计算可靠的Diffie-Hellman密钥交换协议自动证明
上传者:陈佳品|上传时间:2015-04-22|密次下载
计算可靠的Diffie-Hellman密钥交换协议自动证明
?32??10? 2011?10?
? ? ? ?
Journal on Communications
Vol.32 No.10 October 2011
?????Diffie-Hellman??????????
?бē??ē?д?
??????? ????????┦??? ?? 410073?
?????????Diffie-Hellman????????????????????????????????????????????????CryptoVerif????????????Kerberos??????Ё????????┻???????????????CryptoVerif???????Diffie-Hellman?Kerberos??????????????????????????????????????????Н???????????????????????????
?????????Diffie-Hellman???Kerberos????????
Ё?????TP393 ??????B ?????1000-436X(2011)10-0118-09
Computationally sound mechanized proofs for
Diffie-Hellman key exchange protocols
FENG Chao, ZHANG Quan, TANG Chao-jing
(School of Electronic Science and Engineering, National University of Defense Technology, Changsha 410073, China)
Abstract: A computationally observational equivalence model for the Diffe-Hellman key agreement primitive was pro-posed and the soundness of the model was proved. Compared with prior works, this model can extend the power of the mechanized prover CryptoVerif directly. When applying the model to proving the public-key Kerberos, the de?ciency of the adversary’s capability was uncovered and an enhanced model for the adversary was presented. The model was vali-dated by verifying the public-key Kerberos in Diffie-Hellman mode with CryptoVerif automatically. Being different from current approaches, the verification procedure is both automatic and computationally sound. Key words: security protocols; Diffie-Hellman primitives; Kerberos protocol; mechanized proofs
1 ??
Diffie-Hellman????[1](DHKE)????????????????2???????????????????????????????????????SSL/TLS?SSH?Kerberos?ISO-9798-3?Just Fast Key?PKI????Ё???????
????DHKE??????????2??
???????????????????????????????Ё????????Dolev- Yao?????????-????????????????????????????????????DHKE???????▂??????????[2, 3]?Dolev-Yao?????????????Diffie-Hellman?????????????????????????????????????????????????????Ё[4,5]?
?????2010-12-07??????2011-04-04
??-????????????-??60872052?
Foundation Item: The National Natural Science Foundation of China (60872052)
?10? ?????????Diffie-Hellman?????????? g119g
??????????????????????-??????????????????????????Ё????????????????L?????????????????????????????
??????????????????????????????????????????[6]?????DHKE??????????????????Backes????????Kerberos??[7]?????????[8]????????Diffie-Hellman??(???DHINIT)?Lakhnech??????????Diffie-Hellman??????[9]?Datta?????????????[10]?????Diffie-Hellman?????????[11]??????????????
Blanchet???[11]Ё????????????CryptoVerif??????????????????????????????????????????[12,13]???????????[12]????DHKE????????????????DHKE????????
?????????????DHKE????????????DHKE?????????????CryptoVerif???????????????CryptoVerif?????????DHKE???????????????????????????????????????Ё???????????┻???[13]?????KerberosЁ???????????????????????
???????Kerberos??????????
???????????????????Diffie- Hellman?????Kerberos????????????????????????????????????????????????????DHKE???(?IKE, Just Fast Key?)?????
????????2?????????CryptoVerif??3???DHKE????????????????????????4????Kerberos??????????????[13]Ё????????┻??5??????
2 ??????
??????????CryptoVerif?????
?????[12]?
CryptoVerif??????????????????????????π?????c<M>?????c?????M?c(m)?????c??????????mЁ?new m:T????T???╓????m?P|Q????P?Q??????if M then P else Q?????????P; Q???
?P?Q?.????!i??
nP??P?n???????????????i?????Ё???x?x[i]???????find i?n such that defined(M) then P else Q??????????????i???Н???M????P?????Q?
