Publication

Cryptanalysis of e-mail protocols providing perfect forward secrecy

2008
Journal paper
Abstract

Recently, two e-mail protocols were proposed claiming to provide perfect secrecy. These protocols use authentication and (Diffie-Hellman) key-exchange techniques, and as such, other standard security criteria besides perfect forward secrecy include key-replay resilience, known-key security, key freshness and unknown key-share resilience are expected too. In this paper, we show that the two protocols cannot resist replay attacks, and further that the first falls to unknown key-share attacks while the second fails to provide perfect forward secrecy, contrary to the designers' claims. Although the two protocols were intended by the designers to be more secure variants compared to the common e-mail protocol, our results show that being newer does not necessarily mean being more secure. (C) 2007 Elsevier B.V. All rights reserved.

About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.