Note: This web page was copied from Lewis McCarthy's old web site. Here is his new web site.

Seeing as he has moved on to AT&T, I wanted to make sure I had a copy.

Authentication & Key Establishment Protocol Design & Analysis Citations

(Note on scope: This bibliography attempts to focus upon authentication protocols, key exchange protocols, key agreement protocols, and authenticated versions of the latter two. I tend to omit systems that deliberately support key escrow. Works that discuss design principles and verification for broader classes of cryptographic protocols are considered fair game. See my conference key establishment references page for citations regarding multi-party protocols, where more than two non-trusted legitimate parties are involved.)

Martin Abadi, "Explicit communication revisited: Two new attacks on authentication protocols" (PostScript), IEEE Trans. on Software Eng. 23(3), Mar. 1997, pp. 185-186.

Martin Abadi and Andrew D. Gordon, "A calculus for cryptographic protocols: The spi calculus", to appear in Proc. 4th ACM Conf. on Computer and Communications Security, Apr. 1997.

Martin Abadi and Roger M. Needham, "Prudent engineering practice for cryptographic protocols" (PostScript), IEEE Trans. on Software Eng. 22(1), Jan. 1996, pp. 6-15.

Ross J. Anderson and T. Mark A. Lomas, "Fortifying key negotiation schemes with poorly chosen passwords", Electronics Letters 30(13), Jun. 23, 1994, pp. 1040-1041.

Ross J. Anderson and Roger M. Needham, "Robustness principles for public key protocols", in Advances in Cryptology -- Proc. Crypto `95, Springer-Verlag LNCS 963, 1995, pp. 236-247.

Shahram Bakhtiari, Reihaneh Safavi-Naini, and Josef Pieprzyk, "On password-based authenticated key exchange using collisionful hash functions" (zipped PostScript), Advances in Cryptology -- Proc. Australasian Conf. on Info. Security and Privacy (ACISP `96), Wollongong, NSW, Australia, June 24-26, 1996, Springer-Verlag LNCS 1172, pp. 298-309.

Mihir Bellare and Phillip Rogaway, "Provably secure session key distribution -- The three party case" (abstract), in Proc. 27th ACM Symp. on Theory of Computing, Las Vegas, NV, USA, May 1995, pp. 57-66.

Mihir Bellare and Phillip Rogaway, "Random oracles are practical: A paradigm for designing efficient protocols", in Proc. 1st ACM Conf. on Computer and Communications Security, Nov. 1993.

Steven M. Bellovin and Michael Merritt, "Augmented encrypted key exchange: A password-based protocol secure against dictionary attacks and password file compromise", in Proc. IEEE Computer Society Symp. on Research in Security and Privacy (Oakland `93), Oakland, CA, USA, 1993, pp. ????.

Steven M. Bellovin and Michael Merritt, "Encrypted key exchange: Password-based protocols secure against dictionary attacks", in Proc. IEEE Computer Society Symp. on Research in Security and Privacy (Oakland `92), Oakland, CA, USA, 1992, pp. 72-84.

Steven M. Bellovin and Michael Merritt, "Limitations of the Kerberos authentication system", Proc. Winter `91 Usenix Conf., Dallas, TX, USA, 1991.

R. Bird, I. Gopal, Amir Herzberg, Phillip Janson, S. Kutten, Refik Molva, and Moti Yung, "Systematic design of two-party authentication protocols", Advances in Cryptology -- Proc. Crypto `91, Springer-Verlag LNCS ??vol.no.??, ??year??.

R. Bird, I. Gopal, Amir Herzberg, Phillip Janson, S. Kutten, Refik Molva, and Moti Yung, "Systematic design of a family of attack-resistant authentication protocols", IEEE J. on Selected Areas in Communications 11(5), June 1993, pp. 679-693.

R. Bird, I. Gopal, Amir Herzberg, Phillip Janson, S. Kutten, Refik Molva, and Moti Yung, "The Kryptoknight family of light-weight protocols for authentication and key distribution" (gzipped PostScript), IEEE/ACM Trans. on Networking, ??vol.no.??, 1995.

Andrew D. Birrell, "Secure communication using remote procedure calls", ACM Trans. on Computer Sys. 3(1), Feb. 1985, pp. 1-14.

