- 搜索引擎优化
- 存储
- 架构
- 行业软件
- 人工智能
- 计算机辅助设计
- 多媒体
- 软件测试
- 计算机硬件与维护
- 网站策划/UE
- 网页设计/UI
- 网吧管理