CryptoVerif??????????????????????Ё???????????????????????????Ё????????????????????????????????????????Ё????????????????????????????
CryptoVerif????????(G1,?,Gm)≈ (G1′,?,Gm′)????????????????Ё???G??????Н??1???
?1
??????????
?? ?Н G::=
??? !????
?? new y??:T??,?,y :T (G??,?,G??)
╓???? (x??:T??,??,x??:T??)→FP ???? FP::= ???? M
- new x[i]:T;FP ╓???? let x[i]:T=M in FP
?? find (⊕????=??u????[??i]?n????suchthat defined
????
(M????,?,M?? )^??M?? then FP?? ) else FP
!i??
n new y1:T1,?,yl:Tl(G1,?,Gm)????T1,?,Tl???╓??y1,?,yl?????????
?G1,?,Gm????????????????!i??
n???????n??????????????????x?x[i]???
????(x1:T1,?,xl:Tl)→FP????????????8??????T1,?,Tl?????x1,?,xl???8??????FP?????????new x[i]:T;FP?????T???╓????
g120g ? ? ? ? ?32?
??xЁ????FP???let x[i]:T=M in FP??
?M???x????FP???find (⊕mj=1u??j[i??]?n??j suchthat defined(Mj1,?,Mjl)^Mj then FPj) else FP?
?????Mj1,?,Mjl?u
??j[i??]???????Mj?????FPj?????FP?????????
??G[i]??????????????G[j]Ё??????????????????IND-CCA2???Ё??????????????cchallenge???8????????????find (j?n suchthat defined(cchallenge)^cchallenge [j]= c then Error) else Decrypt(c,sk)?
?????????????(G1,?,Gm)≈ (G1′,?,Gm′)?????????????????????b??????2?8???(G1,?,Gm)?(G1′,?,Gm′)???????8????b?????b=0???????(G1,?,Gm)???????(G1′,?,Gm′)???????????????b′???b?????b′=b???????????????????????8????????2???([[G1]]|?|[[Gm]])?([[G1′]]|?|[[Gm′]])?[[G]]??8???G???????????????????????Ё???????????????2???????
3 DHKE??????
???CryptoVerif?????DHKE????????????DHKE???????????????????????????????????????????????? 3.1 DHKE?????
??????????DHKE???????????
1) ??Alice?Bob????????????p??Zp*????g?
2) Alice╓????Zp-1???x???X=gx mod p???X???Bob?
3) Bob╓????Zp?1???y?
??Y=gy mod p???Y???Alice?
4) Alice??Bob???Y??K=Yx mod p=(gy)x mod p = (gy)x mod p = gxy mod p??????Bob??????
5) Bob??Alice???X??K=Xy mod
p=(gx)y mod p = (gx)y mod p = gxy mod p??????Alice??????
6) Alice?Bob??K??????????????????????
DHKE?????????????Diffie- Hellman??(DDHA, decisional Diffie-Hellman as-sumption )???DDHA?????????A??
????<ga, gb, gab>?<ga, gb, gc>????
?Ёa, b, c??G?╓??????DDHA???????gx?gy??gxy????????3.2 ?????
CryptoVerif??????????????????????[12]?DDHA??????????
!i??
n new a:T; new b:T (()→ga, ()→gb, () →gab) ≈!i??
n new a:T ;new b:T ;new c:T (() →ga ,() → gb, ()→gc))
???????????????DDHA???????????Ё╓??a?b????????Ё????DHKEЁa?b????????╓????CryptoVerif???????????????Ё?
?CryptoVerif??????????????
??DHKE??????????3??????
1) ???????????(x,gy)?(y,gx)?????????????????????????????:(gx)y=(gy)x=gxy?
????????????????????????????????Ё?
2) ????
???????????????G???╓????
3) ????CryptoVerif???????????????????Ё?????????????????
???????????????[12]??????DHKE?????Ё? 3.3 ??????
