This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Provable Security in the Real World
May/June 2011 (vol. 9 no. 3)
pp. 33-41
Jean Paul Degabriele, Royal Holloway, University of London
Kenneth G. Paterson, Royal Holloway, University of London
Gaven J. Watson, University of Calgary
Provable security is sometimes portrayed as having revolutionized cryptography, transforming it from an art into a science. Three decades after its inception, is this transition complete? Are cryptanalysts out of business? If so, why do we still hear about attacks against real-world cryptographic systems?

1. N. Koblitz and A. Menezes, "Another Look at 'Provable Security,'" J. Cryptology, vol. 20, no. 1, 2007, pp. 3–37.
2. C. Shannon, "Communication Theory of Secrecy Systems," Bell System Technical J., vol. 28, no. 4, 1949, pp. 656–715.
3. S. Goldwasser and S. Micali, "Probabilistic Encryption," J. Computer Systems Science, vol. 28, no. 2, 1984, pp. 270–299.
4. S. Micali, C. Rackoff, and B. Sloan, "The Notion of Security for Probabilistic Cryptosystems," CRYPTO 1986, LNCS 263, Springer, 1986, pp. 381–392.
5. M. Bellare and C. Namprempre, "Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm," ASIACRYPT 2000, LNCS 1976, Springer, 2000, pp. 531–545.
6. H. Krawczyk, "The Order of Encryption and Authentication for Protecting Communications (or How Secure Is SSL?)," CRYPTO 2001, LNCS 2139, Springer, 2001, pp. 310–331.
7. T. Kohno, "Attacking and Repairing the WinZip Encryption Scheme," ACM Conf. Computer and Comm. Security, ACM Press, 2004, pp. 72–81.
8. B. Canvel et al., "Password Interception in a SSL/TLS Channel," CRYPTO 2003, LNCS 2729, Springer, 2003, pp. 583–599.
9. K.G. Paterson and G.J. Watson, "Immunising CBC Mode against Padding Oracle Attacks: A Formal Security Treatment, SCN, LNCS 5229, Springer, 2008, pp. 340–357.
10. J.P. Degabriele and K.G. Paterson, "On the (In)security of IPsec in MAC-then-Encrypt Configurations," Proc. 17th ACM Conf. Computer and Comm. Security (CCS 10), ACM Press, 2010, pp. 493–504.
11. M. Bellare, T. Kohno, and C. Namprempre, "Breaking and Provably Repairing the SSH Authenticated Encryption Scheme: A Case Study of the Encode-then-Encrypt-and-MAC Paradigm," ACM Trans. Information and Systems Security, vol. 7, no. 2, 2004, pp. 206–241.
12. W. Dai, "An Attack Against SSH2 Protocol,"6 Feb. 2002; www.ietf.org/mail-archive/text/secsh2002-02.mail .
13. M.R. Albrecht, K.G. Paterson, and G.J. Watson, "Plaintext Recovery Attacks against SSH," IEEE Symp. Security and Privacy, IEEE CS Press, 2009, pp. 16–26.
14. K.G. Paterson and G.J. Watson, "Plaintext-Dependent Decryption: A Formal Security Treatment of SSH-CTR," EUROCRYPT 2010, LNCS 6110, Springer, 2010, pp. 345–361.
15. P. Rogaway and T. Stegers, "Authentication without Elision: Partially Specified Protocols, Associated Data, and Cryptographic Models Described by Code," 22nd Computer Security Foundations Symp. (CSF 09), IEEE CS Press, 2009, pp. 26–39.

Index Terms:
Provable security, secure protocols
Citation:
Jean Paul Degabriele, Kenneth G. Paterson, Gaven J. Watson, "Provable Security in the Real World," IEEE Security & Privacy, vol. 9, no. 3, pp. 33-41, May-June 2011, doi:10.1109/MSP.2010.200
Usage of this product signifies your acceptance of the Terms of Use.