Oxford University Press, The Computer Journal, 5(50), p. 591-601, 2007
New York; London; Springer, Advances in Information Security, p. 1-12
DOI: 10.1007/978-0-387-87969-7_7
Full text: Download
Although the Yahalom protocol, proposed by Burrows, Abadi, and Needham in 1990, is one of the most prominent key establishment protocols analysed by researchers from the computer security community (using automated proof tools), a simplified version of the protocol is only recently proven secure by Backes and Pfitzmann [(2006) On the Cryptographic Key Secrecy of the Strength-ened Yahalom Protocol. Proc. IFIP SEC 2006] in their cryptographic library framework. We present a protocol for key establishment that is closely based on the Yahalom protocol. We then present a security proof in the Bellare-Verlag, Berlin] model and the random oracle model. We also observe that no partnering mechanism is specified within the Yahalom protocol. We then present a brief discus-sion on the role and the possible construct of session identifiers (SIDs) as a form of partnering mech-anism, which allows the right session key to be identified in concurrent protocol executions. We then recommend that SIDs should be included within protocol specification rather than consider SIDs as artefacts in protocol proof.