DHKEЁ??????????????????????????gx(?gy)?????gxy???????????????????P?K??????gx(?gy)?gxy?????, ?S????x(?y)????????????????Н╓?????seed?
?Н1 (Diffie-Hellman??)????Trg?
?10? ?????????Diffie-Hellman?????????? g121g
Tsg?Tpg?Tkg????DHKEЁ╓????????????????????????g????????Щ??Н??exp:Ts→Tp???g??????????Ts????x???Tp????gx?Diffie-Hellman??DHA=(S, P, K)??3?????
1) DH??????S:Tr→Ts?????Tr?????r?????Ts????(?x?y)?
2) DH??????P:Tr→Tp?????Tr?????r?????Tp????(?gx?gy)?P????????????P(r)??r???
3) DH????????K:Ts×Tp?Tk???Ts(?x)?Tp(?gy)????????????(?gxy)?
?????????????????DH???DH???????????r:Tr; exp(S(r))? P(r)????????????????x?Ts, ?y?Ts,?gx?Tp,?gy?Tp, (K(x, gy)=K(y,gx)) ? ((exp(x)= gx?exp(y)=gy)?(x =y?gx=gy))???ā??????????CryptoVerif??K(x,gy)=K(y,gx)??????????(exp(x)= gx?exp(y)=gy)?(x =y?gx=gy)?
??DHA??????DHKE?????????Lg≈Rg, ??g????????Щ?
Lg=!i??N new r:Ts;(() →P(r), !i??
N??(gy : Tp) →K(S(r), gy))
Rg=!i??N new r:Ts;(() →P′(r), !i??
N??(gy : Tp) → find j?N1 suchthat defined(gy[j], r1[j])?otheruses (r1[j])?gy = gy[j] then r1[j]
orfind j?N1, k?N suchthat defined(r[k], gy[j,k], r1[j,k])?otheruses(r1[j,k])?(exp(S′(r)) = gy[j,k] ?gy=exp(S′(r[k]))) then r1[j,k]
else new r1: Tk;r1).
??S′?P′??S?P??????????L?R??????????????CryptoVerif???????????????
???DHKE????CryptoVerif?????L??????R?????????????????Ё??LЁ??????????RЁ??????R????2??????????????j?N1, ??gy[j]??gy????????????K(S(r),gy), ??????????r1[j]???????????????????j?N1, k?N?
??exp(S′(r)) = gy[j,k]?gy=exp(S′(r[k]))?????????????????K(S′(r[k]),P′(r))??Ё?gy=exp(S′(r[k]))=P′(r[k])??+???????K(S′(r[k]),P′(r))?K(S′(r), P′(r[k]))????????2??????????????r1[j,k]??2???????????Tk???╓??r1???????
L≈R?????????????Ё?????????????????Ё??? 3.4 ?????
????CryptoVerif?DHKE????????????????G??DDHA?????????????Lg≈Rg?????ˊ1???
?ˊ1 ?????G?????g??G????Diffie-Hellman??(DDHA)??МLg≈Rg?
??ˊ?????????Н??ˊ??Ё??Н2??Н3???DDHA???????Lg≈Rg?????????ˊ1?????2??????
?Н2 (DDHA????ExpgDDHA(ADDHA,b))??????????2?Tr???╓??ra?rb????Tk???╓??rc??????????SDHra,rb,rc()8?????????8??????b=0???<P(ra),P(rb),K(S(ra),P(rb))>?????<P(ra),P(rb),rc>????????????b???
?b′???????1????Ё????r←?R
?Tā????T???╓???????rЁ???
?rR
1=r2←??Tā????T???╓???????r1?r2Ё?
??Exp?????? ??(A?????? ,b)
??r?? ←?
?Tr????
??,??←??T???r??←??T??b′←A?????????????? ??????
????
??????????b′
?1 DDHA????
