计算可靠的Diffie-Hellman密钥交换协议自动证明
上传者:陈佳品|上传时间:2015-04-22|密次下载
计算可靠的Diffie-Hellman密钥交换协议自动证明
?32??10? 2011?10?
? ? ? ?
Journal on Communications
Vol.32 No.10 October 2011
?????Diffie-Hellman??????????
?бē??ē?д?
??????? ????????┦??? ?? 410073?
?????????Diffie-Hellman????????????????????????????????????????????????CryptoVerif????????????Kerberos??????Ё????????┻???????????????CryptoVerif???????Diffie-Hellman?Kerberos??????????????????????????????????????????Н???????????????????????????
?????????Diffie-Hellman???Kerberos????????
Ё?????TP393 ??????B ?????1000-436X(2011)10-0118-09
Computationally sound mechanized proofs for
Diffie-Hellman key exchange protocols
FENG Chao, ZHANG Quan, TANG Chao-jing
(School of Electronic Science and Engineering, National University of Defense Technology, Changsha 410073, China)
Abstract: A computationally observational equivalence model for the Diffe-Hellman key agreement primitive was pro-posed and the soundness of the model was proved. Compared with prior works, this model can extend the power of the mechanized prover CryptoVerif directly. When applying the model to proving the public-key Kerberos, the de?ciency of the adversary’s capability was uncovered and an enhanced model for the adversary was presented. The model was vali-dated by verifying the public-key Kerberos in Diffie-Hellman mode with CryptoVerif automatically. Being different from current approaches, the verification procedure is both automatic and computationally sound. Key words: security protocols; Diffie-Hellman primitives; Kerberos protocol; mechanized proofs
1 ??
Diffie-Hellman????[1](DHKE)????????????????2???????????????????????????????????????SSL/TLS?SSH?Kerberos?ISO-9798-3?Just Fast Key?PKI????Ё???????
????DHKE??????????2??
???????????????????????????????Ё????????Dolev- Yao?????????-????????????????????????????????????DHKE???????▂??????????[2, 3]?Dolev-Yao?????????????Diffie-Hellman?????????????????????????????????????????????????????Ё[4,5]?
?????2010-12-07??????2011-04-04
??-????????????-??60872052?
Foundation Item: The National Natural Science Foundation of China (60872052)
?10? ?????????Diffie-Hellman?????????? g119g
??????????????????????-??????????????????????????Ё????????????????L?????????????????????????????
??????????????????????????????????????????[6]?????DHKE??????????????????Backes????????Kerberos??[7]?????????[8]????????Diffie-Hellman??(???DHINIT)?Lakhnech??????????Diffie-Hellman??????[9]?Datta?????????????[10]?????Diffie-Hellman?????????[11]??????????????
Blanchet???[11]Ё????????????CryptoVerif??????????????????????????????????????????[12,13]???????????[12]????DHKE????????????????DHKE????????
?????????????DHKE????????????DHKE?????????????CryptoVerif???????????????CryptoVerif?????????DHKE???????????????????????????????????????Ё???????????┻???[13]?????KerberosЁ???????????????????????
???????Kerberos??????????
???????????????????Diffie- Hellman?????Kerberos????????????????????????????????????????????????????DHKE???(?IKE, Just Fast Key?)?????
????????2?????????CryptoVerif??3???DHKE????????????????????????4????Kerberos??????????????[13]Ё????????┻??5??????
2 ??????
??????????CryptoVerif?????
?????[12]?
CryptoVerif??????????????????????????π?????c<M>?????c?????M?c(m)?????c??????????mЁ?new m:T????T???╓????m?P|Q????P?Q??????if M then P else Q?????????P; Q???
?P?Q?.????!i??
nP??P?n???????????????i?????Ё???x?x[i]???????find i?n such that defined(M) then P else Q??????????????i???Н???M????P?????Q?
CryptoVerif??????????????????????Ё???????????????????????????Ё????????????????????????????????????????Ё????????????????????????????
CryptoVerif????????(G1,?,Gm)≈ (G1′,?,Gm′)????????????????Ё???G??????Н??1???
?1
??????????
?? ?Н G::=
??? !????
?? new y??:T??,?,y :T (G??,?,G??)
╓???? (x??:T??,??,x??:T??)→FP ???? FP::= ???? M
- new x[i]:T;FP ╓???? let x[i]:T=M in FP
?? find (⊕????=??u????[??i]?n????suchthat defined
????
(M????,?,M?? )^??M?? then FP?? ) else FP
!i??
n new y1:T1,?,yl:Tl(G1,?,Gm)????T1,?,Tl???╓??y1,?,yl?????????