Eric A. Blossom, "The VP1 protocol for voice privacy devices" (v1.1) (gzipped PostScript), Communication Security Corp., Dec. 3, 1996. [Diffie-Hellman key agreement for secure telephony, with voice verification of the ephemeral public exponentials]

Dan Boneh, Richard B. DeMillo, & Richard Lipton, "On the importance of checking cryptographic protocols for faults", in Advances in Cryptology -- Proc. Eurocrypt `97, Springer-Verlag LNCS ???, pp. ???.

Dan Boneh & Ramarathnam Venkatesan, "Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes", in Advances in Cryptology -- Proc. Crypto `96, Springer-Verlag LNCS ???, pp. ???. [proposes the Modified Diffie-Hellman protocol, motivated by their results on the hardness of MSBs of DH agreed keys, for which the ability to compute the highest order bit of the agreed key is shown to imply the ability to compute all the bits]

Colin Boyd, "A class of flexible and efficient key management protocols" (PostScript), Proc. 9th IEEE Computer Security Foundations Workshop (CSFW), 1996, pp. 2-8.

Colin Boyd & Wenbo Mao, "On a limitation of BAN logic", in Advances in Cryptology -- Proc. Eurocrypt `93, Lofthus, Norway, Springer-Verlag LNCS 765, pp. 240-247. [rebutted by van Oorschot at the rump session of the same conference]

Mike Burmester, "On the risk of opening distributed keys", in Advances in Cryptology -- Proc. Crypto `94, Springer-Verlag LNCS 839, --> -- pp. 308-317.

Michael Burrows, Martin Abadi, & Roger M. Needham, "A logic of authentication" (PostScript), DEC SRC Research Report 39, revised Feb. 22, 1990.

Michael Burrows, Martin Abadi, & Roger M. Needham, "The scope of a Logic of Authentication" (PostScript) , Proc. DIMACS Workshop on Distributed Computing and Cryptography, Oct. 1989, pp. 119-126.

Charles Cavaiani & Jim Alves-Foss, "A mutual authenticating protocol with key distribution in a client/server environment" (HTML), ACM Crossroads 2(4), Apr. 1996.

Benny Chor & Amos Beimel, "Interaction in key distribution schemes", in Advances in Cryptology -- Proc. Crypto `93, Springer-Verlag LNCS 773, pp. 456-479.

John A. Clark & Jeremy Jacob, "A survey of authentication protocol literature" (PostScript), manuscript, Aug. 1, 1996.

John A. Clark & Jeremy Jacob, "On the security of recent protocols", in Info. Processing Letters 56(3), Nov. 1995, pp. 151-155.

Hadmut Danisch, "The exponential security system TESS: An identity-based cryptographic protocol for authenticated key-exchange (E.I.S.S.-Report 1995/4)" (ASCII), Internet RFC 1824, Aug. 1995.

George Davida, Yvo G. Desmedt, and Rene Peralta, "On the importance of memory resources in the security of key exchange protocols", in Advances in Cryptology -- Proc. Eurocrypt `90, Springer-Verlag LNCS 473, pp. 11-15.

Dorothy E. Denning and Giovanni Maria Sacco, "Timestamps in key distribution protocols", Comm. of the ACM 24(8), Aug. 1981, pp. 533-536.

Yvo G. Desmedt and Mike Burmester, "Towards practical `proven secure' authenticated key distribution", Proc. 1st ACM Conf. on Computer and Communications Security, Fairfax, VA, USA, Nov. 3-5, 1993, pp. 228-231.

Yvo G. Desmedt and Andrew M. Odlyzko, "A chosen text attack on the RSA cryptosystem and some discrete logarithm schemes", Advances in Cryptology -- Proc. Crypto `85, --> -- Springer-Verlag LNCS 218, 1986, pp. 516-522.

Whitfield Diffie and Martin E. Hellman, "New directions in cryptography", in IEEE Trans. on Info. Theory IT-22(6), Nov. 1976, pp. 644-654.

Whitfield Diffie, Paul C. van Oorschot, and Michael J. Wiener, "Authentication and authenticated key exchanges", Designs, Codes, and Cryptography 2(2), 1992, pp. 107-125.

Yun Ding and Patrick Horster, "Why the Kuperee authentication system fails", ACM Operating Systems Review 30(2), Apr. 1996, pp. 42-51.