????????Н??ADDHA???AdvDDHA
g
(ADDHA)=Pr[ExpDDHADDHA
g(ADDHA,0)=1]??Pr[Expg(ADDHA, 1)=1]????????AdvDDHA)=max{DDHAg(tAAdv ??????
g
(ADDHA)}??Ё?t???????
????ExpgDDHA?DDHA????????????G??DDHA?????????g?
g122g ? ? ? ?
?32?
?МAdvgDDHA(t)???Щ???
?Н3 (DHKE????ExpgDHKE(ADHKE,b))??????????qn?Tr???╓??ra[i]?qn2?Tk???╓??rc[i,j] (0<i,j?qn)????????qn?8???EGi()?KGi(·)?????qn???????????????
?EGi()????????P(ra[i])?????? ?KGi(·)??????????????????gb?????????gb???????EGj()8??????????b=0?1????K(S(ra[i]),gb)?rc[i,j]???????Tk???╓??r??????????????b′???b??????b′=b?????????Ё??????????????Ё?????ExpgDHKE???????2?????
??Exp
???? ????
(A???? ??,b)
??i,j∈[1,q ],??r??[i]←????T????r??[i,j]=r??[j,i]←???
?T??
b′←A??????????????????????????????????? ??
????????
?????
??b′
?2 DHKE????
??????????Н??ADHKE???
AdvgDHKE(ADHKE)=Pr[ExpgDHKE(ADHKE,0)=1]??Pr[ExpgDHKE·
(ADHKE, 1)=1]????????AdvDHKE
g
(t)= max{AAdvDHKE
g(ADHKE)}??Ё?t??????? ???? ??
?????ExpgDHKE
(ADHKE,0)??????L????ExpgDHKE(ADHKE,1)????R????М??Lg≈Rg????AdvgDHKE(t)???Щ???
?ˊ1 ???G???AdvgDDHA(t)???Щ????AdvgDHKE(t)???Щ???
?? ????????????A?????ExpgDHKE??М???????ExpgDDHA???BA? 1) ??ExpgDHKE????Ё?????ExpHl(?Ё?0?l?qn)???3???
??ExpHl????????l?i?8??KGi(·)???╓????НPl=Pr[ExpHl=1]???ExpHl??1???????l=qn??ExpHl?ExpgDHKE(ADHKE,0)????l=0??ExpHl?ExpgDHKE(ADHKE,1)???????AdvgDHKE(A)= Pqn??P0?
2) ????A????ExpgDDHA???BA?BA???????4???
?? ExpH??(?Ё?0?l?q??)
a) ??i,j∈[1,q??],??r [i]←?
???T????r??[j,i]=r??[i,j]←????T
???b) ????A???????????A?EG ()?KG (·)8?????:
??????EG ()???????P(r??[i])???A? ??????KG (·)??????????gb??????? ??i?l????????j?l??gb?EG??()???????K(S(r??[i]),gb)???A??????????
??i>l????????j?l??gb?EG??()???????r??[i,j]???A?????????? c) ??????A??b′? d) ????b′?
?3 Ё?????
a) ??SDH???? ???? ????()8?????<gx,gy,gz>? b) ╓?????[1,q??]Ё???l? c) ??i∈[1,??,l?1]∪[l+2,??,q??] j∈[i,q??],
??r??[i]←????T r??[i,j]←???
?T???
d) ????A?
?+?????????EG ()?KG (·)???? ??????EG ()????
??i≠l,?i≠l+1?????P(r??[i])???A? ??i=l????gx?
??i=l+1????gy?
??????KG (·)??????????gb?????????
??i<l??????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i, j]???A????????EG??()?????????
??i>l+1??????????gb?EG??()???r??[i, j]???A????????EG??()?????????
??i=l??????gb=gy????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? ??i=l+1??????gb= gx????gz?????????gb?EG??()??j<l???K(S(r??[i]),gb)???A????r??[i,j]???A????????EG??()????????? e) ??A??????b′? f) ??b′???b????