?G1,?,Gm????????????????!i??
n???????n??????????????????x?x[i]???
????(x1:T1,?,xl:Tl)→FP????????????8??????T1,?,Tl?????x1,?,xl???8??????FP?????????new x[i]:T;FP?????T???╓????
g120g ? ? ? ? ?32?
??xЁ????FP???let x[i]:T=M in FP??
?M???x????FP???find (⊕mj=1u??j[i??]?n??j suchthat defined(Mj1,?,Mjl)^Mj then FPj) else FP?
?????Mj1,?,Mjl?u
??j[i??]???????Mj?????FPj?????FP?????????
??G[i]??????????????G[j]Ё??????????????????IND-CCA2???Ё??????????????cchallenge???8????????????find (j?n suchthat defined(cchallenge)^cchallenge [j]= c then Error) else Decrypt(c,sk)?
?????????????(G1,?,Gm)≈ (G1′,?,Gm′)?????????????????????b??????2?8???(G1,?,Gm)?(G1′,?,Gm′)???????8????b?????b=0???????(G1,?,Gm)???????(G1′,?,Gm′)???????????????b′???b?????b′=b???????????????????????8????????2???([[G1]]|?|[[Gm]])?([[G1′]]|?|[[Gm′]])?[[G]]??8???G???????????????????????Ё???????????????2???????
3 DHKE??????
???CryptoVerif?????DHKE????????????DHKE???????????????????????????????????????????????? 3.1 DHKE?????
??????????DHKE???????????
1) ??Alice?Bob????????????p??Zp*????g?
2) Alice╓????Zp-1???x???X=gx mod p???X???Bob?
3) Bob╓????Zp?1???y?
??Y=gy mod p???Y???Alice?
4) Alice??Bob???Y??K=Yx mod p=(gy)x mod p = (gy)x mod p = gxy mod p??????Bob??????
5) Bob??Alice???X??K=Xy mod
p=(gx)y mod p = (gx)y mod p = gxy mod p??????Alice??????
6) Alice?Bob??K??????????????????????
DHKE?????????????Diffie- Hellman??(DDHA, decisional Diffie-Hellman as-sumption )???DDHA?????????A??
????<ga, gb, gab>?<ga, gb, gc>????
?Ёa, b, c??G?╓??????DDHA???????gx?gy??gxy????????3.2 ?????
CryptoVerif??????????????????????[12]?DDHA??????????
!i??
n new a:T; new b:T (()→ga, ()→gb, () →gab) ≈!i??
n new a:T ;new b:T ;new c:T (() →ga ,() → gb, ()→gc))
???????????????DDHA???????????Ё╓??a?b????????Ё????DHKEЁa?b????????╓????CryptoVerif???????????????Ё?
?CryptoVerif??????????????
??DHKE??????????3??????
1) ???????????(x,gy)?(y,gx)?????????????????????????????:(gx)y=(gy)x=gxy?
????????????????????????????????Ё?
2) ????
???????????????G???╓????
3) ????CryptoVerif???????????????????Ё?????????????????
???????????????[12]??????DHKE?????Ё? 3.3 ??????
DHKEЁ??????????????????????????gx(?gy)?????gxy???????????????????P?K??????gx(?gy)?gxy?????, ?S????x(?y)????????????????Н╓?????seed?
?Н1 (Diffie-Hellman??)????Trg?
?10? ?????????Diffie-Hellman?????????? g121g
Tsg?Tpg?Tkg????DHKEЁ╓????????????????????????g????????Щ??Н??exp:Ts→Tp???g??????????Ts????x???Tp????gx?Diffie-Hellman??DHA=(S, P, K)??3?????
1) DH??????S:Tr→Ts?????Tr?????r?????Ts????(?x?y)?
2) DH??????P:Tr→Tp?????Tr?????r?????Tp????(?gx?gy)?P????????????P(r)??r???
3) DH????????K:Ts×Tp?Tk???Ts(?x)?Tp(?gy)????????????(?gxy)?
?????????????????DH???DH???????????r:Tr; exp(S(r))? P(r)????????????????x?Ts, ?y?Ts,?gx?Tp,?gy?Tp, (K(x, gy)=K(y,gx)) ? ((exp(x)= gx?exp(y)=gy)?(x =y?gx=gy))???ā??????????CryptoVerif??K(x,gy)=K(y,gx)??????????(exp(x)= gx?exp(y)=gy)?(x =y?gx=gy)?