Danny Dolev, Shimon Even, & Richard M. Karp, "On the security of ping-pong protocols", Information and Control 55, 1982, pp. 57-68.

Danny Dolev & Andrew C. Yao, "On the security of public key protocols", IEEE Trans. on Info. Theory IT-29(2), Mar. 1983, pp. 198-208.

David C. Feldmeier & Philip R. Karn, "UNIX password security: Ten years later", in Gilles Brassard, ed., Advances in Cryptology -- Proc. Crypto `89, Springer-Verlag LNCS 435, pp. 44-63.

Christian Gehrmann, "Cryptanalysis of the Gemmell and Naor multiround authentication protocol", Advances in Cryptology -- Proc. Crypto `94, Springer-Verlag LNCS 839, pp. 121-128.

Christian Gehrmann, "Secure multiround authentication protocols", Advances in Cryptology -- Proc. Eurocrypt `95, Springer-Verlag LNCS 921, pp. 158-167.

Li Gong, "A security risk of depending on synchronized clocks", in ACM Operating Systems Review 26(1), 1992, pp. 49-53.

Li Gong, "Efficient network authentication protocols: Lower bounds and optimal implementations", in Distributed Computing 9(3), 1995.

Li Gong, "Increasing availability and security of an authentication service", in IEEE J. on Selected Areas in Communications 11(5), June 1993, pp. 657-662.

Li Gong, "Using one-way functions for authentication", in ACM Computer Communications Review 19, 1989, pp. 8-11.

Li Gong, T. Mark A. Lomas, Roger M. Needham, and Jerome H. Saltzer, "Protecting poorly chosen secrets from guessing attacks", in IEEE J. on Selected Areas in Communications 11(5), June 1993, pp. 648-656.

Li Gong and Paul Syverson, "Fail-stop protocols: An approach to designing secure protocols" (PostScript) , in Proc. 5th Intl. Working Conf. on Dependable Computing for Critical Applications, Sept. 1995, pp. 44-55.

Li Gong and David J. Wheeler, "A matrix key distribution scheme", in J. Cryptology 2, 1990, pp. 51-59.

Tzonelih Hwang and Y.H. Chem, "On the security of SPLICE/AS - the authentication system in WIDE Internet", Information Processing Letters 53, 1995, pp. 97-101.

Min-Shiang Hwang and Chii-Hwa Lee, "Authenticated key-exchange in a mobile radio network", to appear in European Transactions on Telecommunications, Oct. 1996.

Tzonelih Hwang, N.Y. Lee, C.M. Li, M.Y. Ko and Y.H. Chen, "Two attacks on Neuman- Stubblebine authentication protocols", Information Processing Letters 53, 1995, pp. 103-107.

David P. Jablon, "Extended password methods immune to dictionary attack", to appear in Proc. WETICE '97 Enterprise Security Workshop, Cambridge, MA, USA, June 18-20, 1997.

David P. Jablon, "Strong password-only authenticated key exchange" (PostScript, MS Word, RTF), ACM Computer Communications Review, Oct. 1996.

John M. Kelsey, Bruce Schneier, & David A. Wagner, "Protocol interactions and the chosen protocol attack", in Proc. 1997 Security Protocols Workshop, Cambridge, U.K.

Timo Kyntaja, "A Logic of Authentication by Burrows, Abadi, and Needham" (HTML), Nov. 7, 1995. [Here's the abstract: "A formal method for describing and analysing authentication protocols was first suggested in late 1980's. Since then the development on the field has moved on extending and changing the semantics of the basic BAN logic. This document gives an introduction to the BAN logic and discusses some of the additions suggested to it."]

Stefan Lucks, "Open Key Exchange: how to defeat dictionary attacks without encrypting public keys", in Proc. 1997 Security Protocols Workshop, Cambridge, U.K.

T. Matsumoto, Y. Takashima, & Hideki Imai, "On seeking smart public-key-distribution systems", Trans. IECE of Japan E69(2), 1986, pp. 99-106.

Ueli M. Maurer, "Towards the equivalence of breaking the Diffie-Hellman protocol and computing discrete algorithms", in Advances in Cryptology -- Proc. Crypto `94, Springer-Verlag LNCS 839, pp. 271-281.

