Sciweavers

ENTCS
2006

Real-or-random Key Secrecy of the Otway-Rees Protocol via a Symbolic Security Proof

14 years 13 days ago
Real-or-random Key Secrecy of the Otway-Rees Protocol via a Symbolic Security Proof
We present the first cryptographically sound security proof of the well-known Otway-Rees protocol. More precisely, we show that the protocol is secure against arbitrary active attacks including concurrent protocol runs if it is implemented using provably secure cryptographic primitives. We prove secrecy of the exchanged keys with respect to the accepted cryptographic definition of real-or-random secrecy, i.e., indistinguishability of exchanged keys and random ones, given the view of a general cryptographic attacker. Although we achieve security under cryptographic definitions, our proof is performed in a deterministic setting corresponding to a slightly extended Dolev-Yao model; in particular, it does not have to deal with probabilistic aspects of cryptography and is hence in the scope of current proof tools. The reason is that we exploit a recently proposed ideal cryptographic library, which has a provably secure cryptographic implementation, as well as recent results on linking symb...
Michael Backes
Added 12 Dec 2010
Updated 12 Dec 2010
Type Journal
Year 2006
Where ENTCS
Authors Michael Backes
Comments (0)