?4 ??B?????
?????ExpgDDHA(BA,0)??SDHra,rb,rc()??<P(ra),P(rb),K(S(ra),P(rb))>?KGl(·),KGl+1(·)????????????????l+1?i, KGi(·)???╓??????ExpHl+1????????
下载文档
热门试卷
- 2016年四川省内江市中考化学试卷
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
- 山东省滨州市三校2017届第一学期阶段测试初三英语试题
- 四川省成都七中2017届高三一诊模拟考试文科综合试卷
- 2017届普通高等学校招生全国统一考试模拟试题(附答案)
- 重庆市永川中学高2017级上期12月月考语文试题
- 江西宜春三中2017届高三第一学期第二次月考文科综合试题
- 内蒙古赤峰二中2017届高三上学期第三次月考英语试题
- 2017年六年级(上)数学期末考试卷
- 2017人教版小学英语三年级上期末笔试题
- 江苏省常州西藏民族中学2016-2017学年九年级思想品德第一学期第二次阶段测试试卷
- 重庆市九龙坡区七校2016-2017学年上期八年级素质测查(二)语文学科试题卷
- 江苏省无锡市钱桥中学2016年12月八年级语文阶段性测试卷
- 江苏省无锡市钱桥中学2016-2017学年七年级英语12月阶段检测试卷
- 山东省邹城市第八中学2016-2017学年八年级12月物理第4章试题(无答案)
- 【人教版】河北省2015-2016学年度九年级上期末语文试题卷(附答案)
- 四川省简阳市阳安中学2016年12月高二月考英语试卷
- 四川省成都龙泉中学高三上学期2016年12月月考试题文科综合能力测试
- 安徽省滁州中学2016—2017学年度第一学期12月月考高三英语试卷
- 山东省武城县第二中学2016.12高一年级上学期第二次月考历史试题(必修一第四、五单元)
- 福建省四地六校联考2016-2017学年上学期第三次月考高三化学试卷
- 甘肃省武威第二十三中学2016—2017学年度八年级第一学期12月月考生物试卷
网友关注
- 军装风短靴搭配 打造帅气中性MM
- 互联网彩票赌中赌 腐败频发 势在必停
- 冬天穿衣服的顺序 - CONNECTABILITY
- 体育彩票中奖查询彩票中奖查询
- 杉林園區車縫班doc - 台南企業
- 男士着装全攻略
- 探究如何创新广播时政新闻
- 时政48535
- 500彩票总裁回应浑水四大质疑:董事减持很正常
- 2015国家公务员考试时政新闻:政务公开不能用“等等”打马虎眼
- 十元彩票
- [转载]条纹马戏团 时装几何学高街播报
- 谈对时政类新闻的理解
- 生活
- 手机上买彩票,网上买彩票的利与弊
- 七胜国际体育彩票
- 2012彩票行业调查报告:彩民职业身份呈多元化
- 致青春引发大众共鸣 another潮服装点毕业季
- 采编时政新闻需把握好大与小的关系
- 2015重庆选调生时政热点:1月18日国际最新时政热点
- [精品]网上彩票停售 网友激发烧议_猫扑大杂烩
- 检测报告 test re
- 彩票问题的研究
- 彩票企业做局互联网
- 社会时政要闻第一次
- 贯彻落实《彩票管理条例》稳妥做好中福在线市场恢复工作
- 连衣裙怎么搭配外套让你安静的做个小女人
- 专题片拍摄手法在时政新闻中的运用
- 矮个子的服装搭配技巧
- 11城捐来111838本爱心书籍 为4所中小学建了图书馆
网友关注视频
- 冀教版小学英语五年级下册lesson2教学视频(2)
- 三年级英语单词记忆下册(沪教版)第一二单元复习
- 小学英语单词
- 每天日常投篮练习第一天森哥打卡上脚 Nike PG 2 如何调整运球跳投手感?