Alfred Menezes, Paul C. van Oorschot, & Scott Vanstone, "Chapter 12: Key establishment protocols", in Handbook of Applied Cryptography, CRC Press, ISBN 0-8493-8523-7, 1997, pp. 489-541.

Robert Morris & Ken Thompson, "Password security: A case history", in Communications of the ACM 22(11), Nov. 1979, pp. 594-597.

James Nechvatal, "Public-key cryptography" (ASCII), NIST Special Publication 800-2, Apr. 1991. [According to the preface, "[t]his publication presents a state-of-the-art survey of public- key cryptography circa 1988 - 1990"]

Sarvar Patel, "Information leakage in EKE", DIMACS Workshop on Network Threats, New Brunswick, NJ, USA, Dec. 4-6, 1996.

Sarvar Patel, "Number theoretic attacks on secure password schemes", in Proc. 1997 IEEE Symp. on Security and Privacy (Oakland `97), Oakland, CA, USA, May 5-7, 1997.

Phillip Rogaway and Mihir Bellare, "Entity authentication and key distribution" (abridged), in Advances in Cryptology -- Proc. Crypto `93, Springer-Verlag LNCS 773, pp. 232-249.

Renate Scheidler, Johannes A. Buchmann, and Hugh C. Williams, "Implementation of a key exchange protocol using some real quadratic fields", Advances in Cryptology -- Proc. Eurocrypt `90, Springer-Verlag LNCS 473, pp. 98-109.

Bruce Schneier, "Chapter 22: Key-exchange algorithms", in Applied Cryptography (2nd ed.), John Wiley & Sons, ISBN 0-4711-1709-9, 1996, pp. 513-525. [includes a description of Eric Hughes' DH protocol variant from the Crypto `94 rump session]

Richard Schroeppel, Hilarie Orman, Sean O'Malley, and Oliver Spatscheck, "Fast key exchange with elliptic curve systems", in Advances in Cryptology -- Proc. Crypto `95, Springer-Verlag LNCS 963, pp. 43-56. [fast implementation of a key agreement analogous to Diffie-Hellman in the group of points on an elliptic curve of the form y2 + xy = x3 + ax2 + b over GF(2n)]

Eugene H. Spafford, "The Internet worm program: An analysis", in ACM Computer Communications Review 19(1), Jan. 1989, pp. 17-57.

Michael Steiner, Gene Tsudik, and Michael Waidner, "Refinement and extension of Encrypted Key Exchange", ACM Operating Systems Review (OSR) 29(3), 1995, pp. 22-30.

Christoph Thiel, Johannes A. Buchmann, and Ingrid Biehl, "Cryptographic protocols based on discrete logarithms in real-quadratic orders", in Advances in Cryptology -- Proc. Crypto `94, Springer-Verlag LNCS 839, pp. 56-60.

Gene Tsudik and Els van Herreweghen, "Some remarks on Protecting Weak Keys and Poorly-Chosen Secrets from Guessing Attacks", in Proc. IEEE Symp. on Reliable Distributed Systems, Oct. 1993.

David Vincenzetti, Stefano Taino, and Fabio Bolognesi, "STEL: secure telnet" (HTML), U. Milan, 1995.

David A. Wagner & Bruce Schneier, "Analysis of the SSL 3.0 protocol", in Proc. 2nd Usenix Workshop on Electronic Commerce, Nov. 1996.

Maurice V. Wilkes, "Chapter 9: Operation and managerial aspects of time sharing", in Time-Sharing Computer Systems (2nd ed.), American Elsevier, ISBN 0-444-19583-1, 1972, pp. 129-140. [discusses Roger Needham's use of a one-way function to protect passwords stored in a host]

Thomas J. Wu, "The Secure Remote Password protocol" (PostScript), to appear in Proc. 1998 Internet Society Symp. on Network and Distributed System Security (ISOC SNDSS `98).

Tatu Ylonen, "SSH (secure shell) remote login protocol" (ASCII), Helsinki U. Tech.


Compiled by Lewis McCarthy, based upon citations harvested from email, Usenet, WWW pages, newspapers, magazines, conference proceedings, journals, books, and word of mouth.


Cited authors who do not appear to have web pages (hence those pages aren't listed above!) :


Last substantive update: July 15, 1997

Back to Lewis' home page

Back to Justin's Research Links