The Computer Journal

The Computer Journal Advance Access published online on June 14, 2007
The Computer Journal, doi:10.1093/comjnl/bxm019

This Article Full Text Full Text (PDF) All Versions of this Article: 50/5/591    most recent bxm019v1 Alert me when this article is cited Alert me if a correction is posted Services Email this article to a friend Similar articles in this journal Alert me to new issues of the journal Add to My Personal Archive Download to citation manager Request Permissions Google Scholar Articles by Choo, K.-K. R. Search for Related Content Social Bookmarking          What's this?

© The Author 2007. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: journals.permissions@oxfordjournals.org

A Proof of Revised Yahalom Protocol In the Bellare and Rogaway (1993) Model¹

Kim-Kwang Raymond Choo^*

Australian Institute of Criminology, GPO Box 2944 Canberra, ACT 2601, Australia

^* Corresponding author: raymond.choo{at}aic.gov.au

Received 23 June 2006; revised 24 January 2007

Although the Yahalom protocol, proposed by Burrows, Abadi, and Needham in 1990, is one of the most prominent key establishment protocols analysed by researchers from the computer security community (using automated proof tools), a simplified version of the protocol is only recently proven secure by Backes and Pfitzmann [(2006) On the Cryptographic Key Secrecy of the Strengthened Yahalom Protocol. Proc. IFIP SEC 2006] in their cryptographic library framework. We present a protocol for key establishment that is closely based on the Yahalom protocol. We then present a security proof in the Bellare, M. and Rogaway, P. [(1993a). Entity Authentication and Key Distribution. Proc. of CRYPTO 1993, Santa Barbara, CA, August 22–26, LNCS, Vol. 773, pp. 110–125. Springer-Verlag, Berlin] model and the random oracle model. We also observe that no partnering mechanism is specified within the Yahalom protocol. We then present a brief discussion on the role and the possible construct of session identifiers (SIDs) as a form of partnering mechanism, which allows the right session key to be identified in concurrent protocol executions. We then recommend that SIDs should be included within protocol specification rather than consider SIDs as artefacts in protocol proof.

Key Words: Key establishment protocol • provable security • cryptographic protocol

CiteULike    Connotea    Del.icio.us    What's this?

Online ISSN 1460-2067 - Print ISSN 0010-4620

Copyright © 2008 British Computer Society

Oxford Journals Oxford University Press

• Site Map
• Privacy Policy
• Frequently Asked Questions

Other Oxford University Press sites: Oxford University Press Oxford Journals Japan American National Biography Booksellers' Information Service Children's Fiction and Poetry Children's Reference Corporate & Special Sales Dictionaries Dictionary of National Biography Digital Reference English Language Teaching Higher Education Textbooks Humanities International Education Unit Law Medicine Music Online Products Oxford English Dictionary Reference Rights and Permissions Science School Books Social Sciences Very Short Introductions World's Classics