IEEE International Workshop on Electronic Commerce and Security, IEEE Press, pp. 850-857, September, 1999.
The design of key distribution and authentication protocols has been shown to be error-prone. These protocols constitute the part of more complex protocols used for electronic commerce transactions. Consequently, these new protocols are likely to contain flaws that are even more difficult to find. In this paper, we present a search method for detecting potential security flaws in such protocols. Our method relies on automatic theorem proving tools. Among others we present our analysis of a protocol recently standardized by the German standardization organization DIN to be used in digital signature applications for smartcards. Our analysis resulted in the standard being supplemented with comments that explain the possible use of cryptographic keys.
IV International Information Security Conference (ISC’01), LNCS 2200, Springer-Verlag, pp. 46-62, October, 2001.
We present the adaptation of our model for the validation ofkey distribution and authentication protocols to address speci c needsof protocols for electronic commerce. The two models defer in both thethreat scenario and in the formalization. We demonstrate the suitabilityof our adaptation by analyzing a speci c version of the Internet BillingServer protocol introduced by Carnegie Mellon University. Our analysisshows that, while the security properties a key distribution or authenticationprotocol shall provide are well understood, it is often not clearwhat properties an electronic commerce protocol can or shall provide.Our methods rely on automatic theorem proving tools. Speci cally, weused Øtter", an automatic theorem proving software developed at ArgonneNational Laboratories.
X Reunión Española sobre Criptología y Seguridad de la Información (RECSI’08), pp. 231-236, September, 2008.
Wireless sensors are battery-powered devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. Due to this, the energy saving of computationally inexpensive security primitives (like those using symmetric key cryptography) can be nullified by the bigger amount of data they require to be sent. In this work we study the energy cost of key agreement protocols between peers in a network using public key cryptography techniques. Our concern is to reduce the amount of data to be exchanged. Our main news is that a computationally very demanding security primitive, such as identity-based authenticated key exchange, can present energy-wise a better performance than traditional public key based key exchange in realistic scenarios such as Underwater Wireless Sensor Networks. Such a result is not to be expected in wired networks.
Proceedings of the 7th International Conference on Cryptology and Network Security (CANS’08), LNCS 5339, Springer, pp. 120-132, December, 2008. DOI
Wireless sensors are low power devices which are highly constrained in terms of computational capabilities, memory, and communication bandwidth. While battery life is their main limitation, they require considerable energy to communicate data. The latter is specially dramatic in underwater wireless sensor networks (UWSN), where the acoustic transmission mechanisms are less reliable and more energy-demanding. Saving in communication is thus the primary concern in underwater wireless sensors. With this constraint in mind, we argue that non-interactive identity-based key agreement built on pairings provides the best solution for key distribution in large UWSN when compared to the state of the art. At first glance this claim is surprising, since pairing computation is very demanding. Still, pairing-based non-interactive key establishment requires minimal communication and at the same time enjoys excellent properties when used for key distribution.