research-article

On the (im)possibility of perennial message recognition protocols without public-key cryptography

Authors:

Madeline González Muñiz,

Peeter LaudAuthors Info & Claims

SAC '11: Proceedings of the 2011 ACM Symposium on Applied Computing

Pages 1510 - 1515

https://doi.org/10.1145/1982185.1982508

Published: 21 March 2011 Publication History

Abstract

A message recognition protocol (MRP) aims to exchange authenticated information in an insecure channel. During the initialization session of the protocol, the parties exchange some authenticated information which the adversary can passively observe. Then, one party wants to send authenticated messages to the other party over an insecure channel. Such security requirements are often found in wireless sensor networks.

A perennial MRP is one that is able to recover from the adversarial interference, no matter how long the adversary has been active before it stops. MRPs based on hash chains are not perennial because after fixing the length of the hash chain in the initialization phase, authentic communication is not possible if the adversary interferes until all elements of the hash chain have been consumed.

Perennial MRPs can be trivially built from public-key primitives. In this paper we present very strong evidence that they cannot be constructed from "cheap" primitives. Namely, we show in the symbolic model of cryptography, perennial MRPs cannot be built using just hash functions and XORing. The result also covers other symmetric primitives, e.g. encryption. The result explains why all previous attempts to construct perennial MRPs from those primitives have failed. The result also has interesting implications regarding authentication protocols in general, and the gap between formal and computational models of cryptography.

References

[1]

M. Abadi and M. R. Tuttle. A Semantics for a Logic of Authentication (Extended Abstract). In PODC, pages 201--216, 1991.

Digital Library

[2]

R. Anderson, F. Bergadano, B. Crispo, J.-H. Lee, C. Manifavas, and R. Needham. A New Family of Authentication Protocols. Operating Systems Review, 32(4): 9--20, 1998.

Digital Library

[3]

M. Backes and B. Pfitzmann. Limits of the Cryptographic Realization of Dolev-Yao-Style XOR. In ESORICS 2005 (LNCS 3679), pages 178--196. Springer, 2005.

Digital Library

[4]

M. Backes, B. Pfitzmann, M. Steiner, and M. Waidner. Polynomial fairness and liveness. In CSFW, pages 160--174. IEEE Computer Society, 2002.

Digital Library

[5]

M. Backes, B. Pfitzmann, and M. Waidner. Limits of the BRSIM/UC Soundness of Dolev-Yao Models with Hashes. In ESORICS 2006 (LNCS 4189). pages 404--423, Springer, 2006.

Digital Library

[6]

A. Buldas and A. Jürgenson. Does Secure Time-Stamping Imply Collision-Free Hash Functions? In ProvSec (LNCS 4784), pages 138--150. Springer, 2007.

Digital Library

[7]

A. Buldas and M. Niitsoo. Can We Construct Unbounded Time-Stamping Schemes from Collision-Free Hash Functions? In ProvSec (LNCS 5324), pages 254--267. Springer, 2008.

Digital Library

[8]

A. Buldas and M. Saarepera. On Provably Secure Time-Stamping Schemes. In ASIACRYPT (LNCS 3329), pages 500--514. Springer, 2004.

[9]

W. R. Claycomb, R. Lopes, D. Shin, and B. Kim. Key Establishment Using Group Information for Wireless Sensor Networks. In Sensor Systems and Software (LNICST 24), pages 51--65. Springer, 2010.

[10]

D. Dolev and A. C.-C. Yao. On the Security of Public Key Protocols. IEEE Transactions on Information Theory, 29(2): 198--207, 1983.

Digital Library

[11]

O. Goldreich. Foundations of Cryptography, Volume I - Basic Techniques. Cambridge University Press, 2001.

Digital Library

[12]

M. González Muñiz and P. Laud. On the (im)possibility of perennial message recognition protocols without public-key cryptography. Technical Report T-4-12, Cybernetica AS, 2010.

[13]

M. González Muñiz and R. Steinwandt. Cryptanalysis of a Message Recognition Protocol by Mashatan and Stinson. In ICISC '09: 12th International Conference on Information Security and Cryptology, 2009.

[14]

R. Impagliazzo and S. Rudich. Limits on the Provable Consequences of One-Way Permutations. In STOC '89, pages 44--61, New York, NY, USA, 1989. ACM.

Digital Library

[15]

P. Laud. Implementing Cryptographic Primitives in the Symbolic Model. Submitted, 2010.

[16]

S. Laur and S. Pasini. User-Aided Data Authentication. International Journal of Security and Networks, 4(1/2): 69--86, 2009.

Digital Library

[17]

P. Lincoln, J. C. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In ACM Conference on Computer and Communications Security, pages 112--121, 1998.

Digital Library

[18]

A. Liu and P. Ning. TinyECC: A Configurable Library for Elliptic Curve Cryptography in Wireless Sensor Networks. In IPSN '08: Proceedings of the 7th International Conference on Information Processing in Sensor Networks, pages 245--256. IEEE Computer Society, 2008.

Digital Library

[19]

S. Lucks, E. Zenner, A. Weimerskirch, and D. Westhoff. Concrete Security for Entity Recognition: The Jane Doe Protocol. In INDOCRYPT 2008 (LNCS 5365), pages 158--171. Springer-Verlag, 2008.

Digital Library

[20]

A. Mashatan and D. R. Stinson. A New Message Recognition Protocol for Ad Hoc Pervasive Networks. In Cryptology and Network Security, 7th International Conference, CANS 2008 (LNCS 5339), pages 378--394. Springer, 2008.

