Analysis and design of authentication and payment protocols based on standard cryptographic primitives

Abstract

On-line transactions are now in one`s everyday life and security protocols are useful tools for securing transactions over the Internet. The security of authentication protocols and payment protocols, and several techniques for enhancing the performance of those protocols are studied in this dissertation. Security protocols are notoriously difficult to design properly, and a variety of attacks have been proposed. The formal analysis helps us to reduce that hardship. However designing a proper model is still difficult, and it is one of the goals of my research to formalize the model for the security against accidental exposure of secret data: I only indicate that what kinds of data can be assumed to be secure against an attacker. Also, the security against the security rollback attack is formalized by allowing an attacker to break weak cryptosystems. An extension to the strand space model is proposed for expressing this idea, and several protocols are analyzed using this model. New results includes the following: Shoup-Rubin protocol is not secure when users` past long-term keys are compromised. This scenario was proposed in the early 1980s, but authors` analysis using Bellare-Rogaway model and Bella`s analysis using Paulson`s model do not recognize that problem, even though both models were proposed in the mid 1990s. This shows one advantage of my approach. Many on-line payment systems (for example, Internet shopping malls) are in use, but the omission of the face-to-face contract between the payer and payee can raise some problems, called disputes. The model containing the full dispute resolution process is proposed as an extension to the model for authentication protocols. And, a new security definition, called the ``dispute-freedom", is proposed here. Practically, one of the most significant problems in security protocols is their performance burden, and the performance problem of public key cryptosystems is most serious. Three different techniques, the syst...