Zusammenfassung der Projektergebnisse

Protocols for exchanging keys between communication partners and for establishing secure communication channels, such as TLS, SSH, IPSec, IEEE 802.11, Signal and many others, are omnipresent in our everyday life. It is widely known and documented by numerous attacks that the rigorous and comprehensive cryptographic analysis of such security protocols is indispensable. However, performing such analyses is still a major challenge, especially due to their complexity. In order to tame the complexity and to make the analyses manageable, modularity is absolutely necessary. In this project, we have therefore developed methods and techniques for the highly modular, yet faithful analysis of security protocols. Our results are based on the so-called simulation-based approach, or more precisely, universal composability. While composability and modularity are central to this approach, the potential of this approach for the rigorous and comprehensive modular analysis of real-world security protocols had hardly been exploited before. Security models for the universal composability approach need to meet two major requirements to be suitable for the modular and yet faithful analysis of real-world security protocols. Firstly, they need to be very flexible and expressive, which is necessary to allow for the modeling of real-world protocols precisely as they are deployed in practice. Secondly, they should be easy to use and support the protocol designer in performing protocol analysis, instead of overburdening him with technical details and generally being an additional obstacle to overcome. This is important to not just simplify the already complex security analysis but also to reduce the potential for errors. However, existing models have so far often struggled with expressing certain common properties of real-world protocols, such as cryptographic values that are re-used across multiple runs of the same protocol or public keys that are available to and shared with other, entirely independent protocols. Furthermore, there was no flexible model that, at the same time, was easy to use. As part of the project, we have therefore developed several fundamental techniques and results that improve both the flexibility/expressiveness and the usability of security models for the universal composability approach in general. In particular, we have created the first universal composability model that is not only sufficiently flexible for the faithful analysis of real-world protocols as deployed in practice, but also combines this flexibility with great usability. These fundamental results are useful for the modular analysis of arbitrary protocols, even beyond those for real-world key exchange and secure channels. In addition to these fundamental results, we have also developed several tools to simplify the security analysis specifically for key exchange and secure channel protocols. We have successfully applied these tools for the security analysis of several crucial and widely used key exchange protocols from practice, including the OPTLS protocol which served as the basis for Draft 09 of the now standardized TLS 1.3 protocol, the latest version of the probably most important key exchange and secure channel protocol use in practice. Among others, thanks to our highly modular approach, for OPTLS we found that the original (nonmodular) security proof was flawed. We were able to fix this flaw and then show security for the fixed version of OPTLS. Altogether, our results form a solid foundation for future analyses of real-world cryptographic protocols.

Projektbezogene Publikationen (Auswahl)

• (2020) Joint State Composition Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation. J Cryptol (Journal of Cryptology) 33 (4) 1585–1658
  Küsters, Ralf; Tuengerthal, Max; Rausch, Daniel
  (Siehe online unter https://doi.org/10.1007/s00145-020-09353-0)
• (2020) The IITM Model: A Simple and Expressive Model for Universal Composability. J Cryptol (Journal of Cryptology) 33 (4) 1461–1584
  Küsters, Ralf; Tuengerthal, Max; Rausch, Daniel
  (Siehe online unter https://doi.org/10.1007/s00145-020-09352-1)
• “Universal Composition with Responsive Environments”. In: Advances in Cryptology - ASIACRYPT 2016 - 22nd International Conference on the Theory and Application of Cryptology and Information Security, Hanoi, Vietnam, December 4-8, 2016, Proceedings, Part II. Vol. 10032. Lecture Notes in Computer Science. 2016, pp. 807–840
  Jan Camenisch, Robert R. Enderlein, Stephan Krenn, Ralf Küsters, and Daniel Rausch
  (Siehe online unter https://doi.org/10.1007/978-3-662-53890-6_27)
• “A Framework for Universally Composable Diffie-Hellman Key Exchange”. In: 2017 IEEE Symposium on Security and Privacy, SP 2017, San Jose, CA, USA, May 22-26, 2017. IEEE Computer Society, 2017, pp. 881–900
  Ralf Küsters and Daniel Rausch
  (Siehe online unter https://doi.org/10.1109/SP.2017.63)
• “iUC: Flexible Universal Composability Made Simple”. In: Advances in Cryptology - ASIACRYPT 2019 - 25th International Conference on the Theory and Application of Cryptology and Information Security, Kobe, Japan, December 8-12, 2019, Proceedings, Part III. Vol. 11923. Lecture Notes in Computer Science. Springer, 2019, pp. 191–221
  Jan Camenisch, Stephan Krenn, Ralf Küsters, and Daniel Rausch
  (Siehe online unter https://doi.org/10.1007/978-3-030-34618-8_7)