Digital Library

[21]

A. Mashatan, D. R. Stinson, and I. Goldberg. A New Message Recognition Protocol with Self-recoverability for Ad Hoc Pervasive Networks. In Applied Cryptography and Network Security (LNCS 5536), pages 219--237. Springer, 2009.

Digital Library

[22]

R. C. Merkle. A Digital Signature Based on a Conventional Encryption Function. In CRYPTO (LNCS 293), pages 369--378. Springer, 1987.

Digital Library

[23]

C. J. Mitchell. Remote User Authentication Using Public Information. In Cryptography and Coding, 9th IMA International Conference (LNCS 2398), pages 360--369. Springer-Verlag, 2003.

[24]

O. Pereira and J.-J. Quisquater. On the Impossibility of Building Secure Cliques-Type Authenticated Group Key Agreement Protocols. Journal of Computer Security, 14(2): 197--246, 2006.

Digital Library

[25]

B. Schmidt, P. Schaller, and D. Basin. Impossibility Results for Secret Establishment. In CSF, pages 261--273. IEEE Computer Society, 2010.

Digital Library

[26]

D. R. Simon. Finding Collisions on a One-Way Street: Can Secure Hash Functions Be Based on General Assumptions? In EUROCRYPT (LNCS 1403), pages 334--345. Springer, 1998.

[27]

F. Stajano and R. Anderson. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks. In Security Protocols, 7th International Workshop (LNCS 1796), pages 172--182. Springer, 2000.

Digital Library

[28]

A. Weimerskirch and D. Westhoff. Zero Common-Knowledge Authentication for Pervasive Networks. In Selected Areas in Cryptography, 10th Annual International Workshop, SAC 2003 (LNCS 3006), pages 73--87. Springer, 2004.

[29]

J. Zhou and D. Gollmann. A Fair Non-repudiation Protocol. In IEEE Symposium on Security and Privacy, pages 55--61. IEEE Computer Society, 1996.

Digital Library

Cited By

Yaacoub JNoura HSalman OChehab A(2022)Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendationsInternational Journal of Information Security10.1007/s10207-021-00545-821:1(115-158)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1007/s10207-021-00545-8
Benin AToledo STromer E(2015)Secure Association for the Internet of ThingsProceedings of the 2015 International Workshop on Secure Internet of Things10.1109/SIOT.2015.14(25-34)Online publication date: 21-Sep-2015
https://dl.acm.org/doi/10.1109/SIOT.2015.14
Wang DWang P(2014)On the anonymity of two-factor authentication schemes for wireless sensor networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2014.07.01073:C(41-57)Online publication date: 14-Nov-2014
https://dl.acm.org/doi/10.1016/j.comnet.2014.07.010
Show More Cited By

Index Terms

On the (im)possibility of perennial message recognition protocols without public-key cryptography
1. Security and privacy
  1. Security services
    1. Authentication
  2. Systems security
    1. Operating systems security

Recommendations

Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Secure public-key encryption scheme without random oracles

Since the first practical and secure public-key encryption scheme without random oracles proposed by Cramer and Shoup in 1998, Cramer-Shoup's scheme and its variants remained the only practical and secure public-key encryption scheme without random ...
Public-key cryptography and password protocols

We study protocols for strong authentication and key exchange in asymmetric scenarios where the authentication server possesses ~a pair of private and public keys while the client has only a weak human-memorizable password as its authentication key. We ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SAC '11: Proceedings of the 2011 ACM Symposium on Applied Computing

March 2011

1868 pages

ISBN:9781450301138

DOI:10.1145/1982185

Conference Chairs:
William Chu
Tunghai University, TaiChung, Taiwan
,
W. Eric Wong
University of Texas at Dallas, Richardson, Texas
,
Program Chairs:
Mathew J. Palakal
Indiana University Purdue University, Indianapolis
,
Chih-Cheng Hung
Southern Polytechnic State University, Marietta

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGAPP: ACM Special Interest Group on Applied Computing

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 March 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Estonian Science Foundation

Conference

SAC'11

Sponsor:

SIGAPP

SAC'11: The 2011 ACM Symposium on Applied Computing

March 21 - 24, 2011

TaiChung, Taiwan

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Upcoming Conference

SAC '25

Sponsor:
sigapp

The 40th ACM/SIGAPP Symposium on Applied Computing

March 31 - April 4, 2025

Catania , Italy

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
127
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 24 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Yaacoub JNoura HSalman OChehab A(2022)Robotics cyber security: vulnerabilities, attacks, countermeasures, and recommendationsInternational Journal of Information Security10.1007/s10207-021-00545-821:1(115-158)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1007/s10207-021-00545-8
Benin AToledo STromer E(2015)Secure Association for the Internet of ThingsProceedings of the 2015 International Workshop on Secure Internet of Things10.1109/SIOT.2015.14(25-34)Online publication date: 21-Sep-2015
https://dl.acm.org/doi/10.1109/SIOT.2015.14
Wang DWang P(2014)On the anonymity of two-factor authentication schemes for wireless sensor networksComputer Networks: The International Journal of Computer and Telecommunications Networking10.1016/j.comnet.2014.07.01073:C(41-57)Online publication date: 14-Nov-2014
https://dl.acm.org/doi/10.1016/j.comnet.2014.07.010
Laud P(2011)Implementing cryptographic primitives in the symbolic modelProceedings of the Third international conference on NASA Formal methods10.5555/1986308.1986331(267-281)Online publication date: 18-Apr-2011
https://dl.acm.org/doi/10.5555/1986308.1986331

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents