[1] Jiang Rui, Hu Aiqun,. Formal analysis of robust email protocol based on authentication tests [J]. Journal of Southeast University (English Edition), 2009, 25 (2): 147-151. [doi:10.3969/j.issn.1003-7985.2009.02.001]

Copy

Formal analysis of robust email protocol based on authentication tests()

Share：

Journal of Southeast University (English Edition)[ISSN:1003-7985/CN:32-1325/N]

Volumn:

25

Issue:

2009 2

Page:

147-151

Research Field:

Computer Science and Engineering

Publishing date:

2009-06-30

Info

Title:

Formal analysis of robust email protocol based on authentication tests

Author(s):

Jiang Rui;  Hu Aiqun

School of Information Science and Engineering, Southeast University, Nanjing 210096, China

Keywords:

email protocol;  authentication tests;  formal method;  perfect forward secrecy;  strand space model

PACS:

TP393

DOI:

10.3969/j.issn.1003-7985.2009.02.001

Abstract:

Based on the authentication tests and the strand space model, the robust email protocol with perfect forward secrecy is formally analyzed, and the security shortcomings of the protocol is pointed out.Meanwhile, the man-in-the-middle attack to the protocol is given, where the attacker forges the messages in the receiving phase to cheat the two communication parties and makes them share the wrong session keys with him.Therefore, the protocol is not ensured to provide perfect forward secrecy.In order to overcome the above security shortcomings, an advanced email protocol is proposed, where the corresponding signatures in the receiving phase of the protocol are added to overcome the man-in-the-middle attack and ensure to provide perfect forward secrecy.Finally, the proposed advanced email protocol is formally analyzed with the authentication tests and the strand space model, and it is proved to be secure in authentication of the email sender, the recipient and the server.Therefore, the proposed advanced email protocol can really provide perfect forward secrecy.

References:

[1] Kim B, Koo J, Lee D.Robust e-mail protocols with perfect forward secrecy [J].IEEE Communications Letters, 2006, 10(6):510-512.
[2] Sun H, Hsieh B, Hwang H.Secure e-mail protocols providing perfect forward secrecy[J].IEEE Communications Letters, 2005, 9(1):58-60.
[3] Dent A W.Flaws in an e-mail protocol of Sun, Hsieh, and Hwang [J].IEEE Communications Letters, 2005, 9(8):718-719.
[4] Diffie W, Hellman M E.New directions in cryptography [J].IEEE Transactions on Information Theory, 1976, 22(5):644-654.
[5] Yoon E J, Yoo K Y.Cryptanalysis of robust e-mail protocols with perfect forward secrecy[J].IEEE Communications Letters, 2007, 11(5):372-374.
[6] Guttman J D, Thayer Fabrega F J.Authentication tests and the structure of bundles [J].Theoretical Computer Science, 2002, 283(2):333-380.
[7] Guttman J D.Security protocol design via authentication tests [C]//Proceedings of the 15th IEEE Workshop on Computer Security Foundations.Washington, DC, USA:IEEE Computer Society, 2002:65-80.
[8] Thayer Fabrega F J, Herzog J C, Guttman J D.Strand spaces:proving security protocols correct [J].Journal of Computer Security, 1999, 7(2/3):191-230.
[9] Zheng Y.Digital signcryption or how to achieve cost(signature and encryption)[C]//CRYPTO’ 97.Lecture Notes in Computer Science, 1997, 1294:165-179.

Memo

Memo:

Biography: Jiang Rui(1968—), male, doctor, associate professor, R.Jiang@seu.edu.cn.
Foundation item: The Natural Science Foundation of Jiangsu Province(No.BK2006108).
Citation: Jiang Rui, Hu Aiqun.Formal analysis of robust email protocol based on authentication tests[J].Journal of Southeast University(English Edition), 2009, 25(2):147-151.

Common functions