??DHA??????DHKE?????????Lg≈Rg, ??g????????Щ?
Lg=!i??N new r:Ts;(() →P(r), !i??
N??(gy : Tp) →K(S(r), gy))
Rg=!i??N new r:Ts;(() →P′(r), !i??
N??(gy : Tp) → find j?N1 suchthat defined(gy[j], r1[j])?otheruses (r1[j])?gy = gy[j] then r1[j]
orfind j?N1, k?N suchthat defined(r[k], gy[j,k], r1[j,k])?otheruses(r1[j,k])?(exp(S′(r)) = gy[j,k] ?gy=exp(S′(r[k]))) then r1[j,k]
else new r1: Tk;r1).
??S′?P′??S?P??????????L?R??????????????CryptoVerif???????????????
???DHKE????CryptoVerif?????L??????R?????????????????Ё??LЁ??????????RЁ??????R????2??????????????j?N1, ??gy[j]??gy????????????K(S(r),gy), ??????????r1[j]???????????????????j?N1, k?N?
??exp(S′(r)) = gy[j,k]?gy=exp(S′(r[k]))?????????????????K(S′(r[k]),P′(r))??Ё?gy=exp(S′(r[k]))=P′(r[k])??+???????K(S′(r[k]),P′(r))?K(S′(r), P′(r[k]))????????2??????????????r1[j,k]??2???????????Tk???╓??r1???????
L≈R?????????????Ё?????????????????Ё??? 3.4 ?????
????CryptoVerif?DHKE????????????????G??DDHA?????????????Lg≈Rg?????ˊ1???
?ˊ1 ?????G?????g??G????Diffie-Hellman??(DDHA)??МLg≈Rg?
??ˊ?????????Н??ˊ??Ё??Н2??Н3???DDHA???????Lg≈Rg?????????ˊ1?????2??????
?Н2 (DDHA????ExpgDDHA(ADDHA,b))??????????2?Tr???╓??ra?rb????Tk???╓??rc??????????SDHra,rb,rc()8?????????8??????b=0???<P(ra),P(rb),K(S(ra),P(rb))>?????<P(ra),P(rb),rc>????????????b???
?b′???????1????Ё????r←?R
?Tā????T???╓???????rЁ???
?rR
1=r2←??Tā????T???╓???????r1?r2Ё?
??Exp?????? ??(A?????? ,b)
??r?? ←?
?Tr????
??,??←??T???r??←??T??b′←A?????????????? ??????
????
??????????b′
?1 DDHA????
????????Н??ADDHA???AdvDDHA
g
(ADDHA)=Pr[ExpDDHADDHA
g(ADDHA,0)=1]??Pr[Expg(ADDHA, 1)=1]????????AdvDDHA)=max{DDHAg(tAAdv ??????
g
(ADDHA)}??Ё?t???????
????ExpgDDHA?DDHA????????????G??DDHA?????????g?
g122g ? ? ? ?
?32?
?МAdvgDDHA(t)???Щ???
?Н3 (DHKE????ExpgDHKE(ADHKE,b))??????????qn?Tr???╓??ra[i]?qn2?Tk???╓??rc[i,j] (0<i,j?qn)????????qn?8???EGi()?KGi(·)?????qn???????????????
?EGi()????????P(ra[i])?????? ?KGi(·)??????????????????gb?????????gb???????EGj()8??????????b=0?1????K(S(ra[i]),gb)?rc[i,j]???????Tk???╓??r??????????????b′???b??????b′=b?????????Ё??????????????Ё?????ExpgDHKE???????2?????
??Exp
???? ????
(A???? ??,b)
??i,j∈[1,q ],??r??[i]←????T????r??[i,j]=r??[j,i]←???
?T??
b′←A??????????????????????????????????? ??
????????
?????
??b′
?2 DHKE????
??????????Н??ADHKE???
AdvgDHKE(ADHKE)=Pr[ExpgDHKE(ADHKE,0)=1]??Pr[ExpgDHKE·
(ADHKE, 1)=1]????????AdvDHKE
g
(t)= max{AAdvDHKE
g(ADHKE)}??Ё?t??????? ???? ??
?????ExpgDHKE
(ADHKE,0)??????L????ExpgDHKE(ADHKE,1)????R????М??Lg≈Rg????AdvgDHKE(t)???Щ???
?ˊ1 ???G???AdvgDDHA(t)???Щ????AdvgDHKE(t)???Щ???
?? ????????????A?????ExpgDHKE??М???????ExpgDDHA???BA? 1) ??ExpgDHKE????Ё?????ExpHl(?Ё?0?l?qn)???3???