- 苏科版数学 八年级下册 第八章第二节 可能性的大小
- 冀教版小学数学二年级下册第二单元《有余数除法的简单应用》
- 第五单元 民族艺术的瑰宝_15. 多姿多彩的民族服饰_第二课时(市一等奖)(岭南版六年级上册)_T129830
- 【部编】人教版语文七年级下册《老山界》优质课教学视频+PPT课件+教案,安徽省
- 北师大版小学数学四年级下册第15课小数乘小数一
- 化学九年级下册全册同步 人教版 第25集 生活中常见的盐(二)
- 《空中课堂》二年级下册 数学第一单元第1课时
- 河南省名校课堂七年级下册英语第一课(2020年2月10日)
- 沪教版牛津小学英语(深圳用) 五年级下册 Unit 12
- 六年级英语下册上海牛津版教材讲解 U1单词
- 【部编】人教版语文七年级下册《泊秦淮》优质课教学视频+PPT课件+教案,天津市
- 化学九年级下册全册同步 人教版 第22集 酸和碱的中和反应(一)
- 二年级下册数学第三课 搭一搭⚖⚖
- 外研版八年级英语下学期 Module3
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 3
- 外研版英语三起6年级下册(14版)Module3 Unit2
- 冀教版小学数学二年级下册第二单元《租船问题》
- 沪教版八年级下册数学练习册21.3(3)分式方程P17
- 北师大版数学 四年级下册 第三单元 第二节 小数点搬家
- 8.练习八_第一课时(特等奖)(苏教版三年级上册)_T142692
- 外研版英语七年级下册module3 unit2第二课时
- 【部编】人教版语文七年级下册《逢入京使》优质课教学视频+PPT课件+教案,安徽省
- 沪教版牛津小学英语(深圳用) 四年级下册 Unit 12
- 七年级英语下册 上海牛津版 Unit3
- 北师大版数学四年级下册3.4包装
- 第五单元 民族艺术的瑰宝_16. 形形色色的民族乐器_第一课时(岭南版六年级上册)_T3751175
精品推荐
- 2016-2017学年高一语文人教版必修一+模块学业水平检测试题(含答案)
- 广西钦州市高新区2017届高三11月月考政治试卷
- 浙江省湖州市2016-2017学年高一上学期期中考试政治试卷
- 浙江省湖州市2016-2017学年高二上学期期中考试政治试卷
- 辽宁省铁岭市协作体2017届高三上学期第三次联考政治试卷
- 广西钦州市钦州港区2016-2017学年高二11月月考政治试卷
- 广西钦州市钦州港区2017届高三11月月考政治试卷
- 广西钦州市钦州港区2016-2017学年高一11月月考政治试卷
- 广西钦州市高新区2016-2017学年高二11月月考政治试卷
- 广西钦州市高新区2016-2017学年高一11月月考政治试卷
分类导航
- 互联网
- 电脑基础知识
- 计算机软件及应用
- 计算机硬件及网络
- 计算机应用/办公自动化
- .NET
- 数据结构与算法
- Java
- SEO
- C/C++资料
- linux/Unix相关
- 手机开发
- UML理论/建模
- 并行计算/云计算
- 嵌入式开发
- windows相关
- 软件工程
- 管理信息系统
- 开发文档
- 图形图像
- 网络与通信
- 网络信息安全
- 电子支付
- Labview
- matlab
- 网络资源
- Python
- Delphi/Perl
- 评测
- Flash/Flex
- CSS/Script
- 计算机原理
- PHP资料
- 数据挖掘与模式识别
- Web服务
- 数据库
- Visual Basic
- 电子商务
- 服务器
- 搜索引擎优化
- 存储
- 架构
- 行业软件
- 人工智能
- 计算机辅助设计
- 多媒体
- 软件测试
- 计算机硬件与维护
- 网站策划/UE
- 网页设计/UI
- 网吧管理