??ExpHl????????l?i?8??KGi(·)???╓????НPl=Pr[ExpHl=1]???ExpHl??1???????l=qn??ExpHl?ExpgDHKE(ADHKE,0)????l=0??ExpHl?ExpgDHKE(ADHKE,1)???????AdvgDHKE(A)= Pqn??P0?
2) ????A????ExpgDDHA???BA?BA???????4???
?? ExpH??(?Ё?0?l?q??)
a) ??i,j∈[1,q??],??r [i]←?
???T????r??[j,i]=r??[i,j]←????T
???b) ????A???????????A?EG ()?KG (·)8?????:
??????EG ()???????P(r??[i])???A? ??????KG (·)??????????gb??????? ??i?l????????j?l??gb?EG??()???????K(S(r??[i]),gb)???A??????????
??i>l????????j?l??gb?EG??()???????r??[i,j]???A?????????? c) ??????A??b′? d) ????b′?
?3 Ё?????
a) ??SDH???? ???? ????()8?????<gx,gy,gz>? b) ╓?????[1,q??]Ё???l? c) ??i∈[1,??,l?1]∪[l+2,??,q??] j∈[i,q??],
??r??[i]←????T r??[i,j]←???
?T???
d) ????A?
?+?????????EG ()?KG (·)???? ??????EG ()????
??i≠l,?i≠l+1?????P(r??[i])???A? ??i=l????gx?
??i=l+1????gy?
??????KG (·)??????????gb?????????
??i<l??????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i, j]???A????????EG??()?????????
??i>l+1??????????gb?EG??()???r??[i, j]???A????????EG??()?????????
??i=l??????gb=gy????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? ??i=l+1??????gb= gx????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? e) ??A??????b′? f) ??b′???b????
?4 ??B?????
?????ExpgDDHA(BA,0)??SDHra,rb,rc()??<P(ra),P(rb),K(S(ra),P(rb))>?KGl(·),KGl+1(·)????????????????l+1?i, KGi(·)???╓??????ExpHl+1????????
下载文档
热门试卷
- 2016年四川省内江市中考化学试卷
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
- 山东省滨州市三校2017届第一学期阶段测试初三英语试题
- 四川省成都七中2017届高三一诊模拟考试文科综合试卷
- 2017届普通高等学校招生全国统一考试模拟试题(附答案)
- 重庆市永川中学高2017级上期12月月考语文试题
- 江西宜春三中2017届高三第一学期第二次月考文科综合试题
- 内蒙古赤峰二中2017届高三上学期第三次月考英语试题
- 2017年六年级(上)数学期末考试卷
- 2017人教版小学英语三年级上期末笔试题
- 江苏省常州西藏民族中学2016-2017学年九年级思想品德第一学期第二次阶段测试试卷
- 重庆市九龙坡区七校2016-2017学年上期八年级素质测查(二)语文学科试题卷
- 江苏省无锡市钱桥中学2016年12月八年级语文阶段性测试卷
- 江苏省无锡市钱桥中学2016-2017学年七年级英语12月阶段检测试卷
- 山东省邹城市第八中学2016-2017学年八年级12月物理第4章试题(无答案)
- 【人教版】河北省2015-2016学年度九年级上期末语文试题卷(附答案)
- 四川省简阳市阳安中学2016年12月高二月考英语试卷
- 四川省成都龙泉中学高三上学期2016年12月月考试题文科综合能力测试
- 安徽省滁州中学2016—2017学年度第一学期12月月考高三英语试卷
- 山东省武城县第二中学2016.12高一年级上学期第二次月考历史试题(必修一第四、五单元)
- 福建省四地六校联考2016-2017学年上学期第三次月考高三化学试卷
- 甘肃省武威第二十三中学2016—2017学年度八年级第一学期12月月考生物试卷
网友关注
- 网络营销中域名的商业价值及保护策略
- 买家具实用攻略
- 如何制作网络营销方案
- 移动AdHoc接入网中外地代理选择算法的研究
- 网络营销中的品牌个性化问题探讨
- 产品安全认证EMC
- O2O电商模式受家具企业青睐
- 隧道、桥梁
- 产品经理助理职责
- 女人30一朵花_寸寸光阴寸寸金---广告定位策划案例
- 药物上市后风险管理改革_FDA面临的新挑战及其对中国的启示
- 中奇圣彩详细加盟流程
- 基于物联网的校园短信平台的设计与实现
- 杭州杜鲁食品:静享优雅生活
- 一种引入通信的多移动机器人编队方法
- 移动通信网络中自适应的寻呼策略研究
- 基于技术路线图_专利地图和TRIZ集成的产业集群创新技术路径研究_许崇春.caj
- O2O盈利模式案例
- 基于MATLAB的大地电磁测深正_省略_质的正演和阻尼最小二乘法反演为例_李斌
- 移动通信网络中的IP电话语音质量的仿真方法
- 网络营销中生产商与中间商的冲突与合作
- 网络营销中的顾客忠诚形成机理研究
- 螺丝资料大全
- 04智能机器人红外导航
- 基于无线网络的矿井安全监控系统设计
- 纹理防伪的发展与局部纹理防伪
- 移动通信市场品牌竞争的问题与对策研究
- 空调室内机结构图
- 移动通信空时分组码的正交设计
- 二极管试题
网友关注视频
- 【部编】人教版语文七年级下册《逢入京使》优质课教学视频+PPT课件+教案,安徽省
- 沪教版牛津小学英语(深圳用) 六年级下册 Unit 7
- 苏科版数学七年级下册7.2《探索平行线的性质》
- 《空中课堂》二年级下册 数学第一单元第1课时
- 冀教版小学数学二年级下册第二单元《有余数除法的简单应用》
- 【部编】人教版语文七年级下册《泊秦淮》优质课教学视频+PPT课件+教案,天津市
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 7
- 沪教版八年级下册数学练习册21.3(2)分式方程P15
- 每天日常投篮练习第一天森哥打卡上脚 Nike PG 2 如何调整运球跳投手感?
- 冀教版小学数学二年级下册第二周第2课时《我们的测量》宝丰街小学庞志荣.mp4
- 外研版英语七年级下册module3 unit2第一课时
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 12
- 冀教版英语四年级下册第二课
- 8.练习八_第一课时(特等奖)(苏教版三年级上册)_T142692
- 北师大版数学 四年级下册 第三单元 第二节 小数点搬家
- 化学九年级下册全册同步 人教版 第18集 常见的酸和碱(二)
- 二次函数求实际问题中的最值_第一课时(特等奖)(冀教版九年级下册)_T144339
- 第五单元 民族艺术的瑰宝_16. 形形色色的民族乐器_第一课时(岭南版六年级上册)_T1406126
- 精品·同步课程 历史 八年级 上册 第15集 近代科学技术与思想文化
- 冀教版小学数学二年级下册第二单元《有余数除法的竖式计算》
- 【部编】人教版语文七年级下册《老山界》优质课教学视频+PPT课件+教案,安徽省
- 【部编】人教版语文七年级下册《老山界》优质课教学视频+PPT课件+教案,安徽省
- 沪教版牛津小学英语(深圳用) 五年级下册 Unit 7
- 【部编】人教版语文七年级下册《逢入京使》优质课教学视频+PPT课件+教案,安徽省
- 第12章 圆锥曲线_12.7 抛物线的标准方程_第一课时(特等奖)(沪教版高二下册)_T274713
- 小学英语单词
- 飞翔英语—冀教版(三起)英语三年级下册Lesson 2 Cats and Dogs
- 【部编】人教版语文七年级下册《老山界》优质课教学视频+PPT课件+教案,安徽省
- 第8课 对称剪纸_第一课时(二等奖)(沪书画版二年级上册)_T3784187
- 沪教版八年级下册数学练习册21.3(3)分式方程P17
精品推荐
- 2016-2017学年高一语文人教版必修一+模块学业水平检测试题(含答案)
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
分类导航
- 互联网
- 电脑基础知识
- 计算机软件及应用
- 计算机硬件及网络
- 计算机应用/办公自动化
- .NET
- 数据结构与算法
- Java
- SEO
- C/C++资料
- linux/Unix相关
- 手机开发
- UML理论/建模
- 并行计算/云计算
- 嵌入式开发
- windows相关
- 软件工程
- 管理信息系统
- 开发文档
- 图形图像
- 网络与通信
- 网络信息安全
- 电子支付
- Labview
- matlab
- 网络资源
- Python
- Delphi/Perl
- 评测
- Flash/Flex
- CSS/Script
- 计算机原理
- PHP资料
- 数据挖掘与模式识别
- Web服务
- 数据库
- Visual Basic
- 电子商务
- 服务器
- 搜索引擎优化
- 存储
- 架构
- 行业软件
- 人工智能
- 计算机辅助设计
- 多媒体
- 软件测试
- 计算机硬件与维护
- 网站策划/UE
- 网页设计/UI
- 网吧管理